| URL: email Model: Joe Sandbox AI |
{
"explanation": [
"The email contains multiple toll-free numbers for contacting 'PayPal Support', which is a common tactic in phishing emails to mislead recipients into calling fraudulent numbers.",
"The email repeatedly emphasizes urgency and consequences if no action is taken, which is a common phishing tactic to create panic and prompt hasty actions.",
"The email claims that PayPal won't contact you through a money request, yet it is doing exactly that, which is contradictory and suspicious."
],
"phishing": true,
"confidence": 9,
"generated_by_ai": false
} |
{
"date": "Tue, 03 Dec 2024 07:47:20 -0800",
"subject": "[External] Reminder: You've still got a money request",
"communications": [
" Reminder: You've still got a money request charlotte oneal, just a friendly reminder to pay this request. Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Reminder: You've still got a money request Reminder: You've still got a money request /** * SupremeLL Fonts */ /* Body text - font-weight:450 */ @font-face { font-family: SupremeLLTest; font-style: normal; font-weight: 450; src: url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Book.woff2') format('woff2'), /*Moderner Browsers*/ url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Book.woff') format('woff'); /* Modern Browsers */ /* Fallback font for - MS Outlook older versions (2007,13, 16)*/ mso-font-alt: 'userbri'; } /* Subheadline font-weight:500 */ @font-face { font-family: SupremeLLTest; font-style: normal; font-weight: 500; src: url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Medium.woff2') format('woff2'), /*Moderner Browsers*/ url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Medium.woff') format('woff'); /* Modern Browsers */ /* Fallback font for - MS Outlook older versions (2007,13, 16)*/ mso-font-alt: 'userbri'; } /* Button font-weight:700 */ @font-face { font-family: SupremeLLTest; font-style: normal; font-weight: 700; src: url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Bold.woff2') format('woff2'), /*Moderner Browsers*/ url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Bold.woff') format('woff'); /* Modern Browsers */ /* Fallback font for - MS Outlook older versions (2007,13, 16)*/ mso-font-alt: 'userbri'; } /* Headline font-weight:900 */ @font-face { font-family: SupremeLLTest; font-style: normal; font-weight: 900; src: url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Black.woff2') format('woff2'), /*Moderner Browsers*/ url('https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Black.woff') format('woff'); /* Modern Browsers */ /* Fallback font for - MS Outlook older versions (2007,13, 16)*/ mso-font-alt: 'userbri'; } /* End - SupremeLL Fonts */ /** * Import only the styles required for Email templates. */ @charset \"UTF-8\"; html { box-sizing: border-box; background: #F5F7FA; color: #000000; font-size: 14px; line-height: 1.4286; height: 100%; } *, *:before, *:after { box-sizing: inherit; } body { font-size: 14px !important; font-weight: 450; line-height: 1.4286; font-family: SupremeLLTest, 'Avant Garde', Helvetica, Arial; -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-smoothing: antialiased; background: #F5F7FA; color: #000000; height: 100%; margin: 0; padding: 0; } a, a:visited { color: #0074DE; text-decoration: none; font-weight: 700; font-family: SupremeLLTest, 'Avant Garde', Helvetica, Arial; ; } a:active, a:focus, a:hover { color: #003087; text-decoration: underline; } p, li, dd, dt, label, input, textarea, pre, code, table { font-size: 14px; line-height: 1.4286; font-weight: 450; text-transform: none; font-family: SupremeLLTest, 'Avant Garde', Helvetica, Arial; ; color: #000000; } /* prevent iOS font upsizing */ * { -webkit-text-size-adjust: none; } /* force Outlook.com to honor line-height */ .ExternalClass * { line-height: 100%; } td { mso-line-height-rule: exactly; } div[style*=\"margin: 16px 0\"] { margin: 0 !important; } .ppsans { font-family: SupremeLLTest, 'Avant Garde', Helvetica, Arial !important; } charlotte oneal, just a friendly reminder to pay this request. Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 charlotte oneal, just a friendly reminder to pay this request. Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal Hello, charlotte oneal A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Help & Contact | Security | Apps A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Decline Don't recognize this request? Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. A small reminder from Brian Oistad A small reminder from Brian Oistad A small reminder from Brian Oistad A small reminder from Brian Oistad A small reminder from Brian Oistad A small reminder from Brian Oistad Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Payment request details Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Amount requested $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction date December 3, 2024 Amount requested $2,185.96 USD Amount requested $2,185.96 USD Amount requested $2,185.96 USD Amount requested $2,185.96 USD Amount requested $2,185.96 USD Amount requested $2,185.96 USD Amount requested Amount requested Amount requested $2,185.96 USD $2,185.96 USD $2,185.96 USD Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Note from Brian Oistad: Note from Brian Oistad: Note from Brian Oistad: Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Don't recognize the seller? Please contact PayPal Support Team immediately at +1 (888) 927-1499 (Toll Free). If you have any issues, you can also contact +1(888) 836-6627 (Toll Free). If you do not reach out, we will proceed with the transaction. Transaction ID U-51N93441NC4340114 Transaction ID U-51N93441NC4340114 Transaction ID U-51N93441NC4340114 Transaction ID U-51N93441NC4340114 Transaction ID U-51N93441NC4340114 Transaction ID U-51N93441NC4340114 Transaction ID Transaction ID Transaction ID U-51N93441NC4340114 U-51N93441NC4340114 U-51N93441NC4340114 Transaction date December 3, 2024 Transaction date December 3, 2024 Transaction date December 3, 2024 Transaction date December 3, 2024 Transaction date December 3, 2024 Transaction date December 3, 2024 Transaction date Transaction date Transaction date December 3, 2024 December 3, 2024 December 3, 2024 Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Don't forget to pay the money request from Brian Oistad. It'll only take a few moments. Pay Now Pay Now Pay Now Pay Now Pay Now Pay Now Pay Now Pay Now Pay Now https://urldefense.com/v3/__https://www.paypal.com/myaccount/transfer/payRequest/U-7DB693966W8041453/U-51N93441NC4340114?classicUrl=*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=VeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ1Ow&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=u-7db693966w8041453_u-51n93441nc4340114__;JSUlJSUlJSUlJSUl!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8jfWoVCp$ Decline Decline Decline Decline Decline Decline Decline Decline Decline https://urldefense.com/v3/__https://www.paypal.com/myaccount/transaction/details/U-51N93441NC4340114?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=details_u-51n93441nc4340114__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8pP0Kbcd$ Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Don't recognize this request? Report this request Report this request Report this request Report this request Report this request Report this request Report this request https://urldefense.com/v3/__https://www.paypal.com/myaccount/transaction/details/U-51N93441NC4340114?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=details_u-51n93441nc4340114__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8pP0Kbcd$ Report this request Report this request https://urldefense.com/v3/__https://www.paypal.com/myaccount/transaction/details/U-51N93441NC4340114?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=details_u-51n93441nc4340114__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8pP0Kbcd$ Report this request Report this request Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request. Learn more about common security threats and how to spot them. Learn more https://urldefense.com/v3/__https://www.paypal.com/us/security/learn?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=security_learn__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8pwMbZ_x$ Help & Contact | Security | Apps Help & Contact | Security | Apps Help & Contact | Security | Apps Help & Contact | Security | Apps Help & Contact | Security | Apps Help & Contact | Security | Apps Help & Contact https://urldefense.com/v3/__https://www.paypal.com/us/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=smarthelp_home__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8gRER7vp$ | Security https://urldefense.com/v3/__https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=mpp_paypal-safety-and-security__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8vRBnBVx$ | Apps https://urldefense.com/v3/__https://www.paypal.com/us/webapps/mpp/mobile-apps?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=mpp_mobile-apps__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8kbwVlYM$ https://urldefense.com/v3/__https://twitter.com/PayPal?v=1*2C0.1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=twitter.com_paypal__;JSUlJSUlJSU!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8kTb0mxb$ https://urldefense.com/v3/__https://www.instagram.com/paypal/?v=1*2C0.1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=www.instagram.com_paypal__;JSUlJSUlJSU!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8lB5XxO0$ https://urldefense.com/v3/__https://www.facebook.com/PayPalUSA?v=1*2C0.1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=www.facebook.com_paypalusa__;JSUlJSUlJSU!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8m2m0njV$ https://urldefense.com/v3/__http://www.linkedin.com/company/1482?trk=tyah&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=company_1482__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8snsU7Qm$ PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Please don't reply to this email. To get in touch with us, click Help & Contact. Not sure why you received this email? Learn more Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Learn to identify phishing https://urldefense.com/v3/__https://www.paypal.com/us/webapps/mpp/security/suspicious-activity?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=security_suspicious-activity__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8uu8XbmZ$ Please don't reply to this email. To get in touch with us, click Help & Contact. Please don't reply to this email. To get in touch with us, click Help & Contact. Please don't reply to this email. To get in touch with us, click Help & Contact. Please don't reply to this email. To get in touch with us, click Help & Contact. Please don't reply to this email. To get in touch with us, click Help & Contact. Please don't reply to this email. To get in touch with us, click Help & Contact. Help & Contact https://urldefense.com/v3/__https://www.paypal.com/selfhelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=selfhelp_home__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8uwqX8tn$ Not sure why you received this email? Learn more Not sure why you received this email? Learn more Not sure why you received this email? Learn more Not sure why you received this email? Learn more Not sure why you received this email? Learn more Not sure why you received this email? Learn more Learn more https://urldefense.com/v3/__https://www.paypal.com/us/smarthelp/article/why-am-i-receiving-emails-from-paypal-when-i-dont-have-an-account-faq4172?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&cust=TA283YBYTCEZG&unptid=e1313c92-b18d-11ef-8175-ebd736eaa970&calc=f585531ed1e76&unp_tpcid=requestmoney-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=PAYPAL&xt=145585*2C150948*2C104038&link_ref=article_why-am-i-receiving-emails-from-paypal-when-i-dont-have-an-account-faq4172__;JSUlJSUlJQ!!MxXmjrCc_Bbh!Befd6Fz7AT51oLvA_2HNy8dal1wq3osgSBrKzfqgCS-1g3WZwXgLKGWT-6Fve8-JRszgHjwmHpSiq68MQ7Vl8vi6Uq-R$ Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. Copyright 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131. PayPal RT000186:en_US(en-US):1.3.2:f585531ed1e76 "
],
"from": "\"service@paypal.com\" <service@paypal.com>",
"to": "charlotte oneal <billingdepartments1@boarnetworks.onmicrosoft.com>",
"attachements": []
} |
| URL: Email Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Pay Now",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: Email Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: Email Model: Joe Sandbox AI |
{"classification":"Support Scam"} |
Email:
Detected potential phishing email: The email contains multiple toll-free numbers for contacting 'PayPal Support', which is a common tactic in phishing emails to mislead recipients into calling fraudulent numbers.. The email repeatedly emphasizes urgency and consequences if no action is taken, which is a common phishing tactic to create panic and prompt hasty actions.. The email claims that PayPal won't contact you through a money request, yet it is doing exactly that, which is contradictory and suspicious. |
| URL: https://www.paypalobjects.com/web/res/5c0/6ee6d088... Model: Joe Sandbox AI |
{
"risk_score": 1,
"reasoning": "The script uses a timeout function to check the connection, which is a common and benign practice. There are no high-risk or moderate-risk indicators present."
} |
timeOutOp = window.setTimeout(checkConnection, getConnectionTimeout());
|
| URL: https://www.paypalobjects.com/web/res/5c0/6ee6d088... Model: Joe Sandbox AI |
{
"risk_score": 2,
"reasoning": "The script primarily handles locale mapping, referrer validation, and reCAPTCHA integration. It interacts with trusted domains (e.g., paypal.com) and does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The use of postMessage for communication is standard for iframe interactions. The script's intent aligns with typical reCAPTCHA functionality, suggesting a legitimate context."
} |
var timeOutOp;
var grcRenderStartTime;
var grcScriptLoadTime;
var pp_loc_map = {"ar_EG":"ar","da_DK":"da","de_DE":"de","de_DE_AT":"de-AT","de_DE_CH":"de-CH","en_AU":"en",
"en_GB":"en-GB","en_US":"en","es_ES":"es","es_XC":"es-419","fr_CA":"fr-CA","fr_FR":"fr",
"fr_XC":"fr","he_IL":"iw","id_ID":"id","it_IT":"it","ja_JP":"ja","ko_KR":"ko","nl_NL":"nl",
"no_NO":"no","pl_PL":"pl","pt_BR":"pt-BR","pt_PT":"pt-PT","ru_RU":"ru","sv_SE":"sv","th_TH":"th",
"tr_TR":"tr","zh_CN":"zh-CN","zh_HK":"zh-HK","zh_TW":"zh-TW","zh_XC":"zh-CN","ar":"ar","da":"da",
"de":"de","en":"en","es":"es","fr":"fr","id":"id","ko":"ko","pt":"pt","ru":"ru","zh":"zh-CN"};
function getGoogLocale(l,c){
var loc_lower = l.toLowerCase();
if(c !== undefined && (c.toLowerCase() === 'at' || c.toLowerCase() === 'ch') && (l === 'de_DE')) {
l = l + '_' + c.toUpperCase();
}
if(loc_lower.indexOf('rowlite') !== -1 || loc_lower.indexOf('groupa') !== -1 || loc_lower.indexOf('groupb') !== -1 || loc_lower.indexOf('groupc') !== -1) {
l = loc_lower.substring(0,2);
}
return pp_loc_map[l] || 'en';
}
function getTargetOrigin(){
var allowedDomains = ['paypal.com','paypalinc.com','venmo.com','paypalobjects.com'];
var targetOrigin = '/';
try{
if(!window.URL){
return targetOrigin;
}
var originUrl = "";
if(!document.referrer) {
var ancetorOrigins = window.location && window.location.ancestorOrigins;
ancetorOrigins = ancetorOrigins.length > 0 ? ancetorOrigins[0] : '';
originUrl = new window.URL(ancetorOrigins);
} else {
originUrl = new window.URL(document.referrer);
}
if(!originUrl || !originUrl.hostname || typeof originUrl.hostname !== "string"){
return targetOrigin;
}
var originUrlParts = originUrl.hostname.split('.');
if(!originUrlParts){
return targetOrigin;
}
if(Array && Array.isArray && !Array.isArray(originUrlParts)){
return targetOrigin;
}
if(!originUrlParts.length || originUrlParts.length < 2){
return targetOrigin;
}
originUrlParts = originUrlParts.slice(-2);
if(!originUrlParts || !originUrlParts.length || originUrlParts.length < 2){
return targetOrigin;
}
var referrerDomain = originUrlParts.join('.');
if(!referrerDomain){
return targetOrigin;
}
if(allowedDomains.indexOf(referrerDomain) >= 0){
targetOrigin = originUrl.origin;
}
}
catch(e){
console.error(e);
}
return targetOrigin;
}
var getKey = function(key) {
var regexS = "[\\?&]"+ key +"=([^&#]*)";
var regex = new RegExp( regexS );
var results = regex.exec( window.location.href );
if( results == null ) {
return "";
} else {
return results[1];
}
};
var getTokenMessage = function(token) {
var recaptchaResponse = {
token: token,
source: 'recaptchav2iframe'
};
return JSON.stringify()
};
var verifyCallback = function(response) {
parent.postMessage(JSON.stringify({
token: response,
source: 'recaptchav2iframe',
renderData:{
grcRenderStartTime:grcRenderStartTime,
grcRenderEndTime: grcScriptLoadTime,
grcVerificationTime:new Date().getTime(),
},
}), getTargetOrigin());
parent.postMessage(JSON.stringify({
frameHeight: '',
source: 'recaptchav2iframe'
}), getTargetOrigin());
};
var recaptchaCallback = function() {
parent.postMessage("CLIENT_SIDE_RECAPTCHA_API_JS_LOADED", getTargetOrigin());
try {
document.getElementById("spinnerDiv").removeAttribute("class");
var siteKey = getKey('siteKey');
grecaptcha.render('recaptcha', {
'sitekey' : siteKey,
'callback' : verifyCallback,
'theme' : 'light',
'size' : 'normal',
'error-callback' : function() {
parent.postMessage(JSON.stringify({
token: 'RENDER_FAILURE',
source: 'recaptchav2iframe',
|
| URL: https://www.paypalobjects.com/web/res/5c0/6ee6d088... Model: Joe Sandbox AI |
{
"risk_score": 1,
"reasoning": "The script is a part of RequireJS, a well-known JavaScript file and module loader. It does not exhibit any high-risk behaviors such as dynamic code execution or data exfiltration. The script primarily deals with module loading and dependency management, which are typical for RequireJS. There are no interactions with suspicious domains or aggressive DOM manipulations. The script's intent aligns with legitimate module loading practices, and it is associated with a reputable source."
} |
/*
RequireJS 2.1.6 Copyright (c) 2010-2012, The Dojo Foundation All Rights Reserved.
Available via the MIT or new BSD license.
see: http://github.com/jrburke/requirejs for details
*/
var requirejs,require,define;
(function(ba){function J(b){return"[object Function]"===N.call(b)}function K(b){return"[object Array]"===N.call(b)}function z(b,c){if(b){var d;for(d=0;d<b.length&&(!b[d]||!c(b[d],d,b));d+=1);}}function O(b,c){if(b){var d;for(d=b.length-1;-1<d&&(!b[d]||!c(b[d],d,b));d-=1);}}function t(b,c){return ha.call(b,c)}function m(b,c){return t(b,c)&&b[c]}function H(b,c){for(var d in b)if(t(b,d)&&c(b[d],d))break}function S(b,c,d,m){c&&H(c,function(c,l){if(d||!t(b,l))m&&"string"!==typeof c?(b[l]||(b[l]={}),S(b[l],
c,d,m)):b[l]=c});return b}function v(b,c){return function(){return c.apply(b,arguments)}}function ca(b){throw b;}function da(b){if(!b)return b;var c=ba;z(b.split("."),function(b){c=c[b]});return c}function B(b,c,d,m){c=Error(c+"\nhttp://requirejs.org/docs/errors.html#"+b);c.requireType=b;c.requireModules=m;d&&(c.originalError=d);return c}function ia(b){function c(a,f,C){var e,n,b,c,d,T,k,g=f&&f.split("/");e=g;var l=j.map,h=l&&l["*"];if(a&&"."===a.charAt(0))if(f){e=m(j.pkgs,f)?g=[f]:g.slice(0,g.length-
1);f=a=e.concat(a.split("/"));for(e=0;f[e];e+=1)if(n=f[e],"."===n)f.splice(e,1),e-=1;else if(".."===n)if(1===e&&(".."===f[2]||".."===f[0]))break;else 0<e&&(f.splice(e-1,2),e-=2);e=m(j.pkgs,f=a[0]);a=a.join("/");e&&a===f+"/"+e.main&&(a=f)}else 0===a.indexOf("./")&&(a=a.substring(2));if(C&&l&&(g||h)){f=a.split("/");for(e=f.length;0<e;e-=1){b=f.slice(0,e).join("/");if(g)for(n=g.length;0<n;n-=1)if(C=m(l,g.slice(0,n).join("/")))if(C=m(C,b)){c=C;d=e;break}if(c)break;!T&&(h&&m(h,b))&&(T=m(h,b),k=e)}!c&&
T&&(c=T,d=k);c&&(f.splice(0,d,c),a=f.join("/"))}return a}function d(a){A&&z(document.getElementsByTagName("script"),function(f){if(f.getAttribute("data-requiremodule")===a&&f.getAttribute("data-requirecontext")===k.contextName)return f.parentNode.removeChild(f),!0})}function p(a){var f=m(j.paths,a);if(f&&K(f)&&1<f.length)return d(a),f.shift(),k.require.undef(a),k.require([a]),!0}function g(a){var f,b=a?a.indexOf("!"):-1;-1<b&&(f=a.substring(0,b),a=a.substring(b+1,a.length));return[f,a]}function l(a,
f,b,e){var n,D,i=null,d=f?f.name:null,l=a,h=!0,j="";a||(h=!1,a="_@r"+(N+=1));a=g(a);i=a[0];a=a[1];i&&(i=c(i,d,e),D=m(r,i));a&&(i?j=D&&D.normalize?D.normalize(a,function(a){return c(a,d,e)}):c(a,d,e):(j=c(a,d,e),a=g(j),i=a[0],j=a[1],b=!0,n=k.nameToUrl(j)));b=i&&!D&&!b?"_unnormalized"+(O+=1):"";return{prefix:i,name:j,parentMap:f,unnormalized:!!b,url:n,originalName:l,isDefine:h,id:(i?i+"!"+j:j)+b}}function s(a){var f=a.id,b=m(q,f);b||(b=q[f]=new k.Module(a));return b}function u(a,f,b){var e=a.id,n=m(q,
e);if(t(r,e)&&(!n||n.defineEmitComplete))"defined"===f&&b(r[e]);else if(n=s(a),n.error&&"error"===f)b(n.error);else n.on(f,b)}function w(a,f){var b=a.requireModules,e=!1;if(f)f(a);else if(z(b,function(f){if(f=m(q,f))f.error=a,f.events.error&&(e=!0,f.emit("error",a))}),!e)h.onError(a)}function x(){U.length&&(ja.apply(I,[I.length-1,0].concat(U)),U=[])}function y(a){delete q[a];delete W[a]}function G(a,f,b){var e=a.map.id;a.error?a.emit("error",a.error):(f[e]=!0,z(a.depMaps,function(e,c){var d=e.id,
g=m(q,d);g&&(!a.depMatched[c]&&!b[d])&&(m(f,d)?(a.defineDep(c,r[d]),a.check()):G(g,f,b))}),b[e]=!0)}function E(){var a,f,b,e,n=(b=1E3*j.waitSeconds)&&k.startTime+b<(new Date).getTime(),c=[],i=[],g=!1,l=!0;if(!X){X=!0;H(W,function(b){a=b.map;f=a.id;if(b.enabled&&(a.isDefine||i.push(b),!b.error))if(!b.inited&&n)p(f)?g=e=!0:(c.push(f),d(f));else if(!b.inited&&(b.fetched&&a.isDefine)&&(g=!0,!a.prefix))return l=!1});if(n&&c.length)return b=B("timeout","Load timeout for modules: "+c,null,c),b.contextName=
k.contextName,w(b);l&&z(i,function(a){G(a,{},{})});if((!n||e)&&g)if((A||ea)&&!Y)Y=setTimeout(function(){Y=0;E()},50);X=!1}}function F(a){t(r,a[0])||s(l(a[0],null,!0)).init(a[1],a[2])}function L(a){var a=a.currentTarget||a.srcElement,b=k.onScriptLoad;a.det |
| URL: https://www.paypal.com Model: Joe Sandbox AI |
{
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.paypal.com |
| URL: https://www.paypalobjects.com/pa/js/pa.js... Model: Joe Sandbox AI |
{
"risk_score": 2,
"reasoning": "The script interacts with PayPal domains, which are generally trusted, and does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. It includes some tracking and cookie manipulation, which are moderate-risk indicators, but the context suggests legitimate use for analytics or telemetry."
} |
/*@ 2024 PayPal (v1.9.5) */
!function(){"use strict";function r(t,e,n){(e=function(t){t=function(t,e){if("object"!=typeof t||!t)return t;var n=t[Symbol.toPrimitive];if(void 0===n)return("string"===e?String:Number)(t);t=n.call(t,e||"default");if("object"!=typeof t)return t;throw new TypeError("@@toPrimitive must return a primitive value.")}(t,"string");return"symbol"==typeof t?t:t+""}(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n}function i(e,t){var n,r=Object.keys(e);return Object.getOwnPropertySymbols&&(n=Object.getOwnPropertySymbols(e),t&&(n=n.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),r.push.apply(r,n)),r}function g(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?i(Object(n),!0).forEach(function(t){r(e,t,n[t])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):i(Object(n)).forEach(function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))})}return e}var q=window.location&&window.location.hostname||"",M="https://www.paypalobjects.com",U="corp",B="paypalcorp",t="https://t.paypal.com/ts",d="",z=".paypal.com",V="activitiesnodeweb,autopaynodeweb,brcappnodeweb,causefundraisernodeweb,causemisspiggynodeweb,devdashnodeweb,devdiscoverynodeweb,doccenternodeweb,donatenodeweb,dpnodeweb,givingplatformnodeweb,growthnodeweb,homeinfonodeweb,marketingnodeweb,moneynodeweb,msgsnodeweb,p2pnodeweb,poolsnodeweb,ppme,preferencesnodeweb,privacynodeweb,progressivenodeweb,summarynodeweb",J=(!d&&/\.(paypal(inc|corp))\.com$/i.test(q)&&(d=U),/\.cn$/);function Y(){return!d&&J.test(q)}Y()&&(M="https://objects.paypal.cn",t="https://t.paypal.cn/ts",z=".paypal.cn");var H=Y()?/^$/i:/\.(paypal(|-here|-businessloan|-borderlesscommerce|inc|corp|-status|-credit|-map)|joinhoney|konfio|paypal-mktg|braintreepayments|braintreegateway)\.(com|me|co.uk|com.au|mx|de)$/i,W=M+(Y()?"/pa/mi/gopay/latmconf.js":"/pa/mi/paypal/latmconf.js"),$=!1,M=M+"/martech/tm/paypal/mktgtagmanager.js";function o(){return(new Date).getTime()}function m(t){return Math.round(parseFloat(t))||0}function K(t){if(t&&void 0!==t&&"object"==typeof t)for(var e in t)if(t.hasOwnProperty(e))return;return 1}function G(t){if(!t||t.constructor!==Object&&t.constructor!==Array)return t;var e,n=t.constructor();for(e in t)n[e]=G(t[e]);return n}function c(t,e,n){for(var r in void 0===n&&(n=!0),t=t||{},e=e||{})"undefined"!=typeof e[r]&&(n||!n&&"undefined"==typeof t[r])&&(t[r]=e[r]);return t}function Q(t,e){e=e||{};var n,r=G(t=t||{});for(n in e)try{e[n].constructor===Object&&r[n]&&r[n].constructor===Object?r[n]=Q(r[n],e[n]):r[n]=e[n]}catch(i){r[n]=e[n]}return r}function X(){var i,a=window.crypto||window.msCrypto;return(i=function i(){var t,e=2147483647;try{var n=new Uint32Array(1);a.getRandomValues(n),t=n[0]&e}catch(r){t=Math.round(e*Math.random())}return t.toString(16)})()+i()}function Z(t,e){var n;return function(){return t&&(n=t.apply(e||this,arguments),t=null),n}}window.PAYPAL=window.PAYPAL||{},window.fpti=window.fpti||{},window.fptiserverurl=window.fptiserverurl||t;var tt,et=function et(){},nt=function nt(){return{}},v=("undefined"==typeof JSON&&((JSON={}).stringify=et,JSON.parse=nt,window.JSON=JSON),"performance"in window&&window.performance||{}),rt=function rt(){return!(!v||"function"!=typeof v.getEntries)};function it(t,e,n){var r,i=(n=n||{}).domain?"; Domain="+n.domain:"",n=n.expires?((r=new Date).setTime(r.getTime()+24*n.expires*60*60*1e3),"; expires="+r.toUTCString()):"";document.cookie=t+"="+e+i+n+"; path=/; SameSite=None; Secure"}function u(t){for(var e=document.cookie.split(";"),n=0;n<e.length;n++){for(var r=e[n];" "===r.charAt(0);)r=r.substring(1,r.length);if(0===r.indexOf(t+"="))return r.substring((t+"=").length,r.length)}return null}function at(t){it(t,"",{expires:-1})}v&&!v.now&&(tt=v.timing,v.now=function(){var t=o()-(tt&&tt.navigationStart||0);return 0<t?t:0}),String.prototype.trim||(String.prototype.trim=function(){retu |
| URL: https://www.paypalobjects.com/web/res/5c0/6ee6d088... Model: Joe Sandbox AI |
{
"risk_score": 2,
"reasoning": "The script dynamically loads a script from trusted domains (recaptcha.net and google.com) and uses postMessage for communication, which is a common practice for reCAPTCHA. The use of multiple domains is a fallback mechanism, and the domains are reputable, reducing the risk."
} |
grcRenderStartTime = new Date().getTime();
var source = document.createElement("script");
var baseScriptUrl = 'https://www.recaptcha.net';
if(isRetry()) {
baseScriptUrl = 'https://www.google.com';
}
source.src = baseScriptUrl + "/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=" + getGLocale();
document.getElementsByTagName("head")[0].appendChild(source);
document.body.onscroll = function(){
parent.postMessage(JSON.stringify({
frameHeight: document.body.scrollHeight + "px",
source: 'recaptchav2iframe'
}), getTargetOrigin());
};
|
| URL: https://www.paypalobjects.com/web/res/5c0/6ee6d088... Model: Joe Sandbox AI |
{
"risk_score": 1,
"reasoning": "The script is a custom build of Modernizr, a well-known library used for feature detection in web browsers. It does not exhibit any high-risk behaviors such as dynamic code execution or data exfiltration. The script primarily manipulates the DOM to add CSS classes based on feature support, which is typical for Modernizr. There are no interactions with external domains or obfuscated code, indicating a low risk."
} |
/* Modernizr 2.6.1 (Custom Build) | MIT & BSD
* Build: http://modernizr.com/download/#-shiv-cssclasses
*/
;window.Modernizr=function(a,b,c){function u(a){j.cssText=a}function v(a,b){return u(prefixes.join(a+";")+(b||""))}function w(a,b){return typeof a===b}function x(a,b){return!!~(""+a).indexOf(b)}function y(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:w(f,"function")?f.bind(d||b):f}return!1}var d="2.6.1",e={},f=!0,g=b.documentElement,h="modernizr",i=b.createElement(h),j=i.style,k,l={}.toString,m={},n={},o={},p=[],q=p.slice,r,s={}.hasOwnProperty,t;!w(s,"undefined")&&!w(s.call,"undefined")?t=function(a,b){return s.call(a,b)}:t=function(a,b){return b in a&&w(a.constructor.prototype[b],"undefined")},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if(typeof c!="function")throw new TypeError;var d=q.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(q.call(arguments)));return Object(g)===g?g:f}return c.apply(b,d.concat(q.call(arguments)))};return e});for(var z in m)t(m,z)&&(r=z.toLowerCase(),e[r]=m[z](),p.push((e[r]?"":"no-")+r));return e.addTest=function(a,b){if(typeof a=="object")for(var d in a)t(a,d)&&e.addTest(d,a[d]);else{a=a.toLowerCase();if(e[a]!==c)return e;b=typeof b=="function"?b():b,f&&(g.className+=" "+(b?"":"no-")+a),e[a]=b}return e},u(""),i=k=null,function(a,b){function k(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>"+b+"</style>",d.insertBefore(c.lastChild,d.firstChild)}function l(){var a=r.elements;return typeof a=="string"?a.split(" "):a}function m(a){var b=i[a[g]];return b||(b={},h++,a[g]=h,i[h]=b),b}function n(a,c,f){c||(c=b);if(j)return c.createElement(a);f||(f=m(c));var g;return f.cache[a]?g=f.cache[a].cloneNode():e.test(a)?g=(f.cache[a]=f.createElem(a)).cloneNode():g=f.createElem(a),g.canHaveChildren&&!d.test(a)?f.frag.appendChild(g):g}function o(a,c){a||(a=b);if(j)return a.createDocumentFragment();c=c||m(a);var d=c.frag.cloneNode(),e=0,f=l(),g=f.length;for(;e<g;e++)d.createElement(f[e]);return d}function p(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return r.shivMethods?n(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+l().join().replace(/\w+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(r,b.frag)}function q(a){a||(a=b);var c=m(a);return r.shivCSS&&!f&&!c.hasCSS&&(c.hasCSS=!!k(a,"article,aside,figcaption,figure,footer,header,hgroup,nav,section{display:block}mark{background:#FF0;color:#000}")),j||p(a,c),a}var c=a.html5||{},d=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,e=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option|p|param|q|script|select|span|strong|style|table|tbody|td|textarea|tfoot|th|thead|tr|ul)$/i,f,g="_html5shiv",h=0,i={},j;(function(){try{var a=b.createElement("a");a.innerHTML="<xyz></xyz>",f="hidden"in a,j=a.childNodes.length==1||function(){b.createElement("a");var a=b.createDocumentFragment();return typeof a.cloneNode=="undefined"||typeof a.createDocumentFragment=="undefined"||typeof a.createElement=="undefined"}()}catch(c){f=!0,j=!0}})();var r={elements:c.elements||"abbr article aside audio bdi canvas data datalist details figcaption figure footer header hgroup mark meter nav output progress section summary time video",shivCSS:c.shivCSS!==!1,supportsUnknownElements:j,shivMethods:c.shivMethods!==!1,type:"default",shivDocument:q,createElement:n,createDocumentFragment:o};a.html5=r,q(b)}(this,b),e._version=d,g.className=g.className.replace(/(^|\s)no-js(\s|$)/,"$1$2")+(f?" js "+p.join(" "):""),e}(this,this.document);
|
| URL: https://www.paypalobjects.com/martech/tm/paypal/mk... Model: Joe Sandbox AI |
{
"risk_score": 2,
"reasoning": "The script includes tracking behavior and error reporting to third-party domains, but it interacts with a trusted domain (paypal.com)."
} |
/*@ 2024 PayPal (v1.0.1) */
!function(){"use strict";function f(t){if(!t||t.constructor!==Object&&t.constructor!==Array)return t;var e,n=t.constructor();for(e in t)n[e]=f(t[e]);return n}function s(t,e){var n;return function(){return t&&(n=t.apply(e||this,arguments),t=null),n}}var e,r={},D=-1,l=(window.PAYPAL=window.PAYPAL||{PubSub:{subscribe:function(t,e){if("function"!=typeof e)return!1;t="symbol"==typeof t?t.toString():t,Object.prototype.hasOwnProperty.call(r,t)||(r[t]={});var n="uid_"+String(++D);return r[t][n]=e,n}}},window.PAYPAL.PubSub),t=(window.fpti=window.fpti||{},function t(){}),n=function n(){return{}},o=("undefined"==typeof JSON&&((JSON={}).stringify=t,JSON.parse=n,window.JSON=JSON),"performance"in window&&window.performance||{}),d=(o&&!o.now&&(e=o.timing,o.now=function(){var t=(new Date).getTime()-(e&&e.navigationStart||0);return 0<t?t:0}),String.prototype.trim||(String.prototype.trim=function(){return this.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,"")}),Array.prototype.indexOf||(Array.prototype.indexOf=function(t,e){if(null==this)throw new TypeError("Array.indexOf() - can't convert \""+this+'" to object');var n=isFinite(e)?Math.floor(e):0,r=this instanceof Object?this:new Object(this),o=isFinite(r.length)?Math.floor(r.length):0;if(!(o<=n))if(n<0&&(n=Math.max(o+n,0)),t===undefined){do{if(n in r&&r[n]===undefined)return n}while(++n<o)}else do{if(r[n]===t)return n}while(++n<o);return-1}),Array.prototype.forEach||(Array.prototype.forEach=function(t){var e;if(null==this)throw new TypeError("this is null or not defined");var n=Object(this),r=n.length>>>0;if("function"!=typeof t)throw new TypeError(t+" is not a function");1<arguments.length&&(e=arguments[1]);for(var o,i=0;i<r;)i in n&&(o=n[i],t.call(e,o,i,n)),i++}),window.document.querySelectorAll||(document.querySelectorAll=function(t,e,n,r,o){var i=document,a=i.createStyleSheet();for(o=i.all,e=[],n=(t=t.replace(/\[for\b/gi,"[htmlFor").split(",")).length;n--;){for(a.addRule(t[n],"k:v"),r=o.length;r--;)o[r].currentStyle.k&&e.push(o[r]);a.removeRule(0)}return e}),window.location&&window.location.hostname||""),o="https://www.paypalobjects.com",B=/\.cn$/,p=(window.laDataLayer||{}).tenant_name||"";function i(){return!p&&B.test(d)}var o=(o=i()?"https://objects.paypal.cn":o)+(i()?"/martech/tm/gopay/mktconf.js":"/martech/tm/paypal/mktconf.js"),F=!1,g="MI_ERROR",M="cookie_prefs",U="enforce_policy",h={BEACON:"pa.beacon",INIT:"pa.init",REPLAYBEACON:"pa.replay",AFTER_CONSENT_BEACON:"pa.afterConsent",REPLAYBEACON_MKT:"pa.replayMkt"},V="comp",Y="tenant_name",J="corp",q="T",z=["locale.x","utm_source","utm_medium","utm_campaign","utm_term","utm_content","dclid","gclid","param","fbclid","gclsrc","activate","pid","kid"],H={redactedEmail:/([a-z0-9_\-.+]+)@\w+(\.\w+)*/gi,redactedUSSSN:/\b\d{3}[ -.]\d{2}[ -.]\d{4}\b/g,redactedIPAddress:/(\d{1,3}(\.\d{1,3}){3}|[0-9A-F]{4}(:[0-9A-F]{4}){5}(::|(:0000)+))/gi,redactedZipCode:/((postcode=)|(zipcode=)|(zip=))[^&/?]+/gi,redactedUserName:/((username=)|(login=)|(userid))[^&/?]+/gi,redactedPassword:/((password=)|(passwd=)|(pass=))[^&/?]+/gi,redactedCredentials:/(login( cred(ential)?s| info(rmation)?)?|cred(ential)?s) ?:\s*\S+\s+\/?\s*\S+/gi,redactedVisaCreditCard:/\b4[0-9]{12}(?:[0-9]{3})?\b/gi,redactedDinersCard:/\b3(?:0[0-5]|[68][0-9])[0-9]{11}\b/gi,redactedMasterCard:/\b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}\b/gi,redactedAmexCard:/\b3[47][0-9]{13}\b/gi,redactedDiscoverCard:/\b6(?:011|5[0-9]{2})[0-9]{12}\b/gi,redactedTelNumber:/((tel=)|(telephone=)|(phone=)|(mobile=)|(mob=))[\d+\s][^&/?]+/gi,redactedName:/((firstname=)|(lastname=)|(surname=))[^&/?]+/gi},$="script";function K(t){var e;t&&"undefined"!=typeof window&&window.Image&&((e=new window.Image(0,0)).src=t,function(){var t=window.navigator.userAgent,e=/MSIE|Trident/i.test(t),t=(/iPad/i.test(t)||/iPhone/i.test(t))&&/WebKit/i.test(t)&&/CriOS/i.test(t);if(e||t)return;return 1}())&&(e.referrerPolicy="no-referrer-when-downgrade")}function W(t){throw new URIE |
| URL: https://www.paypalobjects.com/pa/mi/paypal/latmcon... Model: Joe Sandbox AI |
{
"risk_score": 2,
"reasoning": "The script appears to be related to PayPal and includes functionality for redacting sensitive information, which is a legitimate use case. However, it does include external script loading from 'https://ddbm2.paypal.com/tags.js', which is a moderate-risk indicator due to external data transmission. The domain is trusted, so the risk is reduced."
} |
/*! 2024 dl-pp-latm@paypal.com ver(5.1.1) */
!function(){"use strict";!function(){function e(e,n){(null==n||n>e.length)&&(n=e.length);for(var o=0,a=Array(n);o<n;o++)a[o]=e[o];return a}function n(n,o){return function(e){if(Array.isArray(e))return e}(n)||function(e,n){var o=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=o){var a,t,d,i,r=[],b=!0,w=!1;try{if(d=(o=o.call(e)).next,0===n){if(Object(o)!==o)return;b=!1}else for(;!(b=(a=d.call(o)).done)&&(r.push(a.value),r.length!==n);b=!0);}catch(e){w=!0,t=e}finally{try{if(!b&&null!=o.return&&(i=o.return(),Object(i)!==i))return}finally{if(w)throw t}}return r}}(n,o)||function(n,o){if(n){if("string"==typeof n)return e(n,o);var a={}.toString.call(n).slice(8,-1);return"Object"===a&&n.constructor&&(a=n.constructor.name),"Map"===a||"Set"===a?Array.from(n):"Arguments"===a||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(a)?e(n,o):void 0}}(n,o)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function o(e){return o="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},o(e)}var a=window.latmconf=window.latmconf||{};a.loadRedactRegEx=function(){return{redactedEmail:/([a-z0-9_\-.+]+)@\w+(\.\w+)*|(email=)[^&/?]+/gi,redactedUSSSN:/(\b\d{3}[ -.]\d{2}[ -.]\d{4}\b)|(SSN=)[^&/?]+/gi,redactedIPAddress:/(\d{1,3}(\.\d{1,3}){3}|[0-9A-F]{4}(:[0-9A-F]{4}){5}(::|(:0000)+)|(IPAddress)[^&/?]+)/gi,redactedZipCode:/((postcode=)|(zipcode=)|(zip=))[^&/?]+/gi,redactedUserName:/((username=)|(login=)|(userid))[^&/?]+/gi,redactedPassword:/((password=)|(passwd=)|(pass=))[^&/?]+/gi,redactedCredentials:/(login( cred(ential)?s| info(rmation)?)?|cred(ential)?s) ?:\s*\S+\s+\/?\s*\S+/gi,redactedVisaCreditCard:/\b4[0-9]{12}(?:[0-9]{3})?\b/gi,redactedDinersCard:/\b3(?:0[0-5]|[68][0-9])[0-9]{11}\b/gi,redactedMasterCard:/\b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}\b/gi,redactedAmexCard:/\b3[47][0-9]{13}\b/gi,redactedDiscoverCard:/\b6(?:011|5[0-9]{2})[0-9]{12}\b/gi,redactedTelNumber:/((tel=)|(telephone=)|(phone=)|(mobile=)|(mob=))[\d+\s][^&/?]+/gi,redactedName:/((firstname=)|(first_name=)|(lastname=)|(last_name=)|(name=)|(surname=))[^&/?]+/gi,redactedLocation:/((location=)|(location_lng=)|(location_lat=)|(longitude=)|(latitude=))[^&/?]+/gi}};var t=/walletweb:.*bank:confirminstantly/i;a.isFNEnabled=function(e){var n=!1;return t.test(e||"")&&(n=!0),n};var d={"/myaccount/summary":"summarynodeweb"};a.initCompByURLPath=function(){var e=window.location.pathname.replace(/\/+$/,"");if(d[e])return d[e];for(var o=0,a=Object.entries(d);o<a.length;o++){var t=n(a[o],2),i=t[0],r=t[1];if(new RegExp("^".concat(i)).test(e))return r}return""},a.loadSprigSurvey=function(e){window.Sprig&&window.Sprig.config&&window.Sprig.loaded?"string"==typeof e||"number"==typeof e&&Number.isInteger(e)?window.Sprig("displaySurvey",e):console.error("Invalid args[0] surveyId. It must be a string or a whole number."):console.error("Sprig not initialized.")},a.trackSprigEvent=function(e){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if(window.Sprig&&window.Sprig.config&&window.Sprig.loaded)if("string"==typeof e)if("object"===o(n)){var a=n.userId,t=n.properties,d=n.showSurveyCallback,i={eventName:e};a&&(i.userId=a),t&&"object"===o(t)&&(i.properties=t),d&&"function"==typeof d&&(i.showSurveyCallback=d),window.Sprig("identifyAndTrack",i)}else console.error("Invalid args[1] params. It must be an object.");else console.error("Invalid args[0] eventName. It must be a string.");else console.error("Sprig not initialized.")};var i={name:"botManager",enableCookieConsent:!1,enable:!0,setup:{scriptSrc:"https://ddbm2.paypal.com/tags.js",preLoadScript:function(e,n){window.ddjskey="C992DCAFEE25FA95C6492C61EB3328",window.ddopt |
| URL: https://www.recaptcha.net/recaptcha/enterprise/anc... Model: Joe Sandbox AI |
{
"risk_score": 6,
"reasoning": "The script contains obfuscated URLs and encoded strings, which are high-risk indicators (+3 points). It also involves external data transmission to a domain that appears to be Google, but the obfuscation makes it unclear (+2 points). Given the obfuscation and potential for data exfiltration, the script's behavior is suspicious, warranting an additional point (+1 point). However, the domain appears to be Google, which is a trusted domain, so 2 points are subtracted for this legitimate context. Final score: 6 (Medium Risk)."
} |
recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy9YZTdBYmhoUGZaY0Vpa29ObWhnaEJYQUVoT3VzRElCS1dLU19yb1M0UTdFLmpz\x22,\x22\x22,\x22bFVaNXJuRWFtVDVNS3NaL1psK1dpS0VMUjdid1ZWUzdYS3ZGc1RBWEd2NHpaM2ZaUWE1eXpPSUJaQXhRY2ltU3liU3hUVEpxRVN6Q0Eyc2RqbFR2Vkc5UFBpNFR0cXZaU3dQaGVBblZMRXFRemtUV3p3SlJXYVRsWG1BbXloUXFhSjRnYStTeE0vdG5EWFliUDR2TTNjZ2ZqZ3E0Skl2T0N5emU5TUhmWXNnV3RxVitUeEEyMDVTN3hxL0t1TzJQRUU2WUFRaTBadG5welRkVlo5ZnptY2gxbUdLLzQrRFB3aytpcGIrNmRBRzJlOFNxL0NFc2ROa1ZzN1JmaHNZTGt6S1o5YUZROTBKdUdNN012S2czdDdKbjRsZXRsMnZQYmFYaWw4S0l6cEVDRXd0VElNaUhqQjhrUlY3Zm5Fc0hEMCtReE8zSkJMY1huU2kxWk1BRG5pQU0rNzRTcTFNWFpvaXNQSnI3bnRaZWYzUGVxeTNNc3lWczhFTWpzTFZFY3JoaWsyR3d6aGxzOEhpTEJJekswQWl1c01pWVVtMUFCQkVudUlnd0VmTy8zMjBKL0w2a0s5RlpOYnJsaXFDNHQ4bEFWVGd4dVpSUXhWZjlLeFMxSW5ML29oVmhiNlRwY28xRFJIdmZ5VzQyTzJDbG0wRFhvNXROTE15a1RCOWdETDlyYlRseTZiQ25WSkxqSG9Hd2tDQ0xyVjhvSW9KMVRXUkxMTzk5bVhRWnFCQVBNbWwrd3NWVDhrMUxKNUF1RFVWU09QeHN0b3g4elJKa3R3LzlXckFsSWloM2x4SU9ncWNVN3hEZEIzTnJERWNhZXFmQWFOb2RZQUt4N0Z2OFZqOTdIK2s1MllmT1FjcWlWNGt4RGZUY1pJSVV5dm1BSlJqaUh2b05JYnVrZkwwbHIyNFRHR0tibDhoK2dxQ2w3NGpZOTZaNTkza0FPSnBuRDdvUThnNkxsYmE1SXNiaXVzTnF5V2ZQUjUzV0hpOWxsSThBTW1kZDI4d1VoQmNWOEgwdGtTa2I3dlVEdVpsd3ZzYkpxTG9vZHlsVTA1U0tYcGJETGVYbTV1Tk84N3o5c2g3MXhiR3BwTjFNQU52L2Z3N0dQU20zRERYWkJuS0VWZkFpN2M1WmtnU0RyZ0U1WHdvSUZTWTJ2a21BY0tHN3dPeW4yanRzSHZxaTJqK1hHWmZGZytYN1B1TUVUSURyZ2x2dTVYSFlaSWw2ZVVzN3pqa0JKdndXU0VkaXFSYlFHTnFLLzFQcmZNZS95ekZ0SEtMeU1xVVNDNHQ3V0Z2a2VxY3pzTkR5ZFNrYjJMSVFQaEFVcGw5R0ZCc0lrTnRhQVVzc1pxNXY3ZEtZREg2a2pXMVhPZEhyTEwxaHFmd0pJdFk2Zk9CYUdmY3BpWkRUWG1Db1A1ZHBlZWVMUWladmVBTjF6MDFzZlpMQXhSRnhNd0VLTFdMN1c1c0xUMitQUVpKVnNQa2xDQjJZbkU5SEV3djA0L1owQzUzSFQxSUc1MnQvM1ZicDhyNlRBWXZNSHNQYkRuQkNJZldKaEpZVmc4cUpaYW9wb3NmWUtjbkhDSzdORENZei9DeDdDR2N3Sm83MzlwSmdGYTA0QlpQSEVPeDFaYW5SQkx6Y2Y0ejlCZFNBOGIxYS80Y1k4NVJUMmpOSkNqZC9SYWVjUXUybEk4TVVHZHR3czdNR25ld2lNSjJ4V0tHQzRUbGFIaVF4dU9XMzdma1BYTjdEQUEybm04VzRQODYwRmxvYnJNRWw5N0twRmZoc2VFNUcvZzFZQ1A3TWlaYmJIMVl4YUZqRkdib3R6R0gvVEJ0UUFpMEhYMEdFczU2S3NpNVB3TkVQajBRMHAwNTh0clJHa0ZvM1d1SnJSeVUrOVhHMVlqMitzNlFsampIcFg2YThKL29kQUJQT2VZdTdEaTd3YzJrcDNHSkQyS1B3YitxemNVL1NFNkN1ZUV4eFhSOWYrUVlRWFJSekdBRkNDV2tYN2xqTklxSndvKzljSlB4Yllub3RueXFGSG84eFFBcG12Wk15d2h5dDMzQ0drbDFsZTdVTU5ta0tmNU1tampJS3dJbkQvekZIbk1pUEpnNUlXTGhmckFJWUVEb085TW01UHI0dWN4ZUZSVFRaUTFOZTIxNllXWXh0WXI5dS82U0NsRGNRUWtrRGhDc2Z1aHJRUzZkaG9odUpldDZrOFJJVGRPVEZzTmFCQ3pYN1FGcE5mYVJJVWhjcVBmQzQ3eDdNRHZXcVZmbG1LOEh3ZUxtVlJQaWkxdWtUc2NvcWhzbzR6aW03TTdYTzduTXBMWVFnd3FjclY0VlZsSVM1TXd0NlRoV1RwRHFvMlZZaXhmY1Q3YStxV2pXZzBjR3paZFNXSitRMy9PNVlRYzVZV0V3cGJUdElmWW9GQ2tpT09vRnAzMnlRU1M0aTJCM2xyeTJaRnFFUkJqYkJ4ckNiSENlSlVsYjdjbVJocElyekNaRGV5REgwMjBqTGgrV2VEZ3ZrWG5NNW9CWEVMNzY0UzlwNEhPK052YmZuZ0tnUDQwTURoelpZako5enBtOG1mMm9zcXNIbnBVbnBxQll6Y1ZnRVdaY3RJUzFXM3ZEbHA2ZDcyUWJKTzFZUnh1RlQxdy8vTnJkUHZuN1NtQXd1clZLaDBhL1RrU0ZrVXRmRG9MZ1Q0ekpwQ0d2YmI1NG1KaVgvU1NiZVlGNTBGaWM3RStxQmlNSnlpenRPSzJvd0hUdk5WYVUzckIrK1Ird05UazBBaG5weXZIcFBHRnp3UnE3Y3lPYWdaTlhCM0RJY0dyNWJ6RTFFYmFoanVQaFVhdlkyMkVQdy9hZkpLMDZIUTRRMGpRRnhwaEtkU1cxRktqOVFndmJqZGViUHd3UGxoc3ZiWkVGRzNUdzkvVXBtWldGZHZ2VVdFd1NNRnJWWjBZOGc4VnJjd2NBS2ZmU1lkVE1jc24wUXA2OE9rVEg4UWR2YTJWZ3J1VXBmenNlZ2Z4UEMwZ2Z4SEE1Wm1PeUtYZjJVcnBZL09uZFE1MzBTSnRnNk5pWWRJZmhhOENrS0ticGl4eEQ3ZldRTm94eC9OeTJ6aG9UVjBmcFNRWDloc0VkSGh3aFMxdEVYWjhHbnVoVjE5OG53R3g4cG1XT3JpODVpOC9jV2NCb0FJakR4MS92ZGk3dHpKeGtLOEMyL2JZdkw5eTFzakFHVGpHdDZUSHd2UkNIREl2TGRvWTF5NXdZbjc4WDlVNnJENTNraFpka1U0ZU5HZHNqMFdaSGxlbDhVTmlnT2lTcEJUcEt4eHdnTXZ5bTM0em5zNStLRy9uU0h4aFVLWmxpcWdTUkg0U3V2THNycmw4THJpSnIwanp2bWZGM0NHeHVRWWhFcmZ4ZkZFY2VnT1Z6ZUE1TmdjVk9jb1F1TVVKN2tqbDVPcFczYzdNMXBnSjhYVDJ2c0JKamVnbTJPWDFHRE9DMUNBeFI0NUdaQjQ0YmgrdDRsa1VGalBXYnNScTlUcU9ORUdIcnlTZnRsUjQweWIwQzNyeGVvOSs4USs0V3VGT29nOS9GMElObm11WXJLcWpoblVySW1BYkZmUFhMcURNSWtFQ1RFcXlhY1JUbHRmSU9GTUJOVEYreGZWQUJwek1GeXVObUxCR2wxRHVibzlpY2RsN0ZhcDUxWVJhRmErRnEyMUh4SVBoeGZ3SHQweUMrendJaGtQTGR3cmFQZkQxWDQzb21mTHRPeVJSZkNaWnBnNUoxaHgzeEIwaEdqMjlPbTdIUzZQQ3g2OXJpakdmYW8zUlFHQUo0RFJtYTdrWXVqbkVucklmZmVoSHF |
| URL: https://www.recaptcha.net/recaptcha/enterprise/anc... Model: Joe Sandbox AI |
{
"risk_score": 1,
"reasoning": "The script sets a window property to a known and reputable domain for reCAPTCHA services, which is a common practice for implementing CAPTCHA functionality. There are no high-risk or moderate-risk indicators present."
} |
window['__recaptcha_api'] = 'https://www.recaptcha.net/recaptcha/enterprise/';
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": true,
"trigger_text": "Security Challenge",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": true,
"trigger_text": "Security Challenge",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: unknown |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": true,
"trigger_text": "Security Challenge",
"prominent_button_name": "VERIFY",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | {
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"contains_trigger_text": true,
"trigger_text": "Security Challenge",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: unknown |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: unknown |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | {
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI | {
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The URL does not contain any additional words or hyphens that could indicate phishing." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: unknown |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: unknown |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": ["Email or mobile number"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": ["Email or mobile number"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": ["Email or mobile number"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": ["Email or mobile number"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields 'Email or mobile number' are typical for a login page associated with PayPal." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Email or mobile number |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The input fields 'Email or mobile number' are typical for a login page associated with PayPal.", "No suspicious elements such as misspellings, extra characters, or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Email or mobile number |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The input fields 'Email or mobile number' are typical for a login page associated with PayPal.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Email or mobile number |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer&state=%2FpayRequest%2FU-7DB693966W8041453%2FU-51N93441NC4340114%3FclassicUrl%3D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DVeUglT2PsmabeyeXH1ZuuVtlEKti2bNCsmZ Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The input fields 'Email or mobile number' are typical for a login page associated with PayPal.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Email or mobile number |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "",
"prominent_button_name": "Log In",
"text_input_field_labels": ["Password"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": ["Email or mobile number"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The input fields 'Email or mobile number' are typical for a login page associated with PayPal.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Email or mobile number |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of a password input field is typical for a legitimate PayPal login page." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Password |
| URL: https://paypal.com Model: Joe Sandbox AI |
{
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://paypal.com |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Log In",
"text_input_field_labels": ["Password"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": true
} |
 |
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI |
{
"brands": [
"PayPal"
]
} |
|
| URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Factivities%2F&state=details%2FU-51N93441NC4340114%3Fv%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3De1313c92-b18d-11ef-8175-ebd736eaa Model: Joe Sandbox AI | ```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of a password input field is typical for a legitimate PayPal login page." ], "riskscore": 1} |
URL: www.paypal.com
Brands: PayPal
Input Fields: Password |
Edit tour
OUTLOOK.EXE (PID: 6812 cmdline: 
ai.exe (PID: 3984 cmdline: 
chrome.exe (PID: 3436 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node