| URL: http://url4659.orders.vanillagift.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: http://url4659.orders.vanillagift.com |
| URL: https://balance.vanillagift.com/sad-I-dring-Busing... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While there are no clear indicators of malicious intent, the overall behavior is concerning and requires further investigation."
} |
(function(){var nO=[];var mx=[];var ud="c3N7ASqTk3uTcWsrm5sLOyvZoiIaGqNjcaIiGhqjYwqScnqCknraIyuDo0MBY0trS6PqG6Obe5OjaktzS3tzgpN7C4ODcgtrK7NLIyt7I5NLsyuTuysTI5NLsyuTaSuzC2OrC6MrCpKSCsr6EqoyMiqS2dnZm0MLIyuTmnurkxsrm2NLGytqmnqro2N7e1sKk0sLY6pzSxt7IytqmhILq0MLq5vJmTsro6pzSzN7k2tiexsLo0t7c7p7k1srk2qbw2tjkXHCamJCoqKCOyujKsOjK3ObS3tzuysTO2P6ayujCwurI0t7ecNpa6EL2Wt7q5sre7MrkzJLYysLc6NLC2NLC5tSmnpycZujk0tzO0szywErwxsrg6NLe3O7KxM7Y5FLcyMrwysjIhKTKyubK5pbS4Mqw4NLkwujS3tzGkMrG1uSKwtjgmMLyyuTcZIrC2OCYwvLK5NBo2tJAQobo0uzK8IBGntzo5N7YwFBmZFpE0ujSSMLowvRS2sLOyt5uysTg4MLkytzoypjK2src6OaGpJKgqJKcgozk3trGkMLkxp7IyszS2MrcwtrK2t7q5srI3u7c5pCCiJKcjr6YgpyOqoKOir6siqSmkp6cpurE5ujk0tzOyIrswtjspLCGqOTY3EiK7MLY7KSwhqjk2NxiRsLc7MLm/p7M6tzG6NLe3MBM0FTSduzC5MBkyubq2Ojm+mB2TN7k0FL6YHZS+Gp2UtZWUnbkyubq2Ojm1npS9nrSzNBUymR6emBSduTK5urY6ObWemZ2ZMro6uTcwGTK5urY6Ob2esrY5sr25Mro6uTcwGTK5urY6PZ6+uJwYOjAQqTSwtjC0tDCxujqwtjEnurcyNLczsSe8MKmxsrc6OTOxNBgWGRqalhkampSXuDK3MiC6MLEwubKzqSKipy+hJKopo7K6OCk3uje6PLgyt6M4MLk5srSnOjMmJ6CqJqCsL6skoquoJ6kqL6IkpqmhMykwtzW2NLczp7o0NLGxNLcyMbe3OjC0tzK5NqCsL6siqSoirC+qpySjJ6kmr6sioaonqSmupB2vILo6MLG0OaQwsjK5N7q6Mrk0IrSztDo3MLs0s7C6N7k4OTe6N7o8uDK7mRg8NjS3NbgpN7O5MLa5uje4MyY3sLo5mRCpOTC8ubK2Mrc0ura2krswtjqwujK2qiKsOjkwuSOhIKmwtzm2mbK5NLMzsro3q7c4KTe4Mrk6PLcgtrK5sbY0src6PCs0sjK3t5a4Oh2QEbeyMrG5vpEQuzG4lxoZEqgYkqEWN7CyObowuTowuzC0tjYiszoxujeyILowuqkmKDk3uD+ntzewEqk5N7k3GbowsbW0tzcyuTuksjo0OaGpJKgqISS3trK2qimxsLYyujy4Mrk2t7G8NxkisLY4JjC8srkwE6kQEae3Ojk3tj80JLO0Oie7srkzOTe2tqCsL6sgqSykpyOvqyKhqiepKaYnq6+jJiegqiG5MrC6MrSmsLOysiC6MLoipqgnqSCpLKQfLj2vJjC5ujansjSzNLKyOTC3M7K2pLcxuTKwujKwqjo5NLE6ujKyOra4MrcwsTYyuyK5OjK8MKo6OTSxMKk5MLy5MLcyN7a6N7qxtDGwtzGytje3MTcWJ6uvpKcqJzC2sruysTI5NLsyuTmlvLgytxIiujKxujS3tzYiuzK3NLa2qiKqqSepqiSmIqaksbk3ubezOjAUpzoyuTcyujASrDg2N7kyuTapqSKzMrkytzGyuagysbSwtjo8u7KxM7Y1p7W0tjC2qiG6uTkytzo6JLayuJiYOjAQqTSwtjEgtzWzp7o0NLG2ojEqKje6sbQytzI0uTuysTO2P6I6ubK5MKOytzo2orS5PLe6pKG5Obo8tjK6J7qxtDKrMrc6Pa4qsjwYGBaeKrIxMzM+ohagrC+hp6ahJKcioi+qIqwqKqkir6SmoKOir6qnJKopq7KxM7Y/obG3N7ASqTk3uTcRsLq5srOyujGntzoyvDowqjo5NLE6ujK5uzK5OjK8OCe5sKo6OTSxNLc6Mrk5N7OwujK4OTeyOrG6M7AdnZASMrs0sbK2ora3uTy6N7qxtDm6MLk6MbY3ubK4ILo0O6KxM6YpGSK3MjK5NLczsae3OjK8OjGwurmyt7q6Mrk7pLI6NDOnqiQgpqC7MLS2NCK0s7Q6NLc3Mrk0KiamKrc1tze7tzG0NLYyOTK3NLc2NLcysje3J7o6KTCxtbY3sbC6NLew==";var TA=window.atob(ud);var N7=TA.length;var h1=0;while(h1<N7){var TM=TA.charCodeAt(h1);mx.push(TM);h1+=1;}var P3=mx;var s4=P3.length;var Dp=155%s4;var jC=[];var B3=0;while(B3<s4){jC.push(P3[(B3+s4-Dp)%s4]);B3+=1;}var sb=jC;var tM=sb.length;var nj=170%7+1;var EO=0;var B_=[];while(EO<tM){B_.push((sb[EO]>>nj|sb[EO]<<8-nj)&255);EO+=1;}var S3=B_;var Bm=S3.length;var vm=139%Bm;var Ec=0;var Ez=[];while(Ec<Bm){Ez.push(S3[(Ec+Bm-vm)%Bm]);Ec+=1;}var bG=Ez;var Sd=0;var hd=bG.length;while(Sd<hd){var kt=bG[Sd];var vy=window.String.fromCharCode(kt);nO.push(vy);Sd+=1;}var Kd=nO.join("");var GB=Kd;var Zv=0;var La=[139,170,155,99,130,89,117,133,7,28,0,16,143,70,212,24,182,169,101,7,87,217,110,211,62].length;var xO=[];var yp="KT38F/xG9Uo6Yzcn+vfqPeEeTdnmEOUIAztG/RUPTvNLPmAyH/kTDlL2S2T18P+n8gQsOv0o7Ub7ODZq9+fcHwRG7S1e8uzK0QX4KT/sHxZK1yAsU0Un8QsCSPYiYubuAcTxAydH/SIOU/BMRlE0LAELDkLmSVr37Qvy/fA0N/0XGVXsRT0xOyf3DgRH50dp7u0F5QLbK0gMGxss9ktBVzYx/Q3/SPU8Z+73EOn//Tg7+t7bGrwDCyMI6rvT6yfIB0Xp7d/0AvsYGdwV6y7bKklgQjL6DQpP2T5XxvoP5f3xMk3l9wFEzSkaNSAD2f76ONAiO9TZ6d/m1Ako5wj8PMwZJDcnHdAC70L2Pm35/A7l7/UvQAwbG0ToRUJhQjL9GQtM5T9k98z94/gBJzgBKxw+1DArNxQC2/zqMMMxVNnM9NTl4Qsz5fcBRMglIkEiEt356zzhHk3Z/QHyBPQ+JAcp6lf5OFJbOB/+Hw1I1j5t+dT98vz0Okj5GR1a6EMbXUgs7xMJSsRIbcnsD+P1/To2DR8VSdAbPGA4H/8P61XxQGfm9AXt8fYrAw8bC1XcRUJkODD+7eAYtyZa6fAR7e/uLEz8KBJb7Ek4U0kf9x/8V+cGQsbf+9TV5xop6vsILtQYIDMyE9nz7zbjPGn66AjC/wQ0OAEkECf2TytXOib/DQdM50dp3ur97PzQPDUGKvBG+Ts+MD4A3w4KRvdGWvP74ez1/CtCDCkVSO88QlU7Mq7a0RzdNWq1t9Swves7Gt7870L6QDxVODLeEvxH50tF9+z/6QP4NULeJRtS6EtOXDwk+hwIMug/aOr77/Tx8ik1DCXbF7kZLTYYCuEBAEXJJUfq9QDlAvg0O9slF1nsT002HAXTCeQx1kti9OoUruL0J0DoIgpe7En5NQXezhkJV/RIYbO4/+H+BSdH9x4KUfc/OlA4MvQNCVKiHmf39g6u/vAzOQglICfoSzpcOiz6IQhS8Eho9ej/ |
| URL: https://balance.vanillagift.com/loginDetails?tx_tr... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates high-risk behavior by dynamically loading a script from a suspicious, obfuscated URL. The combination of dynamic code execution, obfuscated URLs, and the potential for data exfiltration or malicious payload delivery indicates a high likelihood of malicious intent."
} |
if (!isSpa) {
var scriptElement = document.createElement('script');
scriptElement.type = "text/javascript";
scriptElement.src = "/sad-I-dring-Busing-Owled-I-selfe-and-make-strant/13222129928191771016?s=97ps9p1j";
scriptElement.async = true;
scriptElement.defer = true;
document.head.appendChild(scriptElement);
}
|
| URL: https://balance.vanillagift.com/loginDetails?tx_tr... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a simple implementation of a temporary interstitial or block page, which is a common practice for web applications. The script checks a variable `isSpa` to determine whether to show the block page immediately or after a 10-second delay. This behavior is typical for managing user experience, such as during page transitions or loading times, and does not demonstrate any high-risk indicators."
} |
function showBlockPage() {
document.title = "Pardon Our Interruption";
document.getElementsByClassName("container")[0].style.display = "block";
}
if (isSpa) {
showBlockPage();
} else {
window.interstitialTimeout = setTimeout(showBlockPage, 10000);
}
|
| URL: https://balance.vanillagift.com/loginDetails?tx_tr... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided code snippet appears to be a simple check for a single-page application (SPA) flag in the URL parameters or a global variable. This is a common practice in web development and does not demonstrate any high-risk behaviors."
} |
var isSpa = new URLSearchParams(window.location.search).get('X-SPA') === '1' || window.isImpervaSpaSupport;
|
| URL: https://balance.vanillagift.com/loginDetails?tx_tr... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of a security or protection mechanism. It checks if a cookie is set and reloads the page if it's not an SPA (Single Page Application). The use of `window.reeseSkipExpirationCheck` suggests this is a legitimate feature and not a malicious script. While the code could be improved for better security practices, it does not exhibit any high-risk indicators and seems to have a legitimate purpose."
} |
window.onProtectionInitialized = function(protection) {
if (protection && protection.cookieIsSet && !protection.cookieIsSet()) {
showBlockPage();
return;
}
if (!isSpa) {
window.location.reload(true);
}
};
window.reeseSkipExpirationCheck = true;
|
| URL: https://balance.vanillagift.com/tis-them-Ported-I-... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While the script may have some legitimate purposes, the overall risk level is high due to the potential for malicious activities."
} |
(function(){var dw=[];var tO=0;var MI=[];var Tg=[];var CI="mp60voqwqL7oyvDo6uTKvszS2OjK5L7C3NLm3ujk3uDSxk7GwtjYpsrYytzS6tqM6tzG6NLe3KDk0ubo0tzClt7W0tjCmqiEmKqKvoSSqKbcwtrKyJLoytrCxujqwtiE3urcyNLczoTe8JjKzOjk2t7G8FykysLYoNjC8srkQI5kQIbe3Ojk3thcYsbe3OjK3OiI3sbq2src6MbC3OzC5r7M3tzo5pqCsL6GnpqEkpyKiL6oirCoqqSKvpKago6KvqqckqimqtzS7Mrk5oaKamqaysjS6trsyuToyvCC6Ojk0sSg3tLc6MrkxMLmyqTK2t7syobQ0tjIvspoZGLExGRymqae6ujY3t7W5srk0sya3tze6PLgyobe5ObS7MLmytjMvubK2Mrc0urahMLq0MLq5nJmiqqknqaokpiKroqElpKovoqwqL7oyvDo6uTKvszS2OjK5L7C3NLm3ujk3uDSxrbMXOje6sbQxsLcxsrYgsbk3qCIjFygiIymyuTSzMKCzobe3Ojk3thcgs6G3tzo5N7YxtDS2MjkytzOzsrohMLo6Mrk8u7KxMjk0uzK5FrK7MLY6sLoytjC3M7qws7K5sbC3OzC5r7ext7c3MrG6NLe3NLc3MrkkMrSztDo5MrK5spwaNLc6Mrk5N7Owuje5JqCsL6sgqSykpyOvqyKhqiepKaaioiSqpq+jJiegqjC6sjS3uDk3ujext7YwurI0t5e8FraaMJ20tzIyvCezNzeQIrk5N7kXNzC2srS6MraptL0yoLOytzG8oyEgpiSgqaKiL6YkpyKvq6SiKiQvqSCnI6Kvr7M8Mjk0uzK5L7K7MLY6sLoytjC3M7qws7KYmLg6ECC5NLC2NzeQIrk5N7kXNrK5ubCzsqQko6QvoyYnoKozNLY2MbkzsroqNLaysbC2Nig0MLc6N7atK6CyN7EyozC6sjS3l7a4MrO5sbk0uDomsLk2Mro6Mjq2uDkzsTCUGJgZFhAZGBoWEBgWEBgXG5S5srYytzS6trG6Mbe3OjC0tzK5ODYwujM3uTaxsLc7MLmvsjCyMiEytDC7NLe5MbQ5N7aypqmqpKO3ujQ0saCpJyeoKSejJiegqjg5MrG0ubS3tya0sbk3ubezOhAktzoyuTcyuhAivDg2N7kyuTo3uC+vu7KxMjk0uzK5L7K7MLY6sLoyujCzpzC2srm5KDK5Mze5NrC3MbKnsTmyuTsyuSa5vDa2GRciJ6aiN7G6trK3OiagrC+jKSCjpqKnKi+qpySjJ6kmr6sioaonqSmrsrEjpikytzIyuTS3M6G3tzoyvDo3N7cypTq0sbKkqiC6sjS3pierr6SnKjkwtzI3tqs5NLcyMKKyO7C5MjSwtymxuTS4OiSjKSCmoqCpKSCsr6EqoyMiqTQysLI7srEzti+0t6IiqCokL6Ekqim";var NX=window.atob(CI);var NL=NX.length;var Be=0;while(Be<NL){var Nm=NX.charCodeAt(Be);Tg.push(Nm);Be+=1;}var ok=Tg;var Li=ok.length;var L5=79%Li;while(tO<Li){MI.push(ok[(tO+Li-L5)%Li]);tO+=1;}var as=MI;for(var vr in as){var zH=as[vr];if(as.hasOwnProperty(vr)){dw.push(zH);}}var yJ=dw;var nK=0;var tk=0;var gZ=[147,79,122,114,93,207,122,215,147,184,136,99,48,197,193,232,198,197].length;var pb=0;var XI=113;var Zc=[];var q4="PpWx5H6oErgS2TUQEWGXt23GlQoKT4krNZcNiiJOVracxA71ghlFvOZwbvg6wWk5IXWfwxnuwTJrY7C+TO5EiqKCgkq87T/0wyw0OZNdL7kT6BRYIMCy+iD/iGP/unzu/Wa8J4Pznwuhhe/Eb2jgMWcptxG/IKCc2Az+xhybqBM7SuyilALEx29DX785AYtwD7jkaattD6l36EA45HCe4gSHwF9rZuBiEI4QixNLE0NtMcs8b/D4qW/N22XLGKD48CSe/jSr7EP7PkgyyMaYh68nk7O1eT9M5/AAmZuRY0UbGODcgDzmQoh3AK/zjlCOuBqcb5v74yuRqUsUc4CIHUN1G+VHgABYoACy/jD7VPPHyoi2ID5kBy/XY191peuwGyzoVR8Np6GHfPSo1BSewijXhAOLgjCyoO5AqxtPF/f9WU8Uz/xk7e+hpwXDGOzMuFDq0ijbgBsra2mnzWu1Q7OLxz+tjVeIzzh42ftZd6UPjAx8ZETeqlTP5Et7AthicP7cl8tfz6/ZYSsEm+hw0ZfFLyFLICjEEHAyjuiDMF/zpgDe6CKQU+s7Z8dtAZdU/8BEgWbE/iy+Re2EgDyO9hTXwSdSYslrUYMR6kJTCrsxZe9sG6yYiQvF2wm7YOTckDSu+hzPuEuHjiTy7CbUW/Mnd1Ml6bPEOyiwDVcB69WDTZyZ0OxGKsTTlCc/Qu2jlQutuiJaBs5RaYNpCywsPY9RZx2KyUkZAb0/Z7hWeJKr4lCGgVPREv7KlmrE5B6J/hVVJL70Wgg6NVmVZRXryymmOaa6x+lTIWu1fs6KxmJohLqJIhWhcHI8ltjWgakJvYWfH1WW8QZGEzWnkTupOoL6pkY0/Kb5PiW1CC4strDyuZll0f3Xd2UO0crKtxnP+VudjhZGHtY0eJ5hJr2l4CK0shS/TOyYvUj6rmC71DtCCsR+FIY0twJfL985dbd8T9CUmV/d80WfAICoHBRmmvzjSA//QpgSePZ0g997v4OZMT+w4xQEYc8FvwGnfNDwnDCaulGKsRYqP617TZtZ1ip+ftpwCEK1hm0FlGaglkB+fX2tNQkz86nefRamNzE7lV/5D2ObXyfJkbOArxgkcd99C6XPVNDk5BTqwgjXoDszetxOtDrke9PbF7NdfYdAp0wITb/xx1n/8HwQPNwqTpRjwFNbfjjauDbwA+uP5weB+SO001RomRuF9+V3gBDkkDSq5jRPPBfLjlie6ErMF7P/j2/BpTPoj3xksReFkx2zLISMyCiC+jDvUEeL+miKvG7BsoIKDtZMZPohUh3h9CPkp3zf4Aj4KERi/iyr3HsnckDy1FLQjzcPQ5MVRY8ItzAsPYvJvwGbeBRYJMRD72WO4W6y13XnwRvNFpLqLvpgOPa9bmnhbG54pvzWvbkBtY2XF11uxeJWi4lHcfMt9gZOSqokWL5VYvXMmVfVxwmbBKxUCKQeRkBHxOu3vhinFZtVnhKiIjYEPKpVD+nh8Db4AoxSzWVtgUG/0wGe6VrihymLlTdh5ma6ZgIYpM79OiH9DCZ8oqCG9c11CfkHc7km0RJOG7V/ed9x8hp6ftosYIZVIsGZlCKpk1CHCODYNPROOvCvyDszvvjqcGZUK2uLZ0Mx1R/o2yxoTYsxxx3LEOQATPReOqx3EOP7dsBCcP4g21tnY4MBPbMwR7S0xXfl/zVDrenxVVljU4l+TXJ6c/VnzXtlevKmugKo0DKh+qXpiBqk1nDSAY3ZmWnnA+EaOabmg0XXSZMRli4WerI0WNZJLoGtIJYUJqh2oTlheZlvW5FWKbpKK/1HOftJlj5qH98hGKtlCpWJ3EaM20jaTf3QoQTzD5Aa7UcDfrg6SPZcq5PDl1P5lR/AhxgpbP50O/1/uBhA9Dye4mxvLIuXwhxaML4kzz9zB8vtuS/Us0BEEZs5I3nrdOgEBLgCDpxHdAcvWthiFN4wrzdrNw/hjWforxwEfbsZI50fmDhEXGjS8ijTpFdPRlTC3FbIPk52dpYscGJ9mulBjObwGgRONcXNsXWC0+2WRUaaC10brf+lzr4G2pb4gEqNugUZTIIgDoDWPeGd5d |
| URL: https://newassets.hcaptcha.com/captcha/v1/b4956db/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a polyfill for the Promise API, which is a common and legitimate JavaScript functionality. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is focused on implementing the Promise API and related utility functions, which is a standard practice in web development. While it uses some legacy APIs like `setTimeout`, this is not inherently malicious and is often necessary for compatibility. Overall, this script seems to be a benign implementation of a common JavaScript feature."
} |
/* https://hcaptcha.com/license */
!function(){"use strict";function t(t){var e=this.constructor;return this.then((function(i){return e.resolve(t()).then((function(){return i}))}),(function(i){return e.resolve(t()).then((function(){return e.reject(i)}))}))}function e(t){return new this((function(e,i){if(!t||"undefined"==typeof t.length)return i(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var n=Array.prototype.slice.call(t);if(0===n.length)return e([]);var r=n.length;function o(t,i){if(i&&("object"==typeof i||"function"==typeof i)){var s=i.then;if("function"==typeof s)return void s.call(i,(function(e){o(t,e)}),(function(i){n[t]={status:"rejected",reason:i},0==--r&&e(n)}))}n[t]={status:"fulfilled",value:i},0==--r&&e(n)}for(var s=0;s<n.length;s++)o(s,n[s])}))}var i=setTimeout,n="undefined"!=typeof setImmediate?setImmediate:null;function r(t){return Boolean(t&&"undefined"!=typeof t.length)}function o(){}function s(t){if(!(this instanceof s))throw new TypeError("Promises must be constructed via new");if("function"!=typeof t)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=undefined,this._deferreds=[],f(t,this)}function a(t,e){for(;3===t._state;)t=t._value;0!==t._state?(t._handled=!0,s._immediateFn((function(){var i=1===t._state?e.onFulfilled:e.onRejected;if(null!==i){var n;try{n=i(t._value)}catch(r){return void c(e.promise,r)}l(e.promise,n)}else(1===t._state?l:c)(e.promise,t._value)}))):t._deferreds.push(e)}function l(t,e){try{if(e===t)throw new TypeError("A promise cannot be resolved with itself.");if(e&&("object"==typeof e||"function"==typeof e)){var i=e.then;if(e instanceof s)return t._state=3,t._value=e,void h(t);if("function"==typeof i)return void f((n=i,r=e,function(){n.apply(r,arguments)}),t)}t._state=1,t._value=e,h(t)}catch(o){c(t,o)}var n,r}function c(t,e){t._state=2,t._value=e,h(t)}function h(t){2===t._state&&0===t._deferreds.length&&s._immediateFn((function(){t._handled||s._unhandledRejectionFn(t._value)}));for(var e=0,i=t._deferreds.length;e<i;e++)a(t,t._deferreds[e]);t._deferreds=null}function u(t,e,i){this.onFulfilled="function"==typeof t?t:null,this.onRejected="function"==typeof e?e:null,this.promise=i}function f(t,e){var i=!1;try{t((function(t){i||(i=!0,l(e,t))}),(function(t){i||(i=!0,c(e,t))}))}catch(n){if(i)return;i=!0,c(e,n)}}s.prototype["catch"]=function(t){return this.then(null,t)},s.prototype.then=function(t,e){var i=new this.constructor(o);return a(this,new u(t,e,i)),i},s.prototype["finally"]=t,s.all=function(t){return new s((function(e,i){if(!r(t))return i(new TypeError("Promise.all accepts an array"));var n=Array.prototype.slice.call(t);if(0===n.length)return e([]);var o=n.length;function s(t,r){try{if(r&&("object"==typeof r||"function"==typeof r)){var a=r.then;if("function"==typeof a)return void a.call(r,(function(e){s(t,e)}),i)}n[t]=r,0==--o&&e(n)}catch(l){i(l)}}for(var a=0;a<n.length;a++)s(a,n[a])}))},s.allSettled=e,s.resolve=function(t){return t&&"object"==typeof t&&t.constructor===s?t:new s((function(e){e(t)}))},s.reject=function(t){return new s((function(e,i){i(t)}))},s.race=function(t){return new s((function(e,i){if(!r(t))return i(new TypeError("Promise.race accepts an array"));for(var n=0,o=t.length;n<o;n++)s.resolve(t[n]).then(e,i)}))},s._immediateFn="function"==typeof n&&function(t){n(t)}||function(t){i(t,0)},s._unhandledRejectionFn=function(t){"undefined"!=typeof console&&console&&console.warn("Possible Unhandled Promise Rejection:",t)};var d=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();function p(t,e,i){return e<=t&&t<=i}function y(t){if(t===undefined)return{};if(t===Object(t))return t;throw TypeError("Could not convert argument to dictionary")}"function"!=typeof d.Promise?d.Promise=s:(d.Promise.prototype["finally"]||(d.Promise.prototype["finally"]=t),d.Promise.allSettled| |
| URL: https://js.hcaptcha.com/1/api.js... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a polyfill for the Promise API, which is a common and legitimate JavaScript functionality. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is focused on implementing the Promise API and related utility functions, which is a standard practice in web development. While it uses some legacy APIs like `setTimeout`, this is not inherently malicious and is often necessary for compatibility. Overall, this script seems to be a benign implementation of a common JavaScript feature."
} |
/* https://hcaptcha.com/license */
!function(){"use strict";function e(e){var t=this.constructor;return this.then((function(n){return t.resolve(e()).then((function(){return n}))}),(function(n){return t.resolve(e()).then((function(){return t.reject(n)}))}))}function t(e){return new this((function(t,n){if(!e||"undefined"==typeof e.length)return n(new TypeError(typeof e+" "+e+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);var i=r.length;function o(e,n){if(n&&("object"==typeof n||"function"==typeof n)){var a=n.then;if("function"==typeof a)return void a.call(n,(function(t){o(e,t)}),(function(n){r[e]={status:"rejected",reason:n},0==--i&&t(r)}))}r[e]={status:"fulfilled",value:n},0==--i&&t(r)}for(var a=0;a<r.length;a++)o(a,r[a])}))}var n=setTimeout,r="undefined"!=typeof setImmediate?setImmediate:null;function i(e){return Boolean(e&&"undefined"!=typeof e.length)}function o(){}function a(e){if(!(this instanceof a))throw new TypeError("Promises must be constructed via new");if("function"!=typeof e)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=undefined,this._deferreds=[],d(e,this)}function s(e,t){for(;3===e._state;)e=e._value;0!==e._state?(e._handled=!0,a._immediateFn((function(){var n=1===e._state?t.onFulfilled:t.onRejected;if(null!==n){var r;try{r=n(e._value)}catch(i){return void l(t.promise,i)}c(t.promise,r)}else(1===e._state?c:l)(t.promise,e._value)}))):e._deferreds.push(t)}function c(e,t){try{if(t===e)throw new TypeError("A promise cannot be resolved with itself.");if(t&&("object"==typeof t||"function"==typeof t)){var n=t.then;if(t instanceof a)return e._state=3,e._value=t,void u(e);if("function"==typeof n)return void d((r=n,i=t,function(){r.apply(i,arguments)}),e)}e._state=1,e._value=t,u(e)}catch(o){l(e,o)}var r,i}function l(e,t){e._state=2,e._value=t,u(e)}function u(e){2===e._state&&0===e._deferreds.length&&a._immediateFn((function(){e._handled||a._unhandledRejectionFn(e._value)}));for(var t=0,n=e._deferreds.length;t<n;t++)s(e,e._deferreds[t]);e._deferreds=null}function h(e,t,n){this.onFulfilled="function"==typeof e?e:null,this.onRejected="function"==typeof t?t:null,this.promise=n}function d(e,t){var n=!1;try{e((function(e){n||(n=!0,c(t,e))}),(function(e){n||(n=!0,l(t,e))}))}catch(r){if(n)return;n=!0,l(t,r)}}a.prototype["catch"]=function(e){return this.then(null,e)},a.prototype.then=function(e,t){var n=new this.constructor(o);return s(this,new h(e,t,n)),n},a.prototype["finally"]=e,a.all=function(e){return new a((function(t,n){if(!i(e))return n(new TypeError("Promise.all accepts an array"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);var o=r.length;function a(e,i){try{if(i&&("object"==typeof i||"function"==typeof i)){var s=i.then;if("function"==typeof s)return void s.call(i,(function(t){a(e,t)}),n)}r[e]=i,0==--o&&t(r)}catch(c){n(c)}}for(var s=0;s<r.length;s++)a(s,r[s])}))},a.allSettled=t,a.resolve=function(e){return e&&"object"==typeof e&&e.constructor===a?e:new a((function(t){t(e)}))},a.reject=function(e){return new a((function(t,n){n(e)}))},a.race=function(e){return new a((function(t,n){if(!i(e))return n(new TypeError("Promise.race accepts an array"));for(var r=0,o=e.length;r<o;r++)a.resolve(e[r]).then(t,n)}))},a._immediateFn="function"==typeof r&&function(e){r(e)}||function(e){n(e,0)},a._unhandledRejectionFn=function(e){"undefined"!=typeof console&&console&&console.warn("Possible Unhandled Promise Rejection:",e)};var f=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();function p(e,t,n){return t<=e&&e<=n}function m(e){if(e===undefined)return{};if(e===Object(e))return e;throw TypeError("Could not convert argument to dictionary")}"function"!=typeof f.Promise?f.Promise=a:(f.Promise.prototype["finally"]||(f.Promise.prototype["finally"]=e),f.Promise.allSettled| |
| URL: https://balance.vanillagift.com/_Incapsula_Resourc... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration and redirects to a suspicious domain. The script sends the user's reCAPTCHA response to an `/_Incapsula_Resource` endpoint, which is likely a domain associated with the Incapsula web application firewall. This behavior could be indicative of a phishing or credential harvesting attempt. Additionally, the script reloads the parent window's page, which could be used to hide malicious activity or redirect the user to a malicious site. Overall, the combination of data exfiltration, suspicious domain interaction, and potential redirection makes this script a high-risk concern."
} |
var RecaptchaOptions = {theme : 'custom', custom_theme_widget: 'recaptcha_widget'};
var onCaptchaFinished = function(response) {
var xhr;
if (window.XMLHttpRequest) {
xhr = new XMLHttpRequest;
} else {
xhr = new ActiveXObject("Microsoft.XMLHTTP");
}
var msg = "g-recaptcha-response=" + response;
xhr.open("POST", "/_Incapsula_Resource?SWCGHOEL=v2&dai=685515134581605902&cts=jaZR8gNTobxWeRvJ79wezpMkHF1IVTkQ2d4ll5Mkt4LXJR9fCMeZJQksuiuxWpDr", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function(){
if (xhr.readyState == 4) {
if (xhr.status == 200) {
window.parent.location.reload(true);
} else {
window.parent.location.reload(true);
}
}
}
xhr.send(msg);
};
|
| URL: https://balance.vanillagift.com/_Incapsula_Resourc... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the reCAPTCHA widget, which is a common security measure used to protect against automated bot activity. The code sets up the reCAPTCHA options and defines a callback function to handle the user's response. While the use of XMLHttpRequest to send the response to a server could be considered a moderate-risk indicator, this is a standard practice for reCAPTCHA integration and does not appear to have any malicious intent. Overall, this script is likely benign and used for legitimate security purposes."
} |
var RecaptchaOptions = {theme : 'custom', custom_theme_widget: 'recaptcha_widget'};
var onCaptchaFinished = function(response) {
var xhr;
if (window.XMLHttpRequest) {
xhr = new XMLHttpReques
|
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Additional security check is required",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Additional security check is required",
"prominent_button_name": "I am human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Additional security check is required",
"prominent_button_name": "I am human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"brands": [
"Imperva"
]
} |
|
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"brands": [
"Imperva"
]
} |
|
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | {
"brands": [
"Imperva"
]
} |
|
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | ```json{ "legit_domain": "imperva.com", "classification": "known", "reasons": [ "The URL 'balance.vanillagift.com' does not match the legitimate domain 'imperva.com'.", "The brand 'Imperva' is known and typically associated with cybersecurity solutions, not gift card services.", "The domain 'vanillagift.com' is associated with Vanilla Gift, a brand known for prepaid gift cards, which does not align with Imperva's services.", "The presence of 'balance' as a subdomain suggests a service related to checking gift card balances, which is unrelated to Imperva.", "The URL structure and brand association do not align, indicating a potential phishing attempt." ], "riskscore": 8}
Google indexed: False |
URL: balance.vanillagift.com
Brands: Imperva
Input Fields: unknown |
| URL: https://balance.vanillagift.com/loginDetails?tx_transdata=mS3mfNgvBO5POFsK+9NDXeE+AmrHdTUkzn+0qqYHU1UHQxT4AV7kA/laUiNnvz1nh2Ve41JpOnG2O/3gVAD9srI4H0GV+dZ+Ty+fNZPtT0yRAQiWxAx0TxAfaG/KXsBkFXMdvJ2cnll94iffXq56lR1Gm373PDavG1w91MgV8ZY+dZ0VmdonQe20f6nBEKgK&tx_t Model: Joe Sandbox AI | ```json{ "legit_domain": "imperva.com", "classification": "known", "reasons": [ "The URL 'balance.vanillagift.com' does not match the legitimate domain 'imperva.com'.", "The brand 'Imperva' is known and typically associated with cybersecurity solutions, not gift card services.", "The domain 'vanillagift.com' is associated with Vanilla Gift, a brand known for prepaid gift cards, which does not align with Imperva's services.", "The presence of 'balance' as a subdomain suggests a service related to checking gift card balances, which is unrelated to Imperva.", "There is no direct association between the brand 'Imperva' and the domain 'vanillagift.com'." ], "riskscore": 8}
Google indexed: False |
URL: balance.vanillagift.com
Brands: Imperva
Input Fields: unknown |
Edit tour
chrome.exe (PID: 5980 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node