| URL: https://viirtus.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": false
} |
URL: https://viirtus.com |
| URL: https://viirtus.com/?uhqubmdv=d97bdc31443e90a85f90... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The provided JavaScript code appears to be a bot detection mechanism that checks for various indicators of automated behavior, such as the presence of a web driver, headless browser, lack of language settings, inconsistent `eval()` behavior, DOM manipulation, and window size mismatch. While the code does not contain any obvious malicious behavior, the use of these detection techniques and the potential redirection to an external domain (example.edu) suggests a medium level of risk. Further review may be necessary to determine the specific intent and context of this script."
} |
// Bot detection functions
function detectWebDriver() { try { return navigator.webdriver || window.navigator.webdriver || (window.chrome && window.chrome.webstore === null); } catch (error) { return false; } }
function detectHeadlessBrowser() { try { const userAgent = window.navigator.userAgent; const headlessPatterns = [/HeadlessChrome/, /PhantomJS/, /Trident/, /MSIE/, /Headless/, /headless/, /Googlebot/]; return headlessPatterns.some(pattern => pattern.test(userAgent)); } catch (error) { return false; } }
function detectNoLanguages() { try { return (navigator.languages?.length || 0) === 0; } catch (error) { return false; } }
function detectInconsistentEval() { try { const evalLength = Function.prototype.toString.call(eval).length; const browser = detectBrowser(); if (browser === "edge") { return false; } const evalLengths = { "internet_explorer": 39, "firefox": 37, "chrome": 33, "opera": 33, "safari": 37 }; return evalLength !== evalLengths[browser]; } catch (error) { return false; } }
function detectBrowser() { try { const userAgent = navigator.userAgent.toLowerCase(); if (userAgent.includes("edg/")) return "edge"; if (userAgent.includes("trident") || userAgent.includes("msie")) return "internet_explorer"; if (userAgent.includes("firefox")) return "firefox"; if (userAgent.includes("opera") || userAgent.includes("opr")) return "opera"; if (userAgent.includes("chrome")) return "chrome"; if (userAgent.includes("safari")) return "safari"; return "unknown"; } catch (error) { return "unknown"; } }
function detectDomManipulation() { try { const attributes = document.documentElement.getAttributeNames(); return attributes.some(attr => ["selenium", "webdriver", "driver"].includes(attr)); } catch (error) { return false; } }
function detectWindowSizeMismatch() { try { return window.outerWidth && window.innerWidth && window.outerWidth < window.innerWidth; } catch (error) { return false; } }
function detectBot() { try { const detectors = { webDriver: detectWebDriver(), headlessBrowser: detectHeadlessBrowser(), noLanguages: detectNoLanguages(), inconsistentEval: detectInconsistentEval(), domManipulation: detectDomManipulation(), windowSizeMismatch: detectWindowSizeMismatch() }; const detections = {}; let verdict = { bot: false }; for (const detectorName in detectors) { const detectorResult = detectors[detectorName]; detections[detectorName] = { bot: detectorResult }; if (detectorResult) { verdict.bot = true; break; } } return { detections, verdict }; } catch (error) { return { detections: {}, verdict: { bot: false } }; } }
function handleVisitor(verdict) { try { if (verdict.bot) { setTimeout(() => { window.location.href = 'https://example.edu'; }, 5000); } else { renderCaptcha(); } } catch (error) { } }
function renderCaptcha() { try { const cfForm = document.querySelector("#cfForm"); window.onloadTurnstileCallback = () => { turnstile.render("#turnstileCaptcha", { sitekey: window.SITE_KEY, callback: (response) => { if (response && response.length > 25) { cfForm.submit(); } }, }); }; } catch (error) { } }
document.addEventListener("DOMContentLoaded", () => { const { detections, verdict } = detectBot(); handleVisitor(verdict); });
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate security mechanism used to protect websites from abuse. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the challenge and the parent window. While the script uses some techniques that could be considered risky, such as dynamic message handling and postMessage communication, these are common practices in the context of a Cloudflare challenge and do not indicate malicious intent. Overall, the script seems to be a benign implementation of a security mechanism and does not demonstrate any high-risk behaviors."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'db6ji',
chlApiSitekey: '0x4AAAAAAAyz9kO3DIKWo6sf',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'arpwevplPCJ4SPtdT0lThz1cusKjLLvT3UZcHk25uy0-1736262457-1.3.1.1-E3M6UMOijUshrgFkCuo8vOMHORZSGHCpJXppQOahCVg',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8fe4dbc4ec517ca0',
cH: 'wvtvKdlfNlehaqCy6DbovTjERgCl4ITZ_4GRpgKalCs-1736262457-1.1.1.1-JEiS0AZdA9EVjw7mdkluLaybtSOVxsq8pErFKu3a47cfmr_VpwDBspBfhDV1Mkfn',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'FgO5SkmHnK1vjSy6xYKAq9lGqRDf8iVC.f1S.0SiT0w-1736262457-1.1.1.1-Fi2CirkHTI0NYx9CWEIaDH6x8mSwrcDefNatX0WF8.BnkPNy5GQwEhb76bM8GWTS5DRoU08ZMYrdzXjNxezAWLjfnzeNcGAMAsDEnDrwSGvFWFS0nnfoovsYT9nyS49HPbHYPSa0jtP8AxO55g0266kbjgl46quVH6kEs_.1wtak2j4vqeNU.ToZd1540TBuJiXFRIHAg230O_Kcc.F8gG9Et77TxvaSu8Kj6ye9KXwYJhAbMkD_3f5HfgnPSBUC86FHdCHYv.dEgds0IS8k4.vGJ2qSH6FUAkhtZPPLkPipyQpvHC_rVEZMAIXUi7GeR54u4iIgYWDLMueYNS0OozItRVjyt.gZV1.pRPJY6WQOAAiK5XZ6kUpTz5yStsFMTQ7AdB0vOeja._5b9iNmmcsfv9CkuwwsgJRfCMsPVvSHSoB_KRlFmc7hPRnN_VYdemM.a48zSq1QhN7eflSwojq55uDJFUXuuJJAT8aXRjRnIarnTVrhcsN9EJPYqhQsUhp5Zsm5R9vUYzps2v5kt4NH7q2FsBlwwWVofdSO2vGfu_RYobb4OUJ47yc83nwtzCETJTTjWYwOuz5RpgZ68lYQ.LM2dhDniuahCVzzHjq7J9UvmqQmsLdt.vfRImu4H0HcDPeo1wy_3kbw6wdkix94UvNamUjgmYblecPmtigdEJ_EsuDCldbwjwq_ae5U9ksNZEWW418WHOV0mAr93YV9dTuXAMD4QXJ5BjN2_I.iTvlJrevETHpaEk.3OdA5ectKHI32sAibu7fphy5u9UNLLc6ujs861QQk5y9_WO59d0cfhbzjyJ.hJFw_2R6Tt9tYCK6i3mLoKn2csdfy9SZTl6gqlpplQVkpOL_MGxcHvcImx5dKKDtIxCrxjXm_PYoMWWqsrR4MKQ69XjvV8eyL1f8a7fPX5m.aozaCjEM8DV6G_eIoTzCQPLG3roPhg9DzTAj_AEb5kNC4nO4EnjWWCEK2L70T7WaFuYVaGj8_E_nstHFbdEuNnbYQSCArnVyxOQDXUbDVekNXdSfkQSqKpS4Gp8kcE7SO5WMpZdRXr_8vB4sM4YQEcMFkHQVQOW1zzFPWr6tlloQ.ge.sSQXOSmz3tC.5jwAU1cFtcA2z6gdzGEW_gDJAiy0jZgLDrJ6iL99jjG7e0pvwLKBx3fJQxnPs_nWstfjgd7FcVfR207iI2mBXjgZIOvvYwMdJyWN343YjPIcqN5k2NNLyFrBMMnGz.oJbBgxb6gnjcImQAuu09_XZHi2X6l7Zbn9mN6TmimnguYi_7aSVFjImGLrljkqypOtvpydJUPOcoI0oDgHZaw7H_FcljQvtUkVs5mxXa_l50dxOu3tySDa0clHJuRJ569vuYO7lJnK5HvM',
cITimeS: '1736262457',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'db6ji',
nextRcV: 'arpwevplPCJ4SPtdT0lThz1cusKjLLvT3UZcHk25uy0-1736262457-1.3.1.1-E3M6UMOijUshrgFkCuo8vOMHORZSGHCpJXppQOahCVg',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on implementing various cryptographic primitives and utilities, which are common in legitimate applications. While the code uses some legacy practices like the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a benign implementation of cryptographic functionality and poses a low risk."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the Cloudflare challenge and providing translations for the challenge interface. This is a legitimate use case, and the script does not exhibit any suspicious or malicious behavior."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_overrun_description":"Stuck%20here%3F","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_verifying":"Verifying...","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_expired":"Expired","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_refresh":"Refresh","turnstile_success":"Success%21","human_button_text":"Verify%20you%20are%20human","testing_only":"Testing%20only.","turnstile_timeout":"Timed%20out","turnstile_feedback_report":"Having%20trouble%3F","turnstile_footer_terms":"Terms","turnstile_footer_privacy":"Privacy","turnstile_failure":"Error","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_feedback_description":"Send%20Feedback"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eR,eU,eV,fl,fs,fy,fB,fD,fE,fF,fR,g3,g9,ga,gb,gl,gw,gA,gB,gC,gG,gH,eS,eT){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1755))/1+-parseInt(gI(1281))/2+-parseInt(gI(690))/3+parseInt(gI(1675))/4+parseInt(gI(1917))/5*(-parseInt(gI(1651))/6)+-parseInt(gI(979))/7+parseInt(gI(812))/8,d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,706306),eM=this||self,eN=eM[gJ(1824)],eM[gJ(904)]=function(c,gY,e){e=(gY=gJ,{'tcFpx':function(g,h){return g(h)}});try{return e[gY(656)](eQ,c)}catch(g){return eO(eP(c))}},eR=function(c,gZ,f,g,h,i,j,k){for(gZ=gJ,f={'JbHnn':function(l,m){return l+m},'nNstI':function(l,m){return l+m},'jlaXm':function(l,m){return l(m)},'wudwg':function(l,m){return m&l}},k,h=32,j=f[gZ(1184)](f[gZ(1230)](eM[gZ(1945)][gZ(1544)],'_'),0),j=j[gZ(1673)](/./g,function(l,m,h0){h0=gZ,h^=j[h0(668)](m)}),c=eM[gZ(919)](c),i=[],g=-1;!f[gZ(939)](isNaN,k=c[gZ(668)](++g));i[gZ(1293)](String[gZ(1282)]((f[gZ(740)](k,255)-h-g%65535+65535)%255)));return i[gZ(1495)]('')},eS=[],eT=0;256>eT;eS[eT]=String[gJ(1282)](eT),eT++);eU=(0,eval)(gJ(1872)),eV=atob(gJ(1721)),fl=function(hz,d,e,f,g){return hz=gJ,d={'tsENs':function(h,i){return h^i},'SeRWy':function(h,i){return h===i},'eyMLf':function(h,i){return h<i},'xomYt':function(h,i){return h>i},'bolWe':function(h,i){return i==h},'tCiGs':function(h,i){return h(i)},'PVmcP':function(h,i){return h>i},'gdozD':function(h,i){return h|i},'tMpVl':function(h,i){return i&h},'FHElD':function(h,i){return h<i},'FZDff':function(h,i){return h-i},'AkAwj':function(h,i){return h>i},'gLQqw':function(h,i){return h==i},'awcNw':function(h,i){return h(i)},'otYXX':function(h, |
| URL: https://viirtus.com/?uhqubmdv=d97bdc31443e90a85f90... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a function that decrypts an encrypted function using the CryptoJS library. While it involves the use of cryptographic operations, which can be considered a moderate-risk indicator, the overall behavior seems to be legitimate and not intended for malicious purposes. The function takes in encrypted data, a password, salt, and initialization vector (IV) to decrypt the data, which is a common pattern for secure data storage and transmission. Additionally, the use of the CryptoJS library is a trusted and widely-used cryptographic library, further reducing the risk. Therefore, this script is assessed as a low-to-medium risk with a score of 3."
} |
async function c(encryptedFunction, password, salt, iv) {
const key = CryptoJS.PBKDF2(password, CryptoJS.enc.Hex.parse(salt), {
hasher: CryptoJS.algo.SHA512,
keySize: 64 / 8,
iterations: 999
});
const b = CryptoJS.AES.decrypt(encryptedFunction, key, {
iv: CryptoJS.enc.Hex.parse(iv)
});
return b.toString(CryptoJS.enc.Utf8);
}
(async () => {
const encryptedFunction = 'JtENe3RAtQqfyE1dGe+7ozCyfzS2LnlV1HHDI/L2pMEwphry9T3pgoW1jHoc+efWvvfHUSihTMI8Ncqfq2SQP9ZGWHcf4Yj+AKT+3t0ICzST+knWVJcXcoGv5yVyX5QYx8Fx9EYDr9A9qesFVSRVU8yqJU5dFTZW6rJFsrubO1zaEpACAjEbiTBOr7+evDmr72GTFPSzR9fZaWUE2Y8k+9VVy7jQLYhPH8HXBscA3nb3pMo+ySfasP88a0sw3zGePGMswnI/rnyK18pK9ZmtQBukNXZjDA8Hqr9nrKiJBIN4i4RlSl7KhlI0717lSlDk7PenDkoXC23E3P/qKgpqwDe0pg/KVmYXAh3MP85TY/jMs0+oHvchqFSUHuc4qzxa6jQiLY9xD0FgnF0Vit1e3aUdaxXLqQuQ9wDItwBOaZSpzac5eEiNrDqxoLMoSX32l6YgdAqJyXs5IhcdVrHgkMu2Fn+XSkO22QLmLKXTADTH5N5DOLU9uXASpPJySuR8jO4wpKce+NFJbQiUUSR6CBPeDOZM05nEG5cQt3YSNe87KpbypKyBxzGyFl/WkrnP52tYsLPCCvDYkfJ8HD2I+MELofTK16RO+/qlK5OT1Hiiko/5ABuoaCFp49mXgG4f7J8gtuDnZa2VgMpjF0G58Fmj075L4+6b+6SrzwFhKPoWw1mv73b/e0E+Bk0vkXw6+6U12ZKF9oPuPkuUrW3tw9JF5UMPRE1vO/58kNyvO6rGE1UOl22bx3XIo29AlfOaD3Y9XXvrWUaNYPQcDiC+G+OkDBSTtzAp/FRG5KXLjP/W+K/AjFZi4jBIse47M6fcyD0e6MEKEntAQx6U6Culbv+hWiavXoIS0ce9uF4Y50HeRzmVR3VMbKurOVbRcpphBaYI2wtkCh9fOguk7uUbyMxBSo8hUZxXjzAauuBXC6egijly7fSmiV1RIpxuqwiLnsfQCE4IDQw8+E5ulisZBiwmq7cszsWHjkmWmaYYUx2rwGATDr2dEpamOHVuG4qMuSGJIwN2Hs01Lf7Awh0srZiT2rj7fQxQGQ8NJ3KB56jDIfNRqS3Oa/fhniiXbU/EvLxtlpOz4ilNps/Cpavg/2n4+OCTsDRSPIPxTOnYdwZYcJZ34p8590O1AgtOvx5AtnQeZ0TYkBnOR8vYiss9kP4PQm2BBAppDPiCd9PFraUm5zeByI4FlJpvK+k1yX1n/1YE/uqV2/hMVyGMhQt2wIs3P7YxsFeo0qdH/kOqPST4VnwOlwM+U3iOfBaGDq3nicdTFYl5EBalnAgeCIboiPyv4wfJlndrpf/b6HNQvQKj4xf+ccv19P0+/HwIJvk/3LrWEO0eDkG9ve2vu1Fle17OtZqpXSc4T6X6bEeY/mDq6unctpkjF67k9E0MADyWSXIp0y46S3wzEKQxOfxDV/cUOYOpW5enma7SW8BveznfaPw0ObTLGK6xbaJDkNFoMOJe3tAn0RE/dnNVJrAnVO7GPPtNYNUcsJ8BpQ+ddOZ8pVlykJTtT8MXT1cVnzlvR4IJ79YkyW9+77QsjGkOD6Ao0voilUq45oVaCeoGPNcNyWitGHAsLYVA1/W0bJfgH7H4uARrm7RoZqoNrjV2ZF8p0OaQDyWWWQNFOG/HAFEXe1O5P1Ywr3MzJJBacfOtXaXlgY3aiEh4cB65IGGDucnjuTC+y7cqMJcnnIjlnUt9CoVfQd6+mllnEKcB5W69FRKSpRn86EDD9pK24ZDBjBsP4SsxNsUCLvVuCcC+iFslyY1PM6UDsMwcS0DZ7lU5Ovy29wUHh80vtiM3FbA4iobFA2MWgqvFh8u2muEBYe8pxhXZiUE/UcQMUtE9nlgN9zN/nU0REkySnfpCCR2edCDDbSxDMBaSLiPFWDkKnT3SO5Fz08JBF0w0wHuKglUKStd+25ks4U9nZXN+wV8NyccXykFu3b5BiT7iY+MCnC4a8b/Vc/051r6Qqptd2IO/SZgggb85uTRJYNFePr3eVGff7gsgSVql8TRIvydrXnfN7osPBnNCo7XynaCbJnTpDqy/2gxqyRM+Irkqj9uOGpmUGfwzpSRgfBwnEuYoUIgonhDvle7/RQmZGrJIF5gO5xM0lOrdST9Sf66TTflbyc23Ic+G9/QIWQLKZinlBcyd1OrJOZO5rPdX/P21QwtwFhrojYbufifdFg97q8tQyXCLlKVTjeXYrd4F+2jgARrEx95c778q3B1RhKgwXU/O3CWRwX3N/uTYmJHaDgMVV2/hjqspmj8GV6pPepNJ3yyPEb9XSHrDfhsZoIcuwip7jl73yfvT8gbXrxmJluZT7DvnMEUCyBWNZYrSVlzg4QkE7Uy/HRBWm8H1UYXo7ih2n858GQGY+0zdhfNAL8CxHc3vxhi/sFxubkEepXlI8r7Ik9PYRJ4cVy1z4xf+DDxMZZMQptruopBpUFI3hEW/qVxgWqeM4cLZYXhBiEoT6Bbhsvr2N/WLEOQlR1LB31eo9ZfQeVRPJRmSRufNeH8QW91Vq2926EeypUDz9edxUgkEvjIdwIrm4TkyndhYK7xAt2t+5f/I0DcMFlZFzJ82W0s1qrccKfs6/Xr0A+7m12T2N/Arp3EcUhXoehYyCub46+mTRnqqV4Xho+eJVOaUf88d3AAYNmx0lN6PTUDAAK/0dIpKPb/5mKT0lVplQ9SSwI3X+9CuxOLJXSg92C2mTLFPCymqdVPMpJFdcZk2UofJPKwNgDCzB0Mvq4+AJ3HcnmOoWL2uvZtVFCZbY8PqPk9XdggurYdJrFq6z7jCgvDB5ZIT+ohDCV1c2WVnE7rs4a8c3CScSpPWkO161CI/GQzphYJNDBK0ihi6sg6sRybU2bOeYJEnmkKcok7J5lL6S23ID3lZFX2JvSMx2IWKTQbGX1gl4Jd5YtozU+tXVwZb1phjFInNhCmucu+wB2yKzmRC0D2ByOKmUst8O9KBA648Yo2cKcY/sz62m1wDhzTKwSSch4HrPJL72F+J739mP2fT+hXYTVBky7srLu/6b28/9221JnQa/CmSCMyAJeUxjtO994/+eQYgetCAl5/2x9HnrBk10+xSSwzzPLnwGD2xxZkv7dpy3i0wQzxNsiSlcn3OBkIF2LvSliiuS9ckp+QCG7J/+vWZsQBagg1Vrda3Ll8B97ONXU0io7hjVgYWyhvIO7OcrCrpI8FLSZhnfvDhnRFojbPvGhP5gYmNc4edW0q3T2TPEIVv9Dcg7frQsLFkRcosSoWE/zHoon8V/BzlTCJavvQCZWv/loMBm0fr1TF01W0wxnFwk+Qe6zo050h+7b3ZtnOHT2q+18PE7tER40FHzlxcvKJUBCww5jvpOVLN2SGTo/PoZzRFJxLFB99ZYpY9l19ugs9Datzz+0iY7Y3eMxaUJy73r179/CFh5 |
| URL: https://viirtus.com/?uhqubmdv=d97bdc31443e90a85f9044bc49cbc6867ba599b296e30c979e838ffc694d2812e7d488c6b62b4eec5b1520aee79616f79b75553b566460ed8717b5f982ccb246 Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://viirtus.com/?uhqubmdv=d97bdc31443e90a85f9044bc49cbc6867ba599b296e30c979e838ffc694d2812e7d488c6b62b4eec5b1520aee79616f79b75553b566460ed8717b5f982ccb246 Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/g/8... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with functions for handling promises, object manipulation, and error handling. There is no evidence of dynamic code execution, data exfiltration, or interaction with external domains. The code is not obfuscated and does not exhibit aggressive DOM manipulation or legacy practices."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://bd5vh31pazb.twokidsbrewing.com/__//qyc/0cwvj/kfgpvkva Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Submit",
"text_input_field_labels": "Email Address",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://bd5vh31pazb.twokidsbrewing.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://bd5vh31pazb.twokidsbrewing.com |
| URL: https://bd5vh31pazb.twokidsbrewing.com/__//qyc/0cwvj/kfgpvkva Model: Joe Sandbox AI | {
"brands": [
"Outlook"
]
} |
|
| URL: https://bd5vh31pazb.twokidsbrewing.com/__//qyc/0cwvj/kfgpvkva Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is a well-known email service provided by Microsoft.", "The legitimate domain for Outlook is 'outlook.com'.", "The provided URL 'bd5vh31pazb.twokidsbrewing.com' does not match the legitimate domain for Outlook.", "The domain 'twokidsbrewing.com' is unrelated to Outlook and suggests a potential phishing attempt.", "The presence of an email address input field on a non-legitimate domain for Outlook increases the suspicion of phishing." ], "riskscore": 9}
Google indexed: False |
URL: bd5vh31pazb.twokidsbrewing.com
Brands: Outlook
Input Fields: Email Address |
| URL: https://bd5vh31pazb.twokidsbrewing.com/owa/0auth/s... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a legitimate login form functionality with some placeholder text and password visibility toggling. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is focused on basic user interface and form handling, which is a common and expected behavior for a login page. While it uses some outdated practices like `document.write()`, the overall risk is low, and the script seems to be serving a legitimate purpose."
} |
var mainLogonDiv = window.document.getElementById("mainLogonDiv");
var showPlaceholderText = false;
var mainLogonDivClassName = 'mouse';
if (mainLogonDivClassName == "tnarrow") {
showPlaceholderText = true;
// Output meta tag for viewport suserng
document.write('<meta name="viewport" content="width = 320, initial-scale = 1.0, user-scalable = no" />');
}
else if (mainLogonDivClassName == "twide"){
showPlaceholderText = true;
}
function setPlaceholderText() {
window.document.getElementById("username").placeholder = "user name";
window.document.getElementById("password").placeholder = "password";
window.document.getElementById("passwordText").placeholder = "password";
}
function showPasswordClick() {
var showPassword = window.document.getElementById("showPasswordCheck").checked;
passwordElement = window.document.getElementById("password");
passwordTextElement = window.document.getElementById("passwordText");
if (showPassword)
{
passwordTextElement.value = passwordElement.value;
passwordElement.style.display = "none";
passwordTextElement.style.display = "inline";
passwordTextElement.focus();
}
else
{
passwordElement.value = passwordTextElement.value;
passwordTextElement.style.display = "none";
passwordTextElement.value = "";
passwordElement.style.display = "inline";
passwordElement.focus();
}
}
function submitForm() {
form = document.getElementById('0session')
const errorDiv = document.getElementById('signInErrorDiv');
if (form.checkValidity()) {
form.submit();
} else {
errorDiv.style.display = 'block';
}
}
|
| URL: https://bd5vh31pazb.twokidsbrewing.com/owa/0auth/session?qrc=test@test.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "sign in",
"text_input_field_labels": [
"User name:",
"Password:"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://bd5vh31pazb.twokidsbrewing.com/owa/0auth/session?qrc=test@test.com Model: Joe Sandbox AI | {
"brands": [
"Outlook"
]
} |
|
| URL: https://bd5vh31pazb.twokidsbrewing.com/owa/0auth/session?qrc=test@test.com Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is well-known and is associated with the domain 'outlook.com'.", "The URL 'bd5vh31pazb.twokidsbrewing.com' does not match the legitimate domain for Outlook.", "The domain 'twokidsbrewing.com' is unrelated to Outlook, which is suspicious.", "The subdomain 'bd5vh31pazb' appears random and does not provide any context related to Outlook.", "The presence of input fields for 'User name' and 'Password' on an unrelated domain is a common phishing tactic." ], "riskscore": 9}
Google indexed: False |
URL: bd5vh31pazb.twokidsbrewing.com
Brands: Outlook
Input Fields: User name:, Password: |
| URL: https://www.microsoft.com/en-us/microsoft-365/outl... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a configuration or setup code for a Microsoft website or application. It sets various variables related to user authentication, page information, and locale settings. This type of code is commonly found in legitimate web applications and does not exhibit any high-risk behaviors."
} |
/*<![CDATA[*/var ISLOGGEDIN="False",AUTHMETHOD=0,PAGENAME="smarterror.aspx",PAYLOADTYPE="Page",LOCALE="en-us",JSLLAPPID="mscomsitemuse",MUIDDOMAIN="www.microsoft.com"/* */
|
| URL: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be the standard jQuery library v1.9.1, which is a widely used and trusted JavaScript library. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and follows common patterns for a JavaScript library. Overall, this script is considered low risk."
} |
/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license
//@ sourceMappingURL=jquery.min.map
*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H))};b.fn=b.prototype={jquery:p,constructor:b,init:function(e,n,r){var i,a;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof b?n[0]:n,b.merge(this,b.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:o,!0)),C.test(i[1])&&b.isPlainObject(n))for(i in n)b.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(a=o.getElementById(i[2]),a&&a.parentNode){if(a.id!==i[2])return r.find(e);this.length=1,this[0]=a}return this.context=o,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):b.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),b.makeArray(e,this))},selector:"",length:0,size:function(){return this.length},toArray:function(){return h.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=b.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return b.each(this,e,t)},ready:function(e){return b.ready.promise().done(e),this},slice:function(){return this.pushStack(h.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(b.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:d,sort:[].sort,splice:[].splice},b.fn.init.prototype=b.fn,b.extend=b.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},u=2),"object"==typeof s||b.isFunction(s)||(s={}),l===u&&(s=this,--u);l>u;u++)if(null!=(o=arguments[u]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(b.isPlainObject(r)||(n=b.isArray(r)))?(n?(n=!1,a=e&&b.isArray(e)?e:[]):a=e&&b.isPlainObject(e)?e:{},s[i]=b.extend(c,a,r)):r!==t&&(s[i]=r));return s},b.extend({noConflict:function(t){return e.$===b&&(e.$=u),t&&e.jQuery===b&&(e.jQuery=s),b},isReady:!1,readyWait:1,holdReady:function(e){e?b.readyWait++:b.ready(!0)},ready:function(e){if(e===!0?!--b.readyWait:!b.isReady){if(!o.body)return setTimeout(b.ready);b.isReady=!0,e!==!0&&--b.readyWait>0||(n.resolveWith(o,[b]),b.fn.trigger&&b(o).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===b.type(e)},isArray:Array.isArray||function(e){return"array"===b.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[m.call(e)]||"object":typeof e},isPlainObject:function(e){if(!e||"object"!==b.type(e)||e.nodeType||b.isWindow(e))return!1;try{if(e.constructor&&!y.call(e,"constructor")&&!y.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return! |
| URL: https://www.microsoft.com/onerfstatics/marketingsi... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of a larger web application and does not contain any high-risk indicators. It primarily focuses on setting up page behaviors, such as adding/removing CSS classes and setting up event listeners for removing focus. The code uses common and well-established practices, and there are no signs of dynamic code execution, data exfiltration, or suspicious redirects. The risk score is low, as the script seems to be performing legitimate functionality."
} |
(function(){/**
* @license almond 0.3.3 Copyright jQuery Foundation and other contributors.
* Released under MIT license, http://github.com/requirejs/almond/LICENSE
*/
var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0);return typeof r[0]!="string"&&r.length===1&&r.push(null),u.apply(n,r.concat([t,i]))}}function k(n){return function(t){return s(t,n)}}function d(n){return function(i){t[n]=i}}function h(i){if(r(e,i)){var u=e[i];delete e[i];l[i]=!0;o.apply(n,u)}if(!r(t,i)&&!r(l,i))throw new Error("No "+i);return t[i]}function a(n){var i,t=n?n.indexOf("!"):-1;return t>-1&&(i=n.substring(0,t),n=n.substring(t+1,n.length)),[i,n]}function p(n){return n?a(n):[]}function g(n){return function(){return i&&i.config&&i.config[n]||{}}}var o,u,c,f,t={},e={},i={},l={},w=Object.prototype.hasOwnProperty,b=[].slice,v=/\.js$/;c=function(n,t){var r,u=a(n),i=u[0],f=t[1];return n=u[1],i&&(i=s(i,f),r=h(i)),i?n=r&&r.normalize?r.normalize(n,k(f)):s(n,f):(n=s(n,f),u=a(n),i=u[0],n=u[1],i&&(r=h(i))),{f:i?i+"!"+n:n,n:n,pr:i,p:r}};f={require:function(n){return y(n)},exports:function(n){var i=t[n];return typeof i!="undefined"?i:t[n]={}},module:function(n){return{id:n,uri:"",exports:t[n],config:g(n)}}};o=function(i,u,o,s){var b,a,g,k,v,nt,w=[],tt=typeof o,it;if(s=s||i,nt=p(s),tt==="undefined"||tt==="function"){for(u=!u.length&&o.length?["require","exports","module"]:u,v=0;v<u.length;v+=1)if(k=c(u[v],nt),a=k.f,a==="require")w[v]=f.require(i);else if(a==="exports")w[v]=f.exports(i),it=!0;else if(a==="module")b=w[v]=f.module(i);else if(r(t,a)||r(e,a)||r(l,a))w[v]=h(a);else if(k.p)k.p.load(k.n,y(s,!0),d(a),{}),w[v]=t[a];else throw new Error(i+" missing "+a);g=o?o.apply(t[i],w):undefined;i&&(b&&b.exports!==n&&b.exports!==t[i]?t[i]=b.exports:g===n&&it||(t[i]=g))}else i&&(t[i]=o)};requirejs=require=u=function(t,r,e,s,l){if(typeof t=="string")return f[t]?f[t](r):h(c(t,p(r)).f);if(!t.splice){if(i=t,i.deps&&u(i.deps,i.callback),!r)return;r.splice?(t=r,r=e,e=null):t=n}return r=r||function(){},typeof e=="function"&&(e=s,s=l),s?o(n,t,r,e):setTimeout(function(){o(n,t,r,e)},4),u};u.config=function(n){return u(n)};requirejs._defined=t;define=function(n,i,u){if(typeof n!="string")throw new Error("See almond README: incorrect module build, no module name");i.splice||(u=i,i=[]);r(t,n)||r(e,n)||(e[n]=[n,i,u])};define.amd={jQuery:!0}})();define("pageBehaviors",["require","exports","htmlExtensions","removeFocus"],function(n,t,i,r){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var u=function(){function n(){i.removeClass(document.documentElement,"no-js");i.addClass(document.documentElement,"js");i.hasClass(document.body,"c_native")&&window.navigator&&typeof window.navigator.gamepadInputEmulation=="string"&&(window.navigator.gamepadInputEmulation="keyboard");r.setupRemoveFocus()}return n.typeName="PageBehaviors",n}();t.PageBehaviors=u});require(["pageBehaviors","componentFactory"],function(n,t){t.ComponentFactory&&t.ComponentFactory.create&&t.ComponentFactory.create([{component:n.PageBehaviors}])});define("removeFocus",["require","exports","htmlExtensions"],function(n,t,i){"use strict";function e(){return f?!1:(f=!0,i.addEvent(document.body,i.eventTypes.mousedown,s),i.addEvents(document.body,"blur keydown" |
| URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:",
"prominent_button_name": "United States English Microsoft Homepage",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://www.microsoft.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.microsoft.com |
| URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://microsoft.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://microsoft.com |
Edit tour
chrome.exe (PID: 3388 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node