| URL: email Model: Joe Sandbox AI | {
"explanation": [
"The sender email domain 'mailsharedfiles.com' does not match the claimed sender 'United Wholesale Mortgage'",
"The link contains multiple redirects through suspicious domains (dtrkr.com, edgepilot.com, clicktime.cloud)",
"The email creates urgency around financial documents while using generic secure message claims"
],
"phishing": true,
"confidence": 9,
"generated_by_ai": false
} |
{
"date": "Mon, 23 Dec 2024 07:22:41 -0800",
"subject": "Initial CD - Preliminary Closing Fees & Closing Package",
"communications": [
"[EXTERNAL EMAIL: Take caution with links and attachments. ] \n\n\nYou have received a secure message from United Wholesale Mortgage. You can view, download, or reply to the secure message by accessing the secure message portal.\n\nPlease access the link below to view the Preliminary Closing Disclosure\n\nClick Here for Preliminary Closing Disclosure <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-9938b40c0c51%3FurlChildId%3D34cf256f-5afd-5e5d-9291-b284249e6f91%2526templateId%3D912cc7bf-c27d-42d7-94ed-d1d9422c9bb5&E=dflores%40firstfedweb.com&X=XID184CLwPwr1573Xd1&T=FF1001&HV=U,E,X,T&H=8b2c1950e0d10c463b6b088e1c487be5d15107fd> \n \n\nDO NOT FORWARD THIS EMAIL. THIS LINK IS SPECIFIC TO YOUR EMAIL. \n******************************************************************************************\n\nCONFIDENTIALITY NOTICE\t \nConfidentiality Notice: This e-mail and any document(s) attached hereto this transmission contain confidential information belonging to the sender which is legally privileged. The information is intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, or distribution, or the taking of any action in reliance on the contents of this e-mailed information is strictly prohibited. If you have received payoff this e-mail in error, please immediately notify the sender by e-mail at the address above. The transmission is to be deleted and any items that have been printed are to be promptly destroyed. Thank you for your compliance.\t \n\n******************************************************************************************\n"
],
"from": "United Wholesale Mortgage <mail@mailsharedfiles.com>",
"to": "David Flores Juarez <dflores@FirstFedWeb.com>",
"attachements": []
} |
| URL: Email Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "You have received a secure message from United Wholesale Mortgage. You can view, download, or reply to the secure message by accessing the secure message portal. Please access the link below to view the Preliminary Closing Disclosure",
"prominent_button_name": "Click Here for Preliminary Closing Disclosure",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: Email Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: Email Model: Joe Sandbox AI | {"classification":"Invoice Scam"} |
Email:
Detected potential phishing email: The sender email domain 'mailsharedfiles.com' does not match the claimed sender 'United Wholesale Mortgage'. The link contains multiple redirects through suspicious domains (dtrkr.com, edgepilot.com, clicktime.cloud). The email creates urgency around financial documents while using generic secure message claims |
| URL: https://clicktime.cloud.postoffice.net/clicktime.p... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script checks if the jQuery library is available and, if not, dynamically loads the jQuery library from a local path. This is a common practice for ensuring the availability of a required library and does not exhibit any high-risk behaviors."
} |
if (typeof jQuery === 'undefined') {
document.write(unescape('%3Cscript%20src%3D%22/js/jquery-1.11.3.min.js%22%3E%3C/script%3E'));
}
|
| URL: https://clicktime.cloud.postoffice.net/js/jquery-1... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided code appears to be the minified version of the jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on providing a set of utility functions and DOM manipulation capabilities, which are common in legitimate web development frameworks. Overall, this script is considered low risk."
} |
/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||m.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(m.isPlainObject(c)||(b=m.isArray(c)))?(b?(b=!1,f=a&&m.isArray(a)?a:[]):f=a&&m.isPlainObject(a)?a:{},g[d]=m.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},m.extend({expando:"jQuery"+(l+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===m.type(a)},isArray:Array.isArray||function(a){return"array"===m.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){return!m.isArray(a)&&a-parseFloat(a)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==m.type(a)||a.nodeType||m.isWindow(a))return!1;try{if(a.constructor&&!j.call(a,"constructor")&&!j.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(k.ownLast)for(b in a)return j.call(a,b);for(b in a);return void 0===b||j.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(b){b&&m.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(o,"ms-").replace(p,q)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=r(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(n,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(r(Object(a))?m.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(g)return g.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=r(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(f=a[b],b=a,a=f),m.isFunction(a)?(c=d.ca |
| URL: https://cdnjs.cloudflare.com/ajax/libs/mustache.js... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a part of the Mustache templating library, which is a widely used and trusted library for client-side templating. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on parsing and processing Mustache templates, which is a legitimate use case. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of the Mustache library."
} |
(function defineMustache(global,factory){if(typeof exports==="object"&&exports&&typeof exports.nodeName!=="string"){factory(exports)}else if(typeof define==="function"&&define.amd){define(["exports"],factory)}else{global.Mustache={};factory(Mustache)}})(this,function mustacheFactory(mustache){var objectToString=Object.prototype.toString;var isArray=Array.isArray||function isArrayPolyfill(object){return objectToString.call(object)==="[object Array]"};function isFunction(object){return typeof object==="function"}function typeStr(obj){return isArray(obj)?"array":typeof obj}function escapeRegExp(string){return string.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function hasProperty(obj,propName){return obj!=null&&typeof obj==="object"&&propName in obj}var regExpTest=RegExp.prototype.test;function testRegExp(re,string){return regExpTest.call(re,string)}var nonSpaceRe=/\S/;function isWhitespace(string){return!testRegExp(nonSpaceRe,string)}var entityMap={"&":"&","<":"<",">":">",'"':""","'":"'","/":"/"};function escapeHtml(string){return String(string).replace(/[&<>"'\/]/g,function fromEntityMap(s){return entityMap[s]})}var whiteRe=/\s*/;var spaceRe=/\s+/;var equalsRe=/\s*=/;var curlyRe=/\s*\}/;var tagRe=/#|\^|\/|>|\{|&|=|!/;function parseTemplate(template,tags){if(!template)return[];var sections=[];var tokens=[];var spaces=[];var hasTag=false;var nonSpace=false;function stripSpace(){if(hasTag&&!nonSpace){while(spaces.length)delete tokens[spaces.pop()]}else{spaces=[]}hasTag=false;nonSpace=false}var openingTagRe,closingTagRe,closingCurlyRe;function compileTags(tagsToCompile){if(typeof tagsToCompile==="string")tagsToCompile=tagsToCompile.split(spaceRe,2);if(!isArray(tagsToCompile)||tagsToCompile.length!==2)throw new Error("Invalid tags: "+tagsToCompile);openingTagRe=new RegExp(escapeRegExp(tagsToCompile[0])+"\\s*");closingTagRe=new RegExp("\\s*"+escapeRegExp(tagsToCompile[1]));closingCurlyRe=new RegExp("\\s*"+escapeRegExp("}"+tagsToCompile[1]))}compileTags(tags||mustache.tags);var scanner=new Scanner(template);var start,type,value,chr,token,openSection;while(!scanner.eos()){start=scanner.pos;value=scanner.scanUntil(openingTagRe);if(value){for(var i=0,valueLength=value.length;i<valueLength;++i){chr=value.charAt(i);if(isWhitespace(chr)){spaces.push(tokens.length)}else{nonSpace=true}tokens.push(["text",chr,start,start+1]);start+=1;if(chr==="\n")stripSpace()}}if(!scanner.scan(openingTagRe))break;hasTag=true;type=scanner.scan(tagRe)||"name";scanner.scan(whiteRe);if(type==="="){value=scanner.scanUntil(equalsRe);scanner.scan(equalsRe);scanner.scanUntil(closingTagRe)}else if(type==="{"){value=scanner.scanUntil(closingCurlyRe);scanner.scan(curlyRe);scanner.scanUntil(closingTagRe);type="&"}else{value=scanner.scanUntil(closingTagRe)}if(!scanner.scan(closingTagRe))throw new Error("Unclosed tag at "+scanner.pos);token=[type,value,start,scanner.pos];tokens.push(token);if(type==="#"||type==="^"){sections.push(token)}else if(type==="/"){openSection=sections.pop();if(!openSection)throw new Error('Unopened section "'+value+'" at '+start);if(openSection[1]!==value)throw new Error('Unclosed section "'+openSection[1]+'" at '+start)}else if(type==="name"||type==="{"||type==="&"){nonSpace=true}else if(type==="="){compileTags(value)}}openSection=sections.pop();if(openSection)throw new Error('Unclosed section "'+openSection[1]+'" at '+scanner.pos);return nestTokens(squashTokens(tokens))}function squashTokens(tokens){var squashedTokens=[];var token,lastToken;for(var i=0,numTokens=tokens.length;i<numTokens;++i){token=tokens[i];if(token){if(token[0]==="text"&&lastToken&&lastToken[0]==="text"){lastToken[1]+=token[1];lastToken[3]=token[3]}else{squashedTokens.push(token);lastToken=token}}}return squashedTokens}function nestTokens(tokens){var nestedTokens=[];var collector=nestedTokens;var sections=[];var token,section;for(var i=0,numTokens=tokens.length;i<numTokens;++i){token=tokens[i];switch(token[0]){case"#":case"^":collector.push(token);section |
| URL: https://clicktime.cloud.postoffice.net/clicktime.p... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "This script checks if the Mustache library is available, and if not, it dynamically loads the Mustache library from a local path. This is a common practice for ensuring the availability of required dependencies and is not inherently malicious. The script does not exhibit any high-risk behaviors, and the use of `document.write` is a low-risk indicator. Overall, this script appears to be a legitimate implementation of a common web development practice."
} |
if (typeof Mustache === 'undefined') {
document.write(unescape('%3Cscript%20src%3D%22/js/mustache-2.1.3.min.js%22%3E%3C/script%3E'));
}
|
| URL: https://clicktime.cloud.postoffice.net/clicktime.p... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a part of a web security system that checks the safety of URLs before redirecting users. While it does not exhibit any high-risk behaviors, it does have some moderate-risk indicators, such as external data transmission to third-party domains and the use of legacy APIs like `XDomainRequest`. Additionally, the script contains a significant amount of configuration data and logic, which could potentially be misused or abused if not properly implemented and secured. Overall, the script requires further review to ensure that it is properly configured and implemented to mitigate potential security risks."
} |
/* Initialize these variables from PHP */
var pageState = {
// Configured constants
urlStatusURI: "\/rest\/FF1001\/v3\/urlstatus?U=https:\/\/link.edgepilot.com\/s\/0c7b6dd9\/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps:\/\/tn.dtrkr.com\/clicks\/html\/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5\/f200027a-b985-5f4e-9eac-8685552af170\/d98b067a-a668-555d-b90f-9938b40c0c51%3FurlChildId%3D34cf256f-5afd-5e5d-9291-b284249e6f91%2526templateId%3D912cc7bf-c27d-42d7-94ed-d1d9422c9bb5&E=dflores%40firstfedweb.com&X=XID184CLwPwr1573Xd1&T=FF1001&HV=U,E,X,T&H=8b2c1950e0d10c463b6b088e1c487be5d15107fd&CK=CKCLZRf627205201408c&resubmit=N",
urlStatusRefresh: 2,
urlWarnRefresh: 10,
tapName: "Targeted Attack Protection",
browserActionsV3URI: "\/rest\/FF1001\/v3\/browseractions",
// Instance-specific values
clickID: "CKCLZRf627205201408c",
url: "https:\/\/link.edgepilot.com\/s\/0c7b6dd9\/YttwOn4s_EGCA5oG36v4XA?u=https:\/\/tn.dtrkr.com\/clicks\/html\/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5\/f200027a-b985-5f4e-9eac-8685552af170\/d98b067a-a668-555d-b90f-9938b40c0c51?urlChildId=34cf256f-5afd-5e5d-9291-b284249e6f91%26templateId=912cc7bf-c27d-42d7-94ed-d1d9422c9bb5",
clickThroughUrl: "https:\/\/clicktime.cloud.postoffice.net\/clicktime.php?U=https:\/\/link.edgepilot.com\/s\/0c7b6dd9\/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps:\/\/tn.dtrkr.com\/clicks\/html\/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5\/f200027a-b985-5f4e-9eac-8685552af170\/d98b067a-a668-555d-b90f-9938b40c0c51%3FurlChildId%3D34cf256f-5afd-5e5d-9291-b284249e6f91%2526templateId%3D912cc7bf-c27d-42d7-94ed-d1d9422c9bb5&E=dflores%40firstfedweb.com&X=XID184CLwPwr1573Xd1&T=FF1001&HV=U,E,X,T&H=8b2c1950e0d10c463b6b088e1c487be5d15107fd&C=Y",
logoUrl: "https:\/\/cloud.postoffice.net\/dynamic_logo\/tag\/FF1001",
// Customer controls
urlStatusTimeout: 2,
tapWaitTimeExceededAction: "pass",
tapVerdictSuspect: "block",
tapVerdictMalicious: "block",
tapInPhishingEnabled: "Y",
// tapTextColor: "#FFFFFF",
// tapBackgroundColor: "#428BCA",
// Customer-defined text
tapCheckingText: "<p>Please wait while Targeted Attack Protection checks this URL for threats.<\/p><p>For additional information, please contact your IT administrator.<\/p>",
tapRedirectText: "<p>Targeted Attack Protection has not detected any threats.<\/p><p>Redirecting to the link.<\/p>",
tapTimeoutText: "<p>Targeted Attack Protection has not detected any threats.<\/p><p>Redirecting to the link.<\/p>",
tapSuspectText: "<p>Warning \u2014 You are not permitted to access this website.<\/p><p>Targeted Attack Protection suspects that this page contains a threat.<\/p>{{>tapResults}}<p>For additional information, please contact your IT administrator.<\/p>",
tapMaliciousText: "<p>Warning \u2014 You are not permitted to access this website.<\/p><p>Targeted Attack Protection has determined that this page contains a threat.<\/p>{{>tapResults}}<p>For additional information, please contact your IT administrator.<\/p>",
// Initial page state
pageType: "checking",
errorMessage: "",
tapScore: "unknown",
tapThreatName: "",
tapThreatReason: "",
tapThreatClass: "",
previewPage: false,
startTimestamp: Date.now(),
isRedirect: false,
pollingStatusDisplay: {'static': '', 'dynamic': '', 'inDepth': ''}
};
|
| URL: https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGC... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a simple function that submits a form after a 750-millisecond delay. This behavior is common in web applications and does not exhibit any high-risk indicators. The code is straightforward and does not involve dynamic code execution, data exfiltration, or suspicious redirects. Therefore, this script is considered low risk."
} |
$(function() {
setTimeout(function() {
$('#filter').submit();
}, 750);
});
|
| URL: https://clicktime.cloud.postoffice.net/js/main.js... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript code contains a mix of low-risk and medium-risk indicators. While it includes some legacy practices and tracking behavior, it also demonstrates external data transmission and the use of fallback domains, which pose moderate risks. Additionally, the code appears to handle sensitive user data and redirect logic, which requires further review. Overall, the script exhibits behaviors that warrant a medium-risk assessment."
} |
// In case the browser doesn't have Date.now (IE8 and earlier)
if (!Date.now) {
Date.now = function() {
return new Date().getTime();
}
}
// For IE9
//(function(){ window.console = window.console || { log: function(){} } }());
// Polling status code mapped with display string
POLLING_STATUS_DISPLAY_MAPPING = {
0: { // Pending
'icon': '',
'text': '<h3>< Pending ></h3>'
}, // In Progress
1: {
'icon': '<img class="polling-status-icon" src="images/loading.gif">',
'text': '<h3>< In Progress ></h3>'
}, // Unknown verdict
2: {
'icon': '<img class="polling-status-icon" src="images/tick.png">',
'text': '<h3 style="color:#7FF337;">Nothing Found</h3>'
}, // Suspect verdict
3: {
'icon': '<img class="polling-status-icon" src="images/alert.svg">',
'text': '<h3 style="color:#ffcc33;">Suspicious</h3>'
}, // Suspect in Progress
4: {
'icon': '<img class="polling-status-icon" src="images/loading.gif">',
'text': '<h3 style="color:#ffcc33;">< Suspicious ></h3>'
},
};
// props stores all the Mustache logic states that renders the content of the page
var props = {
/* Mustache-related parameters */
layout: "",
data: {
reportError: false,
checking: false,
proceed: false,
summaryTitle: "",
tapThreat: "",
showTapThreatText: false,
disclaimer: "",
buttonGroup: false,
closeButton: false,
proceedButton: false,
closeButtonText: "Cancel",
proceedButtonText: "Proceed to URL",
customerInfo: "",
pollingStatus: false,
closeButtonConfirm: "showConfirm();"
},
partials: {
disclaimer: "",
tapThreatText: "",
tapResults: "",
messageText: ""
}
}
function showConfirm() {
if (confirm("Are you sure to abort and close the window?"))
window.close();
}
function redisplay() {
// Update customer info for display
if (pageState.tapWaitTimeExceededAction == "pass") {
props.data.customerInfo = '<h3>You will be redirected in ' + pageState.urlStatusTimeout +
' seconds or once the scans complete.</h3>';
} else if (pageState.tapWaitTimeExceededAction == "warn") {
props.data.customerInfo = '<h3>You will be able to proceed in ' + pageState.urlStatusTimeout + ' seconds.\
</h3><h3 style="color: #ffcc33;">You are advised to wait for the scans to complete\
or proceed with caution.</h3>';
}
if (pageState.previewPage === true) {
document.getElementById("watermark-text-black").style.visibility = "visible";
document.getElementById("watermark-text-white").style.visibility = "visible";
}
/*
* pageType can be one of:
* 'error': to display an error page
* 'checking': display a spinner and a "checking..." page, then recheck
* 'timeout': Timeout Redirect page (if tapWaitTimeExceededAction is pass)
* or Timeout Warning page (if tapWaitTimeExceededAction is warn)
* 'redirect': to redirect directly to the URL
* 'result': displaying a warning (proceed=true) or block page (proceed=false)
*/
// If we have a result, see what the customer wants to do about it.
if (pageState.pageType == "result") {
/* Display TAP Results by default */
pageState.pageType = "result";
/* If Voodoo phishing is disabled ("N") or unspecified (""), ignore a Credential Phishing threat. */
if (pageState.tapInPhishingEnabled != "Y") {
if (pageState.tapScore == "suspect" || pageState.tapScore == "threat") {
tapThreat = pageState.tapThreatName.split(":");
if (tapThreat[0] == "Credential Phishing") {
pageState.tapScore = "ok";
}
}
}
switch (pageState.tapScore) {
case "suspect":
|
| URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This is the Bootstrap JavaScript library, which is a widely used and trusted open-source front-end framework. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on providing functionality for Bootstrap's UI components and does not exhibit any suspicious behavior. Overall, this is a low-risk script that is commonly used in web development."
} |
/*!
* Bootstrap v3.3.7 (http://getbootstrap.com)
* Copyright 2011-2016 Twitter, Inc.
* Licensed under the MIT license
*/
if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',functio |
| URL: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-99 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Scanning URL for Threats...",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-99 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "No Threats Detected",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA?u=https://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-9938b40c0c51?urlChildId=34cf256f-5afd-5e5d-9291-b284249e6f91% Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Select this button if you are not automatically redirected.",
"prominent_button_name": "Select this button if you are not automatically redirected.",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-99 Model: Joe Sandbox AI | {
"brands": [
"Silversky"
]
} |
|
| URL: https://clicktime.cloud.postoffice.net Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://clicktime.cloud.postoffice.net |
| URL: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA%3Fu%3Dhttps://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-99 Model: Joe Sandbox AI | {
"brands": [
"SilverSky"
]
} |
|
| URL: https://link.edgepilot.com/s/0c7b6dd9/YttwOn4s_EGCA5oG36v4XA?u=https://tn.dtrkr.com/clicks/html/6c4b459b-bcdb-5e81-ab30-6f9b8fb1b5c5/f200027a-b985-5f4e-9eac-8685552af170/d98b067a-a668-555d-b90f-9938b40c0c51?urlChildId=34cf256f-5afd-5e5d-9291-b284249e6f91% Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://code.jquery.com/jquery-3.2.1.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily consists of utility functions and object prototypes typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk."
} |
/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||r.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)||(e=Array.isArray(d)))?(e?(e=!1,f=c&&Array.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b||"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a||"[object Object]"!==k.call(a))&&(!(b=e(a))||(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?j[k.call(a)]||"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b||this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid||r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"length"in a&&a.length,c=r |
Edit tour
OUTLOOK.EXE (PID: 6152 cmdline: 
ai.exe (PID: 6716 cmdline: 
chrome.exe (PID: 3728 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node