| URL: file:///C:/Users/user/Desktop/Q1%20Statements.ht... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution through the use of `window.location.href` to redirect the user to a suspicious and obfuscated URL. The URL appears to be a malicious phishing attempt, potentially designed to steal user credentials or other sensitive information. The combination of the redirect, obfuscated URL, and the lack of any legitimate context for this behavior indicates a high risk of malicious intent."
} |
setTimeout(function() {
window.location.href = "https://www.google.com/url?q=YG2GERTSbxgfeaGh1Yi5pby8yODY0MDkxOTEyNjI3MjNkMzQzMGNlYjE1ZTRjZjNlZWUwMTM5NGMyMDk3MmRmYTllZTBkMzUzMDBlZDFjOWNjMjdhNWZiYmM0OTU1ODkzMjEyMjI5MjAwOTkviinbsewtyuas53D1e4a0cefd8db4ad28e54c10117f7d498%2526i%253DNjI2YjE3MTBiZWI4YTgxMWUwNDIxNzE3%2526p%253Dm%2526s%253DAVNPUEhUT0NFTkNSWVBUSVYmhcLGCIsQzpMqHgYCBBo2kwEPWKEfFaahaLsnpofO4A%2526t%253DM3dHV0ZCT2t4azAvRVhKQ3B1ZC95RFFTdmpSMCt3cEFxWHJocUMzM0EyZz0%25253D%2526u%253DaHR0cHM6Ly9tLmV4YWN0YWcuY29tL2NsLmFzcHg_ZXh0UHJvdkFwaT1zaXh0L&sa=t&url=amp%2Fglamorouslengths.ru/"+ zbabra;
}, 100);
//-->
|
| URL: :// Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: :// |
| URL: https://glamorouslengths.ru/... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet simply reloads the current page, which is a common and benign operation. This behavior does not indicate any high-risk or malicious activities."
} |
window.location.reload();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate and common practice for web security. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the challenge and the parent window. While the script uses some techniques like message passing and dynamic configuration, these are typical for this type of challenge and do not indicate any malicious intent. Overall, the script seems to be a benign implementation of a Cloudflare security challenge."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'mer7c',
chlApiSitekey: '0x4AAAAAAA4SmlL_6Jt6ssb3',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'PlQchW5qSQ63RC_ZQ0pdpgakisqnIB_y4.cg4iNzaH0-1736333293-1.3.1.1-DfK_AtZTYDsFzFtClG1MXESI7bbjeIP3wA_xZ0WHCbk',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8feb9d2c8c45438d',
cH: 'rLer6_MrXDvgftGteXzQH_Vj2H6_O0gQbIbayZDXh1U-1736333293-1.1.1.1-eBQ9iEFRilFlQllQQ8Lo7gS901mVp1virkej4YyFiBN5dGzMQr_FkGdkoDrIpjmN',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'xJ1WVCA20kdXsLnMZjRZDNZaQqt0aH.vhSWwkyQVMMU-1736333293-1.1.1.1-Hp.ZJMY83qEG8_fcROvbP109i9JO8M86K92vRP1nNsxBtPY_Y18OZda2RGQbmZvfSMqA16LCXlfudGSIJMd0CXqrNnj4cFThMPrs0VpjETcERbPkbpcGj_lW6QIKNBcffkX.ln5gFpC3lpUD7mCb_1xYTEhaQ9NQPADA97KKJLrRwnquN1ZZ0D2bVxbkjO04EgE5CGyINvbmhSrWn7UEXZwOh6yoBNH8gVKktfd7gRu7I2sekHQeoApAUHFEBI_e2r5KeBN24O7kynB1dcufGmdj3oIRjdionrpFRotU0PpoSQz7KiW45ffp128Mxgns3pnwc5fBFw3BS22vxp5XCvYj7Thl1aJr8B2wYBdkp9BS7AfzlatvF.2HDLlfgpQeBL1PbCAo7K_5INRZghpAPg97QoisqnH9qnzbmJZYshK0msSuHbVIMBrPeN0.HFrZ96fiJ3vNUPopOCOsbUIfqU8Ym5WESiFVMQeF1uWn4TCw3bc0gmTBPrg4VCI4Qy11rSsNSYpuJ5W_cbCcTp1IhoBtufS7jUUm8AFTDXBD96BCTtmzfTcUX7M5ykKtSKezvvGza51A7TCzzdIJPSF5_pw9umbEHtqin_xPeKeI5f64F3J6_Tj8cSOOe6lgUIp5ZKHJ28gmriuJl2VYSp2H_y200vibK1yDTZbaMLaBP1YW4QZxkUE0vGid10r2HjBTT_zDG7rOJUYiqjbjdxgoUJGFSXdIQeceMEnb05c8dq.Exsu4Nc9M_PBniK2ZKhN4fMloszxJXokBQ05tQ07I5BQNl_bg42iKbvIFwmsCdz16NeJSbr3UdsTnCBDvDmPkscLey8ccNpbv.7nnHd75wHETuW4H4xFVkc0AI3EaqLa6oY.KUWXd9ID.PMKvkfL7cdPPjqlp7AAzve_lI2Dn47_OUTa6rmzOnUbpwvOjPUojWX.6.OBdU2sUE7NDhSzkBKdYoOUVyfSgo.rmMO4vG0viEfDV86UaWvtUtJRBw43V1_Tdpm14zUPSHewpnhW0vhT83_LZbG_50k1ubV4XX.622DB84T.eMSOT4xeqArcwnN6BYLRM6vklqEnRlEBPyZGmn_VhhqlIoaracAZRBB5jjpen8AET90d0uubgscmWzV48vlA3BPQoa2PHgHKtHNHRE6Gos8FgxKHJEXfvDHUp1AHaOa19aIN1WVxihXdsGGD5OwWRayqsgmrzWOw.L7hvPJQEnV6O9EqdCXKlFlMxogsuYmgzSriQeMeWf.cJk4_z1V2GAexRUCPdKlsTfZaikUjTqUhe9OFbC.23Zctp.o2S72t4s23P36eWaX5wh9EMQ6xaVJjrZLzWW5UdAkyjqNCs0ql5ADurWC1PjUSJKGdVLwCwUYwPTL7w7itG8I4cQFfH2MYGH2Ct4Dtb',
cITimeS: '1736333293',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'mer7c',
nextRcV: 'PlQchW5qSQ63RC_ZQ0pdpgakisqnIB_y4.cg4iNzaH0-1736333293-1.3.1.1-DfK_AtZTYDsFzFtClG1MXESI7bbjeIP3wA_xZ0WHCbk',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, and the behaviors observed are typical of a Cloudflare challenge implementation. While the script uses some legacy APIs and performs DOM manipulation, these are low-risk indicators in the context of a Cloudflare challenge. Overall, this script is likely legitimate and poses a low risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"turnstile_success":"Success%21","testing_only":"Testing%20only.","turnstile_refresh":"Refresh","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_expired":"Expired","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","human_button_text":"Verify%20you%20are%20human","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_report":"Having%20trouble%3F","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_verifying":"Verifying...","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_overrun_description":"Stuck%20here%3F","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_terms":"Terms","turnstile_failure":"Error","turnstile_feedback_description":"Send%20Feedback","turnstile_footer_privacy":"Privacy","turnstile_timeout":"Timed%20out"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eU,eY,eZ,f3,f4,f5,f6,fc,fd,fF,fI,fK,fL,fM,fY,ga,gg,gh,gi,gs,gD,gH,fa,fb){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(763))/1+parseInt(gI(1243))/2+-parseInt(gI(922))/3*(parseInt(gI(603))/4)+-parseInt(gI(1036))/5+parseInt(gI(1096))/6*(parseInt(gI(1133))/7)+parseInt(gI(815))/8+-parseInt(gI(932))/9,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,854709),eM=this||self,eN=eM[gJ(1318)],eM[gJ(513)]=![],eM[gJ(1585)]=function(h1){if(h1=gJ,eM[h1(513)])return;eM[h1(513)]=!![]},eU=0,eN[gJ(1197)]===gJ(1200)?eN[gJ(1394)](gJ(1129),function(){setTimeout(eX,0)}):setTimeout(eX,0),eY={},eY[gJ(478)]='o',eY[gJ(946)]='s',eY[gJ(1172)]='u',eY[gJ(1393)]='z',eY[gJ(1048)]='n',eY[gJ(1356)]='I',eY[gJ(982)]='b',eZ=eY,eM[gJ(1261)]=function(g,h,i,j,he,o,x,B,C,D,E,F){if(he=gJ,o={'RSQau':he(1612),'GXcEi':function(G,H){return G+H},'TwfJo':function(G,H){return G(H)},'xJhsU':function(G,H){return G<H},'CRmYd':function(G,H,I,J){return G(H,I,J)},'NYWWE':function(G,H){return H===G},'AZkkK':function(G,H){return G===H},'XPYnK':he(1704)},h===null||h===void 0)return j;for(x=o[he(984)](f2,h),g[he(1573)][he(1216)]&&(x=x[he(1217)](g[he(1573)][he(1216)](h))),x=g[he(805)][he(1302)]&&g[he(1512)]?g[he(805)][he(1302)](new g[(he(1512))](x)):function(G,hg,H){for(hg=he,G[hg(1144)](),H=0;H<G[hg(634)];G[H]===G[H+1]?G[hg(1502)](o[hg(444)](H,1),1):H+=1);return G}(x),B='nAsAaAb'.split('A'),B=B[he(1596)][he(1511)](B),C=0;o[he(1110)](C,x[he(634)]);D=x[C],E=o[he(1254)](f1,g,h,D),B(E)?he(1051)===he(1006)?x=s[he(722)]:(F=o[he(1528)]('s',E)&&!g[he(1816)](h[D]),o[he(1802)](o[he(1342)],i+D)?s(i+D,E):F||s(i+D,h[D])):s(i+D,E),C++);return |
| URL: https://glamorouslengths.ru/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Cloudflare Turnstile CAPTCHA system. It initializes the Turnstile widget, attaches an event listener to handle the 'turnstile:pass' event, and automatically submits the form when the CAPTCHA is successfully completed. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The only low-risk indicator is the use of a legacy `XDomainRequest` API, but this is a minor concern and is likely due to compatibility reasons. Overall, this script seems to be a standard implementation of a CAPTCHA system and poses a low risk."
} |
function onloadTurnstileCallback() {
console.log('Turnstile script loaded');
// Initialize Turnstile after the script is loaded
window.turnstile = window.turnstile || {};
window.turnstile.render = window.turnstile.render || {};
const turnstileElement = document.querySelector('.cf-turnstile');
if (turnstileElement) {
console.log('Turnstile element found');
// Attach the event listener to the Turnstile instance
turnstileElement.addEventListener('turnstile:pass', function() {
console.log('Turnstile CAPTCHA passed');
document.getElementById('captcha-form').submit();
});
// Define a retry function for the fallback
function checkTurnstileResponse(retryCount = 0) {
if (window.turnstile && window.turnstile.getResponse) {
const response = window.turnstile.getResponse();
if (response) {
// Append the response to the form before submitting
const form = document.getElementById('captcha-form');
const input = document.createElement('input');
input.type = 'hidden';
input.name = 'cf-turnstile-response';
input.value = response;
form.appendChild(input); // Add the response input to the form
// Auto-submit the form
setTimeout(function() {
form.submit();
}, 500); // You can adjust the delay if necessary (in milliseconds)
} else if (retryCount < 10) { // Retry up to 10 times
console.log('Turnstile response not yet obtained, retrying...');
setTimeout(() => checkTurnstileResponse(retryCount + 1), 3000); // Retry after 5 seconds
} else {
console.error('Turnstile response not obtained after several attempts');
}
} else if (retryCount < 10) { // Retry if Turnstile is not ready
console.log('Turnstile not ready, retrying...');
setTimeout(() => checkTurnstileResponse(retryCount + 1), 3000); // Retry after 5 seconds
} else {
console.error('Turnstile not initialized after several attempts');
}
}
// Start checking for the Turnstile response
setTimeout(() => checkTurnstileResponse(), 3000); // Initial delay before starting checks
} else {
console.error('Turnstile element not found');
}
}
|
| URL: https://glamorouslengths.ru/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://challenges.cloudflare.com/turnstile/v0/g/8... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with no evidence of malicious behavior, such as dynamic code execution, data exfiltration, or redirects. The code is not obfuscated and does not interact with external domains. It uses modern JavaScript practices and does not exhibit aggressive DOM manipulation or legacy practices."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://glamorouslengths.ru Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://glamorouslengths.ru |
| URL: https://glamorouslengths.ru/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
Edit tour
chrome.exe (PID: 460 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node