| URL: email Model: Joe Sandbox AI | {
"explanation": [
"The URL contains suspicious redirects through 'eu-west-1.protection.sophos.com' instead of directly linking to Google",
"The urgent nature and threat of account deletion is a common phishing tactic to create panic",
"While the sender appears to be from Google, the formatting and structure differs from genuine Google security notifications"
],
"phishing": true,
"confidence": 9,
"generated_by_ai": false
} |
{
"date": "Wed, 08 Jan 2025 09:02:52 +0000",
"subject": "Your Google Account has been deleted due to Terms of Service violations",
"communications": [
"CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security.\n\n[image: Google]\n\n\n\nYour Google Account has been deleted due to Terms of Service violations\n\n\n\nHi,\nThis message confirms that your Google Account\ngina.harrison@cardfactory.co.uk was deleted due to a violation of our Terms\nof Service that was left unresolved.\n\nTo attempt to restore access to the account, please visit our account\nrecovery page\n<https://eu-west-1.protection.sophos.com?d=google.com&u=aHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL1JlY292ZXJBY2NvdW50P2ZwT25seT0xJnNvdXJjZT1hbmRkYSZFbWFpbD1naW5hLmhhcnJpc29uQGNhcmRmYWN0b3J5LmNvLnVrJmV0PTA=&p=m&i=NTkyNmUxYTRhOThjZDUxMDgxNWIxNGQ5&t=a25vU0lNdW0wclF4aHozbm1jSnBmZ3NWSFJWOXZRWGFJNVNFZTA1bG15dz0=&h=b25fac48556f4753b48a7f070585def5&s=AVNPUEhUT0NFTkNSWVBUSVYok9kYVwtzhr8bERGEMjKG6Vycq45J7FqjlH1brmRjnVhSU4jU2vOxoNWRHWkLvIrUiql-dVCrJ-6ynWTjH4fn>\nimmediately.\n\nGoogle Accounts can only be restored within a short period of time after\ndeletion.\nThe Google Accounts team\n\n\n\nThis email can't receive replies. For more information, visit the Google\nAccounts Help Center <https://eu-west-1.protection.sophos.com?d=google.com&u=aHR0cHM6Ly9zdXBwb3J0Lmdvb2dsZS5jb20vYWNjb3VudHMvYW5zd2VyLzEyMTIxNzI=&p=m&i=NTkyNmUxYTRhOThjZDUxMDgxNWIxNGQ5&t=c3pqM3oyT2RUR0NtY2NSME5LcVVkcURPVytyWHVsUE5vNnZzMDlvcEcrcz0=&h=b25fac48556f4753b48a7f070585def5&s=AVNPUEhUT0NFTkNSWVBUSVYok9kYVwtzhr8bERGEMjKG6Vycq45J7FqjlH1brmRjnVhSU4jU2vOxoNWRHWkLvIrUiql-dVCrJ-6ynWTjH4fn>.\n\n\n\nYou received this mandatory email service announcement to update you about\nimportant changes to your Google product or account.\n\n 2025 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA\n"
],
"from": "Google <no-reply@accounts.google.com>",
"to": "gina.harrison@cardfactory.co.uk",
"attachements": []
} |
| URL: Email Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Your Google Account has been deleted due to Terms of Service violations",
"prominent_button_name": "account recovery page",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: Email Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: Email Model: Joe Sandbox AI | {"classification":"Credential Stealer"} |
Email:
Detected potential phishing email: The URL contains suspicious redirects through 'eu-west-1.protection.sophos.com' instead of directly linking to Google. The urgent nature and threat of account deletion is a common phishing tactic to create panic. While the sender appears to be from Google, the formatting and structure differs from genuine Google security notifications |
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be related to user authentication and encryption management, which is a sensitive area. While there are no clear indicators of malicious intent, the script uses some potentially risky practices, such as interacting with the Chrome browser API and handling encryption keys. Further review may be necessary to ensure the script is not misusing or leaking sensitive user data."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("iAskyc");
_.LX=function(a){_.Ct.call(this);this.window=a.Ga.window.get();this.uc=a.Ga.uc};_.J(_.LX,_.Fu);_.LX.Ca=function(){return{Ga:{window:_.Ou,uc:_.$C}}};_.LX.prototype.wq=function(){};_.LX.prototype.addEncryptionRecoveryMethod=function(){};_.MX=function(a){return(a==null?void 0:a.pq)||function(){}};_.NX=function(a){return(a==null?void 0:a.I5)||function(){}};_.iXb=function(a){return(a==null?void 0:a.Vq)||function(){}};
_.jXb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kXb=function(a){setTimeout(function(){throw a;},0)};_.LX.prototype.dR=function(){return!0};_.OX=function(a,b,c,d){c=c===void 0?"":c;a=a.uc;var e=a.YQ,f=new _.SC;b=_.Nj(f,7,_.DWa,b==null?b:_.Tc(b));e.call(a,305,b,d,void 0,void 0,_.bWb(new _.RC,_.aWb(new _.iX,c)))};_.Ku(_.uo,_.LX);
_.l();
_.k("ziXSP");
var fY=function(a){_.LX.call(this,a.La)};_.J(fY,_.LX);fY.Ca=_.LX.Ca;fY.prototype.wq=function(a,b,c){var d;if((d=this.window.chrome)==null?0:d.setClientEncryptionKeys)_.MX(c)(),this.window.chrome.setClientEncryptionKeys(_.iXb(c),a,b);else{var e;((e=this.window.chrome)==null?0:e.setSyncEncryptionKeys)?(_.MX(c)(),d=WXb(b),b=b.get(_.XX()),this.window.chrome.setSyncEncryptionKeys(_.iXb(c),a,d,b[b.length-1].epoch)):_.NX(c)()}};
fY.prototype.addEncryptionRecoveryMethod=function(a,b,c,d,e){if(!(b.length>0)||b.includes(_.XX())){var f;(f=this.window.chrome)!=null&&f.addTrustedSyncEncryptionRecoveryMethod?(_.MX(e)(),this.window.chrome.addTrustedSyncEncryptionRecoveryMethod(_.iXb(e),a,_.YX(c),d)):_.NX(e)()}};fY.prototype.dR=function(){var a;return!((a=this.window.chrome)==null||!a.setClientEncryptionKeys)};var WXb=function(a){return a.get(_.XX()).map(function(b){return b.key})};_.Ku(_.uMa,fY);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits a mix of behaviors that require further review. While it appears to have some legitimate functionality related to user authentication and analytics, it also demonstrates concerning practices such as data exfiltration and the use of obfuscated code. The script interacts with external domains, some of which may be of unknown or dubious reputation, which increases the risk. Overall, the script's behavior is not entirely transparent, and it requires closer inspection to determine the full extent of its intentions and potential impact."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("Wt6vjf");
var gya=function(){var a=_.Le();return _.nk(a,1)},wu=function(a){this.Ha=_.u(a,0,wu.messageId)};_.J(wu,_.w);wu.prototype.Fa=function(){return _.ek(this,1)};wu.prototype.Sa=function(a){return _.xk(this,1,a)};wu.messageId="f.bo";var xu=function(){_.gn.call(this)};_.J(xu,_.gn);xu.prototype.Jd=function(){this.hW=!1;hya(this);_.gn.prototype.Jd.call(this)};xu.prototype.aa=function(){iya(this);if(this.mF)return jya(this),!1;if(!this.nY)return yu(this),!0;this.dispatchEvent("p");if(!this.tS)return yu(this),!0;this.LP?(this.dispatchEvent("r"),yu(this)):jya(this);return!1};
var kya=function(a){var b=new _.cg(a.w7);a.qT!=null&&_.hg(b,"authuser",a.qT);return b},jya=function(a){a.mF=!0;var b=kya(a),c="rt=r&f_uid="+_.Sk(a.tS);_.Nn(b,(0,_.Mg)(a.fa,a),"POST",c)};
xu.prototype.fa=function(a){a=a.target;iya(this);if(_.Qn(a)){this.mN=0;if(this.LP)this.mF=!1,this.dispatchEvent("r");else if(this.nY)this.dispatchEvent("s");else{try{var b=_.Rn(a),c=JSON.parse(b.substring(b.indexOf("\n")));var d=(new wu(c[0])).Fa()}catch(e){_.Uf(e);this.dispatchEvent("t");lya(this);return}this.mF=!1;d?this.dispatchEvent("q"):this.dispatchEvent("r")}yu(this)}else{if(a.getStatus()!=0){d="";try{d=_.Rn(a)}catch(e){}a=Error("nd`"+a.getStatus()+"`"+kya(this).toString()+"`"+String(a.gE)+
"`"+d);_.Uf(a);this.dispatchEvent("t")}lya(this)}};var iya=function(a){var b=_.tu.get(window.location.protocol=="https:"?"SAPISID":"APISID","");a.LP=a.jN!==""&&b==="";a.nY=a.jN!=b;a.jN=b},lya=function(a){a.LP||(a.mF=!0,a.mN=Math.min((a.mN||3)*2,60),yu(a))},yu=function(a){if(a.hW||a.mF)hya(a),a.VQ=window.setTimeout((0,_.Mg)(a.aa,a),Math.max(3,a.mN)*1E3)},hya=function(a){a.VQ&&(window.clearTimeout(a.VQ),a.VQ=0)};_.h=xu.prototype;_.h.qd=null;_.h.mN=0;_.h.VQ=0;_.h.jN=null;_.h.LP=!1;_.h.nY=!1;_.h.qT=null;
_.h.w7="/_/idv/";_.h.tS="";_.h.hW=!1;_.h.mF=!1;_.Pe(_.xma,xu);_.Cb().jl(function(a){var b=new xu;_.Dp(a,_.xma,b);if(gya()){a=gya();var c=_.Ie("WZsZ1e").string(null);b.tS=a;c!==void 0&&(b.jN=c);a=_.jl();a.lastIndexOf("/",0)==0||(a="/"+a);b.w7=a+"/idv/";(a=_.nk(_.Le(),3,"0"))&&_.Ie("gGcLoe").bool(!1)&&(b.qT=a);b.hW=!0;b.aa()}});
_.l();
_.k("hhhU8");
var TKa;new _.Ii(function(a){TKa=a});_.GFa();_.zf(function(){TKa()});
_.l();
_.k("FCpbqb");
_.Cb().jl(function(a){_.Nf(_.Vpa,a)});
_.l();
_.k("WhJNk");
var tKa=new Date(1262304E6),uKa=new Date(12779424E5),vKa=new Date(129384E7),wKa=function(a,b){b?a.push(Math.round((b-tKa.getTime())/6E4)):a.push(null)},xKa=function(a,b,c){a.push(b.getTimezoneOffset()/15+56);a:{var d=b.getTimezoneOffset();var e=c.getTimezoneOffset();if(d!=e)for(b=b.getTime()/6E4,c=c.getTime()/6E4;b<=c;){var f=(b>>1)+(c>>1),g=f*6E4,m=(new Date(g+3E4)).getTimezoneOffset();if((new Date(g-3E4)).getTimezoneOffset()!=m){d=g;break a}if(m==d)b=f+1;else if(m==e)c=f-1;else break}d=null}wKa(a,
d)};var yKa=function(a){_.Ct.call(this);this.aa=a.Ga.window;var b=b===void 0?!1:b;if(!_.pf(_.Ie("xn5OId"),!1)&&_.tu.isEnabled()&&(_.tu.get("OTZ")===void 0||b)){a=_.tu.set;b=[];var c=new Date;wKa(b,c.getTime());b.push(c.getTimezoneOffset()/15+56);xKa(b,tKa,uKa);xKa(b,uKa,vKa);b=b.join("_");a.call(_.tu,"OTZ",b,{maxAge:2592E3,path:"/",domain:void 0,secure:this.aa.get().location.protocol==="https:"})}};_.J(yKa,_.Fu);yKa.Ca=function(){return{Ga:{window:_.Ou}}};_.Ku(_.Vpa,yKa);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that warrant a medium risk score. It includes features like dynamic code execution, data exfiltration, and aggressive DOM manipulation, which are considered moderate-risk indicators. However, the script also appears to have some legitimate use cases, such as analytics and telemetry functionality, which mitigates the overall risk. Further review may be necessary to determine the full context and intent of the script."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("P6sQOc");
var p0a=!!(_.ei[0]>>28&1);var r0a=function(a,b,c,d,e){this.fa=a;this.Ba=b;this.oa=c;this.Da=d;this.Ea=e;this.aa=0;this.da=q0a(this)},s0a=function(a){var b={};_.Oa(a.qV(),function(e){b[e]=!0});var c=a.fV(),d=a.kV();return new r0a(a.kS(),c.aa()*1E3,a.JU(),d.aa()*1E3,b)},q0a=function(a){return Math.random()*Math.min(a.Ba*Math.pow(a.oa,a.aa),a.Da)},t0a=function(a,b){return a.aa>=a.fa?!1:b!=null?!!a.Ea[b]:!0};var u0a=function(){this.da=_.Iu(_.l0a);this.fa=_.Iu(_.j0a);var a=_.Iu(_.Z_a);this.fetch=a.fetch.bind(a)};u0a.prototype.aa=function(a,b){if(this.fa.getType(a.Yd())!==1)return _.Gn(a);var c=this.da.xX;return(c=c?s0a(c):null)&&t0a(c)?_.Aya(a,v0a(this,a,b,c)):_.Gn(a)};
var v0a=function(a,b,c,d){return c.then(function(e){return e},function(e){if(p0a)if(e instanceof _.xf){if(!e.status||!t0a(d,e.status.yc()))throw e;}else{if("function"==typeof _.Cs&&e instanceof _.Cs&&e.da!==103&&e.da!==7)throw e;}else if(!e.status||!t0a(d,e.status.yc()))throw e;return _.qf(d.da).then(function(){if(!t0a(d))throw Error("ne`"+d.fa);++d.aa;d.da=q0a(d);b=_.im(b,_.Pka,d.aa);return v0a(a,b,a.fetch(b),d)})})};_.Lu(u0a,_.o0a);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors that warrant a medium risk score. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, it does have some moderate-risk behaviors, such as external data transmission and aggressive DOM manipulation. Additionally, the use of legacy APIs like `XDomainRequest` contributes to the overall risk. However, the script appears to be related to analytics and user authentication functionality, which reduces the risk score. Further review may be necessary to determine the full context and intent of the script."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("lOO0Vd");
_.j0a=new _.Cf(_.fma);
_.l();
_.k("ZDZcre");
var b1a=function(){this.Po=_.Iu(_.SE);this.C6=_.Iu(_.j0a);this.aa=_.Iu(_.RE)};b1a.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Fb(a,function(c){var d=b.C6.getType(c.Yd())===2?b.Po.Ob(c):b.Po.fetch(c);return _.jm(c,_.TE)?d.then(function(e){return _.Ld(e)}):d},this)};_.Lu(b1a,_.hma);
_.l();
_.k("w9hDv");
_.Og(_.Yla);_.YA=function(a){_.Ct.call(this);this.aa=a.Ya.cache};_.J(_.YA,_.Fu);_.YA.Ca=function(){return{Ya:{cache:_.wt}}};_.YA.prototype.execute=function(a){_.Fb(a,function(b){var c;_.mf(b)&&(c=b.ib.hc(b.nb));c&&this.aa.qJ(c)},this);return{}};_.Ku(_.dma,_.YA);
_.l();
_.k("K5nYTd");
_.i0a=new _.Cf(_.ema);
_.l();
_.k("sP4Vbe");
_.l();
_.k("kMFpHd");
_.l();
_.k("A7fCU");
var m0a=function(a){_.Ct.call(this);this.aa=a.Ga.Lga};_.J(m0a,_.Fu);m0a.Ca=function(){return{Ga:{Lga:_.i0a,metadata:_.j0a},preload:{qJ:_.YA}}};m0a.prototype.execute=function(a){a=n0a(this,a);return this.aa.execute(a)};
var n0a=function(a,b){var c={};_.Fb(b,function(d,e){c[e]=d.ib.hc(d.nb);if(d.metadata){if(d.metadata.sideChannel)for(var f=_.n(d.metadata.sideChannel),g=f.next();!g.done;g=f.next())g=g.value,c[e]=_.zya(c[e],g.extension,g.message);if(d.metadata.kb)for(d=_.n(d.metadata.kb),f=d.next();!f.done;f=d.next())f=f.value,c[e]=_.im(c[e],f.key,f.value)}},a);return c};_.Ku(_.gma,m0a);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of a larger application and does not contain any high-risk indicators. It primarily consists of utility functions and event handlers, with no obvious signs of malicious behavior. The script interacts with known Google domains and appears to be related to user authentication and UI rendering, which are common in legitimate web applications. While there are some moderate-risk indicators, such as external data transmission and aggressive DOM manipulation, the overall context suggests this is likely a benign script with no clear intent to harm."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.Og(_.Iqa);
_.k("sOXFj");
var Ru=function(){_.Ct.call(this)};_.J(Ru,_.Fu);Ru.Ca=_.Fu.Ca;Ru.prototype.aa=function(a){return a()};_.Ku(_.Hqa,Ru);
_.l();
_.k("oGtAuc");
_.Cya=new _.Cf(_.Iqa);
_.l();
_.k("q0xTif");
var wza=function(a){var b=function(d){_.Io(d)&&(_.Io(d).Nc=null,_.gv(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.rv=function(a,b){a&&_.Ef.hc().register(a,b)};_.sv=function(a){_.fv.call(this,a.La);var b=this,c=a.context.Aha;this.oa=c.Ir;this.qd=this.Pa=this.eb=this.Ba=null;this.Ma=a.Ga.Mc;this.Wa=a.Ga.Gpa;a=this.oa.oa.then(function(d){b.Ba=d;d=b.oa.id.v7(d,b.oa.getParams());b.eb=d.variant});c=c.A2.then(function(d){b.Pa=d});this.Ea=this.Ea.bind(this);this.Kj(_.Ki([a,c]))};_.J(_.sv,_.fv);_.sv.Ca=function(){return{context:{Aha:"FVxLkf"},Ga:{Mc:_.Pu,component:_.lv,Gpa:_.Cya}}};_.sv.prototype.aa=function(){return""};_.sv.prototype.Da=function(){return!1};
_.sv.prototype.Up=function(){return this.oa};var tv=function(a){var b=_.Fb(a.Pa,a.Ea);b={fb:a.oa.getParams(),Aga:a.oa.Da,ab:{V6:!1,fb:a.oa.getParams(),Jb:a.oa.id.Ea,XP:a.oa.xJ,Gb:a.aa(),jsdata:_.Gb(a.Ba)},oc:b,Yua:a.eb};Object.assign(b,a.Ba||{});Object.assign(b,a.oa.da);Object.assign(b.ab,a.oa.da);return b};_.sv.prototype.Ea=function(a,b){return Array.isArray(a)?a.length!=1||(b=this.oa.id.getChildren()[b],b&&b.oy)?_.Rf(a,function(c){return tv(c)}):tv(a[0]):tv(a)};_.sv.prototype.fa=function(){return null};
var xza=function(a){var b=a.da();return function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Kh(c))})}},yza=function(a){var b=a.fa();return b?function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Kh(c))})}:b};_.sv.prototype.render=function(){var a=tv(this),b=xza(this);b=this.Da()?zza(this,b,a):this.Qa.Fc(b,a);this.fa()&&(a=Aza(this,a),b.appendChild(a));(a=this.oa.id.pV())&&a.length>0&&a.forEach(function(){});this.oa.aa(b);return b};
var Aza=function(a,b){var c=a.dom.aa.aa.createElement("view-header");c.style.display="none";var d=yza(a);b={fb:a.oa.getParams()};a.Da()?a.Ma.wE(c,d,b):(a=a.Qa.mQ(d,b),c.appendChild(a));return c},zza=function(a,b,c){var d=a.dom.aa.aa.createElement("div");a.Ma.wE(d,b,c);return d.childNodes.length==1?d.firstChild:d};_.sv.prototype.vX=function(a){var b=tv(this),c=xza(this);wza(a);this.Ma.Yk(a,c,b);this.Up().aa(a);this.fa()&&(b=Aza(this,b),b=(new _.sp(b)).Nb(),_.wg(_.yg(a).body,_.vza,b))};_.rv(_.qv,_.sv);
_.l();
_.k("rv9FVb");
var OE=function(a){_.ME.call(this,a.La);this.mD=a.Ga.mD;this.oa.setBackButtonEnabled(!1);this.eb=!0;this.fa=a.Ga.uc;this.fa.Lb(307,64004,"page")};_.J(OE,_.ME);OE.Ca=function(){return{Ga:{mD:_.NE,uc:_.$C}}};OE.prototype.Cf=function(){_.ME.prototype.Cf.call(this);this.aa()};OE.prototype.Ba=function(){this.oa.setBackButtonEnabled(!0);this.da.restart()};
OE.prototype.aa=function(){var a=this,b;return _.$h(function(c){return(b=a.mD.da)?_.Rh(c,_.mw(a).Ob(function(){var d=a.Ta("H5iMZd").el(),e=_.vb(b,{Lna:!0});_.Be(d,e)}).build()(),0):c.return()})};_.X(OE.prototype,"TPiE3e",function(){return this.aa});_.X(OE.prototype,"UHZ0U",function(){return this.Ba});_.X(OE.prototype,"WYd",function(){return this.Cf});_.Z(_.UBa,OE);
_.l();
_.I_=function(){var a=(0,_.C)("Learn more");return(0,_.C)(""+a)};_.J_=function(){return"Next"};
_.N5b=function(a,b){return _.U("nb",b!=null?b:null)(null,a)};_.T("mb","",0,function(){return"Sign in - Google Accounts"});_.T("mb","firebase",0,function(){return"Firebase Console"});_.T("mb","kav",0,function(){return"Age Verification"});_.T("mb","androidbetaprogram",0,function(){return"Android Beta Program"});_.T("mb","datastudio",0,function(){return"Easily Build Custom Reports and Dashboards - Looker Studio"});_.T("nb","castdevconsole",0,function(){return"The Google Cast Developer Console enables developers to register applications and authorize devices for testing."});
_.T("nb" |
| URL: https://accounts.google.com/v3/signin/recoveryidentifier?Email=gina.harrison%40cardfactory.co.uk&et=0&fpOnly=1&source=andda&flowName=GlifWebSignIn&dsh=S2099356391%3A1736343419004542&ddm=1 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your Google Account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/recoveryidentifier?Email=gina.harrison%40cardfactory.co.uk&et=0&fpOnly=1&source=andda&flowName=GlifWebSignIn&dsh=S2099356391%3A1736343419004542&ddm=1 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your Google Account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://accounts.google.com |
| URL: https://accounts.google.com/v3/signin/recoveryidentifier?Email=gina.harrison%40cardfactory.co.uk&et=0&fpOnly=1&source=andda&flowName=GlifWebSignIn&dsh=S2099356391%3A1736343419004542&ddm=1 Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://accounts.google.com/v3/signin/recoveryidentifier?Email=gina.harrison%40cardfactory.co.uk&et=0&fpOnly=1&source=andda&flowName=GlifWebSignIn&dsh=S2099356391%3A1736343419004542&ddm=1 Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script contains obfuscated code and uses encoded strings, which are high-risk indicators. However, there is no clear evidence of malicious intent such as data exfiltration or redirection to suspicious domains. The script appears to be part of a larger framework, possibly for feature toggling or configuration management, but the obfuscation raises concerns."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
var fIa;
_.Sz=function(){var a=fIa(_.Ie("xwAfE"),function(){return _.Ie("UUFaWc")}),b=fIa(_.Ie("xnI9P"),function(){return _.Ie("u4g7r")}),c,d,e,f;return(f=gIa)!=null?f:gIa=Object.freeze({isEnabled:function(g){return g===-1||_.pf(_.Ie("iCzhFc"),!1)?!1:a.enabled||b.enabled},environment:(c=_.Zk(_.Ie("y2FhP")))!=null?c:void 0,lT:(d=_.Zk(_.Ie("MUE6Ne")))!=null?d:void 0,Ct:(e=_.Zk(_.Ie("cfb2h")))!=null?e:void 0,kq:_.al(_.Ie("yFnxrf"),-1),K2:_.CFa(_.Ie("fPDxwd")).map(function(g){return _.al(g,0)}).filter(function(g){return g>0}),
y7:a,i7:b})};fIa=function(a,b){a=_.pf(a,!1);return{enabled:a,xB:a?_.Ld(_.il(b(),_.Tz)):hIa()}};_.Tz=function(a){this.Ha=_.u(a)};_.J(_.Tz,_.w);var hIa=function(a){return function(){return _.pd(a)}}(_.Tz);var gIa;
_.k("p3hmRc");
var WIa=function(a,b,c,d){this.transport=a;this.aa=b;this.da=c;this.environment=d;this.fa=Number(Date.now()).toString(36)+Math.random().toString(36).slice(2)};_.rA=function(){_.Ct.call(this);this.config=_.Sz();var a=this.config.kq;this.config.isEnabled(a)&&(this.aa=XIa(this,a))};_.J(_.rA,_.Fu);_.rA.Ca=_.Fu.Ca;var XIa=function(a,b){var c=_.bBa().map(function(m){return _.zd(m)}),d,e=_.VIa(_.UIa(_.qA((new _.pA(b,_.nk(_.Le(),3,"0"))).jw(_.Qz(new _.Pz,a.config.K2)),(d=a.config.Ct)!=null?d:""),c)).build();switch(b){case 2082:var f=2;break;case 1884:f=1}var g;return new WIa(e,a.config.lT,f,(g=a.config.environment)!=null?g:"")};_.Ku(_.dqa,_.rA);
_.l();
_.YIa=function(a,b,c){var d=b.aa().Hoa(a.fa);a.aa!==void 0&&d.Gda(a.aa);a.environment&&d.Hda(a.environment);a.da&&d.Eoa(a.da);var e,f,g=(e=_.Cb())==null?void 0:(f=e.Ma)==null?void 0:_.un(f.oa,"k");g&&d.Ioa(g);b.da(c);a.transport.mi(b);a.transport.flush()};_.sA=function(a){this.Ha=_.u(a)};_.J(_.sA,_.w);_.h=_.sA.prototype;_.h.getUrl=function(){return _.nk(this,3)};_.h.Gda=function(a){_.L(this,5,a)};_.h.Hda=function(a){_.L(this,7,a)};_.h.Eoa=function(a){_.Ck(this,8,a)};
_.h.Hoa=function(a){return _.L(this,9,a)};_.h.Ioa=function(a){_.L(this,10,a)};_.tA=function(a){this.Ha=_.u(a)};_.J(_.tA,_.w);_.tA.prototype.aa=function(){return _.Oz(this,_.sA,5)};_.tA.prototype.da=function(a){_.Xj(this,_.Tz,18,a)};
var ZIa=_.fa.URL,$Ia,aJa,cJa,bJa;try{new ZIa("http://example.com"),$Ia=!0}catch(a){$Ia=!1}aJa=$Ia;
cJa=function(a){var b=_.ul("A");try{_.Ae(b,_.fb(a));var c=b.protocol}catch(e){throw Error("Jd`"+a);}if(c===""||c===":"||c[c.length-1]!=":")throw Error("Jd`"+a);if(!bJa.has(c))throw Error("Jd`"+a);if(!b.hostname)throw Error("Jd`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};bJa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=
b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};
_.dJa=function(a){if(aJa){try{var b=new ZIa(a)}catch(d){throw Error("Jd`"+a);}var c=bJa.get(b.protocol);if(!c)throw Error("Jd`"+a);if(!b.hostname)throw Error("Jd`"+a);b.origin=="null"&&(a={href:b.href,protocol:b.protocol,username:"",password:"",host:b.host,port:b.port,hostname:b.hostname,pathname:b.pathname,search:b.search,hash:b.hash},a.origin=c===b.port?b.protocol+"//"+b.hostname:b.protocol+"//"+b.hostname+":"+b.port,b=a)}else b=cJa(a);return b};
bJa=new Map([["http:","80"],["https:","443"],["ws:","80"],["wss:","443"],["ftp:","21"]]);
_.k("LvGhrf");
var fJa=function(a){if(_.fa&&_.fa.performance&&_.fa.performance.memory){var b=_.fa.performance.memory;if(b){var c=new eJa;isNaN(b.jsHeapSizeLimit)||_.Uz(c,1,Math.round(b.jsHeapSizeLimit).toString());isNaN(b.totalJSHeapSize)||_.Uz(c,2,Math.round(b.totalJSHeapSize).toString());isNaN(b.usedJSHeapSize)||_.Uz(c,3,Math.round(b.usedJSHeapSize).toString());_.Xj(a,eJa,1,c)}}},iJa=function(a){if(gJa()){var b=performance.getEntriesByType("navigation");if(b&&b.length){var c=new uA;if(b=b[0]){switch(b.type){case "navigate":c.Vb(1);
break;case |
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script uses an image beacon to check connectivity and does not exhibit high-risk behaviors such as dynamic code execution or data exfiltration. It interacts with a trusted domain (google.com) for a clear dot image, which is a common practice for connectivity checks. The script's behavior aligns with typical analytics or telemetry functionality, suggesting a legitimate context."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
var vua=function(a,b){this.da=a;this.fa=b;if(!c){var c=new _.cg("//www.google.com/images/cleardot.gif");_.Im(c)}this.oa=c};_.h=vua.prototype;_.h.qd=null;_.h.E0=1E4;_.h.pC=!1;_.h.nT=0;_.h.xM=null;_.h.wX=null;_.h.setTimeout=function(a){this.E0=a};_.h.start=function(){if(this.pC)throw Error("vc");this.pC=!0;this.nT=0;wua(this)};_.h.stop=function(){xua(this);this.pC=!1};
var wua=function(a){a.nT++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.kn((0,_.Mg)(a.JJ,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.Mg)(a.Tma,a),a.aa.onerror=(0,_.Mg)(a.Sma,a),a.aa.onabort=(0,_.Mg)(a.Rma,a),a.xM=_.kn(a.Uma,a.E0,a),a.aa.src=String(a.oa))};_.h=vua.prototype;_.h.Tma=function(){this.JJ(!0)};_.h.Sma=function(){this.JJ(!1)};_.h.Rma=function(){this.JJ(!1)};_.h.Uma=function(){this.JJ(!1)};
_.h.JJ=function(a){xua(this);a?(this.pC=!1,this.da.call(this.fa,!0)):this.nT<=0?wua(this):(this.pC=!1,this.da.call(this.fa,!1))};var xua=function(a){a.aa&&(a.aa.onload=null,a.aa.onerror=null,a.aa.onabort=null,a.aa=null);a.xM&&(_.ln(a.xM),a.xM=null);a.wX&&(_.ln(a.wX),a.wX=null)};var yua=function(){_.gn.call(this);this.aa=new vua(this.Xma,this);this.fa=51E3+Math.round(18E3*Math.random())};_.J(yua,_.gn);_.h=yua.prototype;_.h.Xma=function(a){this.yW=Date.now();this.J5(a)};_.h.J5=function(a){this.v5=a;this.dispatchEvent("g")};_.h.qd=null;_.h.yW=0;_.h.v5=!0;var zua=function(){this.aa=new yua};_.Pe(_.Bn,zua);_.Cb().jl(function(a){var b=new zua(a);_.Dp(a,_.Bn,b)});
_.k("byfTOb");
_.l();
_.k("lsjVmc");
var js=function(a,b){b=b===void 0?!0:b;_.li.call(this);this.Ba=a;this.da=new _.is(this);b&&_.Aua(this);_.Ig(this,this.da)};_.ks=function(a){this.Ha=_.u(a,0,_.ks.messageId)};_.J(_.ks,_.w);_.ks.prototype.zy=_.ba(40);_.ks.messageId="xsrf";_.Bua=new _.Qk(48448350,_.ks);_.ji(js,_.li);js.prototype.aa=null;js.prototype.fa="at";js.prototype.oa=null;_.Aua=function(a){var b=a.Ba.get(_.Sl);b.Ba.includes(a.da);b.oa(a.da)};js.prototype.configure=function(a,b,c){this.aa=a;this.oa=b;c&&(this.fa=c)};_.is=function(a){this.fa=a};_.ji(_.is,_.Sf);_.is.prototype.aa=_.ba(15);_.is.prototype.da=_.ba(18);_.Pe(_.Cn,js);_.Cb().jl(function(a){var b=new js(a,!1);_.Dp(a,_.Cn,b);b.configure(_.Ie("SNlM0e").string(null),_.Ie("S06Grb").string(null))});
_.l();
_.lf.prototype.rO=_.ca(6,function(){return this.kx});_.ls=function(a){var b=a.Yd().rO();if(b==null||b<0)return null;var c=_.Bl[b];if(c){var d=Object.values(c)[0],e=_.jm(a,_.am);c=_.jm(a,_.Jka);var f=_.jm(a,_.bm),g=_.jm(a,_.cm),m=_.jm(a,_.Kka);b=_.Al[b];a={Gn:d,Js:b?Object.values(b)[0]:void 0,request:a.wi(),sD:!!e};f&&(a.a2=f);g&&(a.b2=g);c&&(a.hB=c);m&&(a.uP=m);return a}return(c=_.Cl[b])?(c=Object.values(c)[0],b=_.Dl[b],{Gn:b?Object.values(b)[0]:void 0,mB:c,YW:a.wi()}):null};
_.Cua=function(a){return _.Ec(function(b){return b instanceof a&&!_.jc(b.Ha)})};_.Dua=function(a,b){a.sort(b||_.Na)};_.ms=function(a,b){b in a&&delete a[b]};_.ns=function(a,b){return a!==null&&b in a?a[b]:void 0};_.Ln.prototype.FD=_.ca(21,function(){for(var a={},b=this.getAllResponseHeaders().split("\r\n"),c=0;c<b.length;c++)if(!_.aj(b[c])){var d=_.oka(b[c],":",1),e=d[0];d=d[1];if(typeof d==="string"){d=d.trim();var f=a[e]||[];a[e]=f;f.push(d)}}return _.Fb(a,function(g){return g.join(", ")})});
_.Jn.prototype.Qm=_.ca(20,function(){return _.nk(this,3)});_.Eua=function(a,b){return _.ue(a,2,b)};_.Fua=function(a){var b=a.type;if(typeof b==="string")switch(b.toLowerCase()){case "checkbox":case "radio":return a.checked?a.value:null;case "select-one":return b=a.selectedIndex,b>=0?a.options[b].value:null;case "select-multiple":b=[];for(var c,d=0;c=a.options[d];d++)c.selected&&b.push(c.value);return b.length?b:null}return a.value!=null?a.value:null};
_.os=function(a){_.li.call(this);this.pb=a;this.oa={}};_.ji(_.os,_.li);var Gua=[];_.os.prototype.listen=function(a,b,c,d){Array.isArray(b)||(b&&(Gua[0]=b.toString()),b=Gua);for(var e=0;e<b.length;e++){var f=_.an(a,b[e],c||this.ha |
| URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be part of a legitimate library, likely for UI or feature toggling, with no signs of malicious behavior. The presence of copyright notices from reputable sources like Google further suggests a legitimate context."
} |
"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x24a60d89, 0x1be1, 0x6970ff1, 0x12280dd0, 0x6420, 0x0, 0x2c000000, 0x24000001, 0xc3, ]);
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright Google LLC
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright 2024 Google, Inc
SPDX-License-Identifier: MIT
*/
/*
SPDX-License-Identifier: Apache-2.0
*/
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var baa,daa,Qa,Ua,gaa,iaa,jb,qaa,xaa,Ab,Jaa,Laa,Oaa,Mb,Paa,Sb,Ub,Vb,Qaa,Raa,Wb,Saa,Taa,Uaa,$b,Zaa,aba,hc,fba,hba,iba,qc,rc,mba,nba,pba,rba,sba,wba,zba,tba,yba,xba,vba,uba,Aba,Bba,Cba,Jba,Mba,Oba,Pba,Lba,Rba,Oc,Tba,Vba,aca,bca,cca,dca,eca,fca,Zba,$ba,lca,oca,qca,rca,sca,tca,wca,yca,xca,Aca,Cd,Bd,Cca,Bca,Fca,Eca,Hca,Jca,Kca,Mca,Jd,Nca,Oca,Pca,Od,Vca,Wca,ae,Xca,Nd,Pd,bda,le,gda,ada,hda,jda,kda,nda,qda,rda,sda,vda,Nda,Tda,Me,Vda,Ne,Wda,aea,kea,mea,nea,oea,qea,uea,vea,wea,xea,Aea,Cea,Iea,Mea,Nea,Oea,Yea,
Uea,bfa,afa,fg,efa,ig,gfa,hfa,ifa,nfa,tfa,rfa,xfa,yfa,zfa,Bfa,Cfa,Dfa,Gfa,Hfa,Nfa,Pfa,Qfa,Sfa,Tfa,Ufa,Vfa,Wfa,Xfa,Zfa,$fa,bga,fga,gga,iga,ah,bh,nga,pga,qga,rga,sga,uga,ch,wga,xga,eh,yga,zga,Aga,Dga,Ega,Fga,Iga,Jga,Kga,Oga,Sga,aaa,Yga,Fh,Zga,Hh,$ga,aha,bha,Lh,Ph,gha,lha,kha,Zh,nha;_.ba=function(a){return function(){return aaa[a].apply(this,arguments)}};_.ca=function(a,b){return aaa[a]=b};_.ha=function(a){_.fa.setTimeout(function(){throw a;},0)};_.ja=function(a){a&&typeof a.dispose=="function"&&a.dispose()};
baa=function(a){for(var b=0,c=arguments.length;b<c;++b){var d=arguments[b];_.ka(d)?baa.apply(null,d):_.ja(d)}};_.la=function(a,b){if(Error.captureStackTrace)Error.captureStackTrace(this,_.la);else{var c=Error().stack;c&&(this.stack=c)}a&&(this.message=String(a));b!==void 0&&(this.cause=b);this.aa=!0};_.ma=function(a){return a[a.length-1]};_.na=function(a,b,c){for(var d=typeof a==="string"?a.split(""):a,e=a.length-1;e>=0;--e)e in d&&b.call(c,d[e],e,a)};
_.pa=function(a,b,c){b=_.oa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.oa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ra=function(a,b){return(0,_.qa)(a,b)>=0};_.sa=function(a){if(!Array.isArray(a))for(var b=a.length-1;b>=0;b--)delete a[b];a.length=0};_.ua=function(a,b){_.ra(a,b)||a.push(b)};_.Ba=function(a,b){b=(0,_.qa)(a,b);var c;(c=b>=0)&&_.wa(a,b);return c};
_.wa=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Ca=function(a){return Array.prototype.concat.apply([],arguments)};_.Da=function(a){var b=a.length;if(b>0){for(var c=Array(b),d=0;d<b;d++)c[d]=a[d];return c}return[]};_.Ga=function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(_.ka(d)){var e=a.length||0,f=d.length||0;a.length=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}};
_.caa=function(a,b,c){return arguments.length<=2?Array.prototype.slice.call(a,b):Array.prototype.slice.call(a,b,c)};_.Ka=function(a,b){b=b||a;for(var c=0,d=0,e={};d<a.length;){var f=a[d++],g=_.Ha(f)?"o"+_.Ja(f):(typeof f).charAt(0)+f;Object.prototype.hasOwnProperty.call(e,g)||(e[g]=!0,b[c++]=f)}b.length=c};_.La=function(a,b){if(!_.ka(a)||!_.ka(b)||a.length!=b.length)return!1;for(var c=a.length,d=daa,e=0;e<c;e++)if(!d(a[e],b[e]))return!1;return!0};_.Na=function(a,b){return a>b?1:a<b?-1:0};
daa=function(a,b){return a===b};_.eaa=function(a,b){var c={};(0,_.Oa)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};Qa=function(a){return a.toString().indexOf("`")===-1};_.Ta=function(a){return new _.Ra(_.Sa,a[0].toLowerCase())};Ua=function(a){return{valueOf:a}.valueOf()};gaa=function(){var a=null;if(!faa)return a;try{var b=function(c){return c};a=faa.createPolicy("AccountsSignInUi#html",{createHTML:b,createScript:b,create |
| URL: https://accounts.google.com/v3/signin/deletedaccount?ddm=1&dsh=S2099356391%3A1736343419004542&epd=AW5di2oFn-aX99uv26sxmgIGgTLOLwaDLRW2b4WEJnNYW8HLoc-0WI_Z8rC00YCOdYtm4cauP64hBlHtK6LbV6qx__mGPHYkxOKPg5NWF3hyTTlJT2H81MHM1aF4ON9TuqME-b7LbiciuRRLRu_q-Pp10ABu& Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your Google Account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/deletedaccount?ddm=1&dsh=S2099356391%3A1736343419004542&epd=AW5di2oFn-aX99uv26sxmgIGgTLOLwaDLRW2b4WEJnNYW8HLoc-0WI_Z8rC00YCOdYtm4cauP64hBlHtK6LbV6qx__mGPHYkxOKPg5NWF3hyTTlJT2H81MHM1aF4ON9TuqME-b7LbiciuRRLRu_q-Pp10ABu& Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/deletedaccount?ddm=1&dsh=S2099356391%3A1736343419004542&epd=AW5di2oFn-aX99uv26sxmgIGgTLOLwaDLRW2b4WEJnNYW8HLoc-0WI_Z8rC00YCOdYtm4cauP64hBlHtK6LbV6qx__mGPHYkxOKPg5NWF3hyTTlJT2H81MHM1aF4ON9TuqME-b7LbiciuRRLRu_q-Pp10ABu& Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://accounts.google.com/v3/signin/deletedaccount?ddm=1&dsh=S2099356391%3A1736343419004542&epd=AW5di2oFn-aX99uv26sxmgIGgTLOLwaDLRW2b4WEJnNYW8HLoc-0WI_Z8rC00YCOdYtm4cauP64hBlHtK6LbV6qx__mGPHYkxOKPg5NWF3hyTTlJT2H81MHM1aF4ON9TuqME-b7LbiciuRRLRu_q-Pp10ABu& Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://www.google.com/recaptcha/api2/anchor?ar=1&... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, the aggressive and opaque nature of its implementation raises significant security concerns. Further investigation is recommended to determine the true intent and potential impact of this script."
} |
recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy85N3V6Z0h4emRxWGVmbVRnOHdQZUtDeTRrbGE4NnE0emhqMm5xX3lpZHcwLmpz\x22,\x22\x22,\x22Y1VaTmpNb0xVOHFMcU45MXQrSFNJcUtLYXp0emU3TXlaWENWdkJLSWJyd1B4M0NzZnVlOVNwLy9zdFB6cTJ0YUZHYlVaeFhBak1OM1BDdUFtWktPV2pEdFhvNGxmUk1RZ3NsTTYzM2VZTTgxSjZ3K0dKUWtaODlnbUVoNCsxY2NTQjlmQTJiYjNiNTd2ZWdPMEpGNlJUNEVucDg2OFdURHFFaThVcG9aZDRDcnRtZTV5UFFsRkRjc0l0NXJTb3V3K2VQNGV6MnRUeTN0NEs5S0RwSk8venI2MnhzcXFHUTN3YkRld1JCQ2pzVE9HNDRqYlhsUzZoUGtZOXlsM0M5VG1KMUE3UVZxS3hYLzRpVHcxT2czY2Y1bFcwSXUrYzNGcVhLQThOWHRKTEdpOGVLQ1VLWnZES2FxQkIxUDJKT3dBTUw1U0RoRlg0blBEZUNTZytsbC9jQjc3TFhnUVpHaHlsbU5HVWViNkg4RGNHVHB5ZG9wWHd1VzgzNVp6WTdEZzhVRXpWaU0zMldjWHpOU2hoRkRGTnRpeEhZWTMyakVtT0VmOXl3YkpqUWdONFB1RnFFM2NYYzdkT1MvNzRjeFY5c0tkT3J3Y2RhSFZlN1MyZHpZbklTcG02SzlhOXNiQy9GQlhkSEFFak9EQ0JGcldqd1pOTFR2MFl0TVNFQ3pZTmpEd0ZKZ0ZGZnI0RElIVXpTTGZWZkQ2MzZHT1F0TE9iQ1VqTGpLNldOWTh2ZmkzVHcyeFZYblEvd3NNczF6Sms4NW0yYW1ueEdUMmVKaWIzNTlIWTlmWk50SmpDQ0VwTWhRNjhFcjJEZXZsTExDODZBYjVLTmZyMnhiSXE2RnBFZjBqYzdyRE84eHZCSmxDcmlOVmpBSVdKZnFZdTA0OXMvYmJQb3NJd0lnbFhBR3dVem1jdTBvZDVJOGRZcDZKY1IyV2RRaFVwSmphL00xUnFReUR2YU5xRHRBM0F6WjdISmJ4MkFVSWF5VzNwMHZWalJ6ZHhkRzRYZ2hRMlpOQlNUL1hhRXh5ajVFd1IrVWRCWVltWGkzMlV6bzhRY0R1MXRGUkdPWVJQU2hJbDFiaXlNS0dTMUVoMzdGeGFJbE0zRllSR0JpbDF5aUo3Q3doRnJaRzE1cGY0R1NXME9uUTZkc0NVMkxFNWRzVlFLQjlGTFNPWGZ6cFBSMmRTTVJEQWdkaDlxcm5DR3psSnppMjlIMk5QbjR0TXZFQ3RpSWRYWHBlYUI2UTBTZCtZc1BLaDVPYXlxSy9NQ1kxWEQrbDg3Mkw5OUdQSjJZZUNiK3M1SzI5aWlEZG5JVmFnUm5hWktmZzZtQVhva0dvcGlXSUp3a3NNV1pNcmg1Tm9BdWN5Q2krdlhLMXdod3poZ3lVbGlremwyNzZacnNweTQ2MEVVVVAyS1IyTEtPQVhLYmhidUtVN3graXE1R0RrYmljbjdrZGtDWkNLcjNpMFRzc0RGblZRMVhwbklxcmxZY0R5bzIrODdUSURPWkpmZ0JyOXUwOHJZRmIwNEVLV3lxUGs5dzVqazVNdHB4YnJGSGpGSFVRTDdSRFgxMWlWeStOZFowK094MTYzVjg1akljaGZlcEZhd0o3VUgwSTdoekt4ZzBMcmZwOUF0RTFYSHFqVXNUUlZWY0hCcy9kaGdJVEVHVUMwR3J3a2hiM08vZFFSZ0REK0pCOEhUbC9hVE1XamllNThRejRDQkdaSGhjVDRXb0Flc1dpVkl0c3lvRzlQQmRpcUozNEVBR0VJNlkvOEZNam9qMXltVmtHUHV6Vmw2TTNQbk84d2Y4YVhoZ3lTOEZqRGVSZDN5ZUdvbmkyMGVWcjR4RzduSlBlYVBEcWg0RFQwZ2UxdUV0QkdmZTFhcTNNcVZNcWdOdTdhbHhUZXhpY0RwNFRDbGZxSk1ReXgrSEZPOFpCaFBSSk9uVzBKVVRURWNLTi9kbUlackExNWVleUZnYi9ISzVQcUYycDVkNjdHMHFHYlpxQ2FleGw2V3pIWjBBMzBuNGQxR25ac3BOQm9wMUVNelN2U2Y0NzR3clUxYm85OGJ2NjJyYk5DVElmWWxuS0FpNGI1YUp1VldheXN4OUxhUElOQzVJUzJpRkQ0SkR1Wk0rc1Bnakt5Zm1mY0p0akhHM3IxUGNXYXFXc1pPZ254WS9tMC9lYzU5ay83ekVFaVFWOS9aRXFWZXBxdkxxYlJkRC9LQVhKT3A0Z3ZJWGVDZmRMdno2UU10UDVhYlUwUExYUlZQNEt5S3hpNm5xRUFMNFpja2ZPZkpSMGxEdDlqWCs0YWdMRjdRbkxNVk52UWZicURudzdiWWkvdnh6bzUxRXJ2ZnVmREMxMXVMZkRKTDl6WXc1bFRxWlBJUUMwdnN3MXR5cENPYXY5eDcwa3YzM3B0R0xxSWdXdXFsd1dqTXhzdWdHNzZ1S09GYzdTMllPWWlLYUVUR3RBNGFROE9iT2o3b0JqcERaMHVPWVF3cFJHMUJ4c3BzRTBDQWQ0SzQyMGhyckdXWkMyVnBTeUIyamlSSWs4VGI5VWpvekZLVlQzY2QycHVWZEZmWEVQSEtZNUc3UE1LRHZBbUJUK3NZZjErL1p1V0xJMFFTRU5ZQ2w2VUtWeWZNdVFOUjI4U2NkbHVSRGJsSVZZQnZIM2dZWW93OEFJdlo5TklJalYzclg0SGV4QWcwUnVKTjd4V0ZJRWZMUmtJd1RtdWtYclNzUWZDZnoyTGwvKzloVk9sSzl5c3dJUE1EcTdZTGE5eEJGY0ZvUVBjQXNkQzZZY3RZZ2UzQ3NoZllWY3lyZ3BFeG44NXVpdisxSFdzNktRVkFIQVFTQjdTZ3F5SkU3bzk2c3lVdEJQNjlkYzhaOWZXakFOYnhXMHYxVVdiQnFybUZuSitBTysvS0p4UmdZaWxTbWxtMnBXWFdBdWs2MjZYYi9lYWcwZE5lUmhBRm1xUmVWWDhHYWN3T1BZRi8vSzhrMVBsaDVrN2V6dTl4anpUdUpkVWlqWWZRN2JTN2lKQlBtT3g1RXBNaGlFNzNSSVFkaHh5KzFXS1RHTDNTOWp1ZXJwY3JEd1NiK3lwTm9oRkNsc0ZFU2VXTFlKS2ZwS1JlZEUwNzNHenFzZS9QcnRUTVduVnNlZEc1Z3NkcUtvajdOemx2SG1CQXI0bHkxNnJKOFlpTXRtK3hkWURyVUFVTHh0aEEzdUZablJWWkxSR3d1N09ZY21JN3pQN3BCSERvOHB5ZVBLVDFoZFhkaWY2MEdWaEgxTkZDejA1TWNONjdISmhsVm8xb3J5Ukp0cEI5ekpBejE0ZG1iVmxUKzJWSUhqM1ZjZU9IVzhUell4cW1sL3h0NHloYVJVa2NMYlNJYk9tZXFjeGZMdWx3U3FMWlZEanBQelpTb0xURFBoUGRrNXA5VU5Qd0xhMnJqSzJEWDZURzlSUkRSaE52czVmM3JROUxEWlFjRXZsdXdOencvemw2K25rbXYwV3dRZElTVEN2aXoxamZWUFlhT1NCWTlzbWpubm5mdUpVODRDUll0TmlxTGNzRjY4YXk4dUdNS0V3SzV2N3EybmdPQ0dib2FldFhtbnI1VlI3YVFVai9ZdW9nMEZsWkJkUENWYlRFYlpCWU5Fc0lQS3pJcElJNG9DV0N5SVNnWGp2R2NpYVd0RUZNbitjZ1dqZ05VUXBScnh1eVJaVG9hVDBSVDhZNU5MRVdaNEI5SFlZUGlBelROTVNpbTNwN3Q4REdnZWtyNHlPUFVPYjZFcmRKeGNxc1JOT3poek5ZWDg2MlpUUDlhSWpOQXFjQmVKdHdnV2FkM2NaS2JNSDR |
| URL: https://www.google.com/js/bg/97uzgHxzdqXefmTg8wPeK... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a combination of obfuscated code and legitimate functionality. While it contains some potentially high-risk indicators like dynamic code execution and data exfiltration, the overall context suggests it may be a part of a larger, legitimate application. The code seems to be using the Trusted Types API to sanitize dynamic code execution, which reduces the risk. Additionally, the presence of analytics-related functionality and the lack of clear malicious intent indicate a medium-risk profile. Further investigation may be necessary to fully understand the purpose and potential impact of this script."
} |
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var l=function(Q,A){if(A=(Q=null,h).trustedTypes,!A||!A.createPolicy)return Q;try{Q=A.createPolicy("bg",{createHTML:F,createScript:F,createScriptURL:F})}catch(n){h.console&&h.console.error(n.message)}return Q},F=function(Q){return Q},h=this||self;(0,eval)(function(Q,A){return(A=l())&&Q.eval(A.createScript("1"))===1?function(n){return A.createScript(n)}:function(n){return""+n}}(h)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',
'',
' Copyright Google LLC',
' SPDX-License-Identifier: Apache-2.0',
'*/',
'var Q4=function(Q,A,h,n,t){for(h=(n=h[t=0,3]|0,h[2]|0);t<16;t++)Q=Q>>>8|Q<<24,Q+=A|0,Q^=h+1634,A=A<<3|A>>>29,n=n>>>8|n<<24,n+=h|0,n^=t+1634,A^=Q,h=h<<3|h>>>29,h^=n;return[A>>>24&255,A>>>16&255,A>>>8&255,A>>>0&255,Q>>>24&255,Q>>>16&255,Q>>>8&255,Q>>>0&255]},A3=function(Q,A){return(A=N(Q),A)&128&&(A=A&127|N(Q)<<7),A},FM=function(Q,A,h,n,t){function l(){}return{invoke:function(p,d,e,F){function B(){n(function(w){h3(function(){p(w)})},e)}if(!d)return d=t(e),p&&p(d),d;n?B():(F=l,l=function(){h3((F(),B))})},pe:(h=(Q=nj((n=void 0,Q),function(p){l&&(A&&h3(A),n=p,l(),l=void 0)},!!A),t=Q[0],Q[1]),function(p){h&&h(p)})}},X=function(Q,A,h,n,t,l,p,d){if(!Q.Or&&(p=void 0,h&&h[0]===x&&(p=h[2],A=h[1],h=void 0),d=O(145,Q),d.length==0&&(t=O(54,Q)>>3,d.push(A,t>>8&255,t&255),p!=void 0&&d.push(p&255)),A="",h&&(h.message&&(A+=h.message),h.stack&&(A+=":"+h.stack)),h=O(87,Q),h[0]>3)){h=(A=l9((h[0]-=(A=A.slice(0,(h[0]|0)-3),A.length|0)+3,A)),Q).F,Q.F=Q;try{Q.Lo?(n=(n=O(146,Q))&&n[n.length-1]||95,(l=O(416,Q))&&l[l.length-1]==n||v(416,[n&255],Q)):v(146,[95],Q),v(222,T(A.length,2).concat(A),Q,9)}finally{Q.F=h}}},se=function(Q,A,h,n){for(h=(n=Y(Q),0);A>0;A--)h=h<<8|N(Q);S(n,Q,h)},N=function(Q){return Q.v?Bj(Q,Q.H):y(Q,true,8)},t3=function(Q,A,h,n,t){v(((h=(n=Y((A&=(t=A&3,4),h=Y(Q),Q)),O(h,Q)),A)&&(h=l9(""+h)),t&&v(n,T(h.length,2),Q),n),h,Q)},Y=function(Q,A){if(Q.v)return Bj(Q,Q.H);return(A=y(Q,true,8),A)&128&&(A^=128,Q=y(Q,true,2),A=(A<<2)+(Q|0)),A},rC=function(Q,A,h,n,t){if((t=Q[0],t)==wC)A.R=true,A.vL=25,A.V(Q);else if(t==P){h=Q[1];try{n=A.s||A.V(Q)}catch(l){M(A,l),n=A.s}h((Q=A.S(),n)),A.P+=A.S()-Q}else if(t==Ue)Q[3]&&(A.u=true),Q[4]&&(A.R=true),A.V(Q);else if(t==pj)A.u=true,A.V(Q);else if(t==NF){try{for(n=0;n<A.j.length;n++)try{h=A.j[n],h[0][h[1]](h[2])}catch(l){}}catch(l){}((0,Q[1])(function(l,p){A.Sn(l,true,p)},function(l){c([dC],(l=!A.Z.length,A)),l&&q(A,true,false)},function(l){return A.sr(l)},(n=(A.j=[],A.S()),function(l,p){return A.Ko(l,p)})),A).P+=A.S()-n}else{if(t==xC)return n=Q[2],S(133,A,Q[6]),S(331,A,n),A.V(Q);t==dC?(A.l=[],A.I7=[],A.I=null):t==et&&E.document.readyState==="loading"&&(A.U=function(l,p){function d(){p||(p=true,l())}E.document.addEventListener("DOMContentLoaded",(p=false,d),z),E.addEventListener("load",d,z)})}},u9=function(Q,A,h){return(h=b[A.N](A.AN),h)[A.N]=function(){return Q},h.concat=function(n){Q=n},h},I,Bj=function(Q,A){return A=A.create().shift(),Q.v.create().length||Q.H.create().length||(Q.v=void 0,Q.H=void 0),A},G=function(Q,A,h){Q[S(h,A,Q),et]=2796},vj=function(Q,A,h,n,t,l,p,d){return(t=(d=h&7,A=[11,(p=Cj,-5),56,53,-24,-93,A,9,98,14],b[Q.N](Q.no)),t)[Q.N]=function(e){l=e,d+=6+7*h,d&=7},t.concat=function(e){return e=(e=(e=n%16+1,2886*l+4*n*n*e-e*l+A[d+67&7]*n*e+(p()|0)*e)-148*n*n*l- -185*n*l+d+37*l*l,l=void 0,A[e]),A[(d+53&7)+(h&2)]=e,A[d+(h&2)]=-5,e},t},Tl=function(Q,A,h){if(Q.length==3){for(h=0;h<3;h++)A[h]+=Q[h];for(Q=[13,8,13,12,16,5,3,10,15],h=0;h<9;h++)A[3](A,h%3,Q[h])}},i9=function(Q,A,h,n,t,l){if(!A.s){A.Y++;try{for(l=(h=A.B,n=void 0,0);--Q;)try{if(t=void 0,A.v)n=Bj(A,A.v);else{if(l=O(52,A),l>=h)break;n=O((S(54,A,l),t=Y(A),t),A)}n&&n[dC]&2048?n(A,Q):X(A,0,[x,21,t]),Z(Q,false,false,A)}catch(p){O(1,A)?X(A,22,p):S(1,A,p)}if(!Q){if(A.HL){i9(128011727466,(A.Y--,A));return}X(A,0,[x,33])}}catch(p){try{X(A,22,p)}catch(d){M(A,d)}}A.Y--}},XM=function(Q,A,h,n){return O(331,(S(52,(i9(Q,((n=O(52,h),h.l)&&n<h.B?(S(52,h, |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify it's you",
"prominent_button_name": "Next",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify it's you",
"prominent_button_name": "Next",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": [
"Google"
]
} |
|
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Verify",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Verify",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Skip",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://accounts.google.com/v3/signin/challenge/recaptcha?TL=AE--Lly1cEqscbMfnXg5rguBsjq1oW4daq7jeDjpUJkRlwpKkpKHApkPkv3hSJNL&cid=1&ddm=1&dsh=S2099356391%3A1736343419004542&flowName=GlifWebSignIn&source=andda Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://google.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://google.com |
Edit tour
OUTLOOK.EXE (PID: 4112 cmdline: 
ai.exe (PID: 3652 cmdline: 
chrome.exe (PID: 4572 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node