Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://accountsupporthub.es/generate/Login/

Overview

General Information

Sample URL:	https://accountsupporthub.es/generate/Login/
Analysis ID:	1589405

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious Javascript

AI detected suspicious URL

Javascript uses Telegram API

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 3436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,15390172301612843764,587559999045106460,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accountsupporthub.es/generate/Login/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://accountsupporthub.es/generate/Login/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential attack vector.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://accountsupporthub.es/generate/Login/... This script demonstrates several high-risk behaviors, including dynamic code execution via `eval()` and obfuscated code. It also sets a cookie with a long expiration date, which could be used for malicious purposes. Additionally, the script checks for the presence of various browser automation and testing frameworks, suggesting an attempt to detect and potentially evade security measures. Overall, this script exhibits a high degree of suspicious and potentially malicious activity.

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://accountsupporthub.es
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://accountsupporthub.es

Javascript uses Telegram API

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: (function() { // mnemonics is populated as required by getlanguage var mnemonics = { "english": new mnemonic("english") }; var mnemonic = mnemonics["english"]; var seed = null; var bip32rootkey = null; var bip32extendedkey = null; var network = libs.bitcoin.networks.bitcoin; var addressrowtemplate = $("#address-row-template"); var showindex = true; var showaddress = true; var showpubkey = true; var showprivkey = true; var showqr = false; var litecoinuseltub = true; var entropytypeautodetect = true; var entropychangetimeoutevent = null; var phrasechangetimeoutevent = null; var seedchangedtimeoutevent = null; var rootkeychangedtimeoutevent = null; var generationprocesses = []; var dom = {}; dom.privacyscreentoggle = $(".privacy-screen-toggle"); dom.network = $(".network"); dom.bip32client = $("#bip32-client"); dom.phrasenetwork = $("#network-phrase"); d...

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: Number of links: 0

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: Base64 decoded: 1736668653.000000

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: <input type="password" .../> found

Source: https://accountsupporthub.es/generate/Login/	HTTP Parser: No favicon
Source: https://accountsupporthub.es/generate/Login/	HTTP Parser: No favicon

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: No <meta name="author".. found

Source: https://accountsupporthub.es/generate/Login/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: accountsupporthub.es
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49745 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@16/13@8/37

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,15390172301612843764,587559999045106460,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accountsupporthub.es/generate/Login/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,15390172301612843764,587559999045106460,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://accountsupporthub.es/generate/Login/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
accountsupporthub.es	172.67.199.220	true	true		unknown
www.google.com	142.250.185.228	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://accountsupporthub.es/generate/Login/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.23.110	unknown	United States		15169	GOOGLEUS	false
142.250.186.106	unknown	United States		15169	GOOGLEUS	false
172.67.199.220	accountsupporthub.es	United States		13335	CLOUDFLARENETUS	true
142.250.185.228	www.google.com	United States		15169	GOOGLEUS	false
64.233.167.84	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
104.21.90.106	unknown	United States		13335	CLOUDFLARENETUS	false
172.217.18.3	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589405
Start date and time:	2025-01-12 08:57:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://accountsupporthub.es/generate/Login/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@16/13@8/37

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.23.110, 64.233.167.84, 142.250.181.238, 142.250.186.110, 142.250.184.206, 199.232.214.172, 142.250.186.106, 142.250.186.138, 142.250.184.234, 172.217.16.138, 216.58.206.74, 142.250.185.74, 142.250.185.106, 142.250.185.234, 172.217.16.202, 172.217.18.10, 142.250.185.138, 142.250.186.170, 142.250.184.202, 142.250.185.202, 142.250.181.234, 216.58.206.42, 2.23.242.162
Excluded domains from analysis (whitelisted): clients2.google.com, fs.microsoft.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://accountsupporthub.es/generate/Login/

LLM Input / Output

Input	Output
URL: https://accountsupporthub.es Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://accountsupporthub.es
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential attack vector." }
(function(){function c(){var b=a.contentDocument\|\|a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'900b98a8bfa67cf4',t:'MTczNjY2ODY1My4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange\|\|function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided code appears to be a set of network configurations for various cryptocurrencies, including Bitcoin, Dash, Namecoin, and others. This is a common practice in cryptocurrency development and does not contain any high-risk indicators. The code is primarily defining network parameters and does not exhibit any behaviors that would be considered malicious or suspicious." }
libs.bitcoin.networks.shadow = { messagePrefix: 'unused', bip32: { public: 0xEE80286A, private: 0xEE8031E8 }, pubKeyHash: 0x3f, scriptHash: 0x7d, wif: 0xbf }; libs.bitcoin.networks.shadowtn = { messagePrefix: 'unused', bip32: { public: 0x76C0FDFB, private: 0x76C1077A }, pubKeyHash: 0x7f, scriptHash: 0xc4, wif: 0xff }; libs.bitcoin.networks.clam = { messagePrefix: 'unused', bip32: { public: 0xa8c26d64, private: 0xa8c17826 }, pubKeyHash: 0x89, scriptHash: 0x0D, wif: 0x85 }; libs.bitcoin.networks.crown = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x00, scriptHash: 0x05, wif: 0x80, toNewAddress: function(oldAddress) { var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' var b58 = libs.basex(ALPHABET); var addrBytes = b58.decode(oldAddress); var hash160 = libs.buffer.Buffer.from(new Uint16Array(23)); hash160[0]= 0x01; //C hash160[1]= 0x75; //R hash160[2]= 0x07; //W addrBytes.copy(hash160, 3, 1, 21); var checksum = libs.bitcoin.crypto.hash256(hash160).subarray(0, 4); var binaryAddr = libs.buffer.Buffer.from(new Uint16Array(27)); binaryAddr.set(hash160,0); checksum.copy(binaryAddr, 23, 0, 4); var newAddress = b58.encode(binaryAddr); return newAddress; } }; libs.bitcoin.networks.dash = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x4c, scriptHash: 0x10, wif: 0xcc }; libs.bitcoin.networks.maza = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x32, scriptHash: 0x09, wif: 0xe0 }; libs.bitcoin.networks.dashtn = { messagePrefix: 'unused', bip32: { public: 0x043587cf, private: 0x04358394 }, pubKeyHash: 0x8c, scriptHash: 0x13, wif: 0xef }; libs.bitcoin.networks.game = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x26, scriptHash: 0x05, wif: 0xa6 }; libs.bitcoin.networks.namecoin = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x34, scriptHash: 0x0D, wif: 0xb4 }; libs.bitcoin.networks.peercoin = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x37, scriptHash: 0x75, wif: 0xb7 }; libs.bitcoin.networks.axe = { messagePrefix: 'unused', bip32: { public: 0x0488b21e, private: 0x0488ade4 }, pubKeyHash: 0x37, scriptHash: 0x10, // TODO set this correctly wif: 0xcc }; libs.bitcoin.networks.scribe = { messagePrefix: 'unused', bip32: { public: 0x0488B21E, private: 0x0488ADE4 }, pubKeyHash: 0x3c, scriptHash: 0x7d, wif: 0x6e }; libs.bitcoin.networks.slimcoin = { messagePrefix: 'unused', bip32: { public: 0xef6adf10, private: 0xef69ea80 }, pubKeyHash: 0x3f, scriptHash: 0x7d, wif: 0x46 }; libs.bitcoin.networks.slimcointn = { messagePrefix: 'unused', bip32: { public: 0x043587CF, private: 0x04358394 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0x57 }; libs.bitcoin.networks.dogecoin = { messagePrefix: '\x19Dogecoin Signed Message:\n', bip32: { public: 0x02faca
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution via `eval()` and obfuscated code. It also sets a cookie with a long expiration date, which could be used for malicious purposes. Additionally, the script checks for the presence of various browser automation and testing frameworks, suggesting an attempt to detect and potentially evade security measures. Overall, this script exhibits a high degree of suspicious and potentially malicious activity." }
eval(decodeURIComponent(escape('\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x61\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x20\x7B\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x21\x77\x69\x6E\x64\x6F\x77\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x7D\x20\x63\x61\x74\x63\x68\x28\x65\x29\x20\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x31\x7D\x20\x7D\x2C\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x62\x2C\x20\x63\x29\x20\x7B\x61\x28\x29\x20\x3F\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x28\x22\x44\x4F\x4D\x43\x6F\x6E\x74\x65\x6E\x74\x4C\x6F\x61\x64\x65\x64\x22\x2C\x20\x62\x2C\x20\x63\x29\x20\x3A\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x74\x74\x61\x63\x68\x45\x76\x65\x6E\x74\x28\x22\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65\x22\x2C\x20\x62\x29\x7D\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x6E\x6F\x77\x20\x3D\x20\x6E\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x74\x69\x6D\x65\x20\x3D\x20\x6E\x6F\x77\x2E\x67\x65\x74\x54\x69\x6D\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x74\x69\x6D\x65\x20\x2B\x3D\x20\x33\x30\x30\x20\x2A\x20\x31\x30\x30\x30\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x6E\x6F\x77\x2E\x73\x65\x74\x54\x69\x6D\x65\x28\x74\x69\x6D\x65\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x20\x3D\x20\x27\x35\x75\x75\x38\x61\x5A\x74\x63\x43\x2D\x4E\x42\x5A\x7A\x7A\x50\x70\x4D\x5A\x7A\x6E\x7A\x74\x4D\x74\x4A\x6B\x3D\x32\x34\x56\x35\x66\x64\x5F\x53\x71\x47\x66\x79\x6E\x43\x73\x48\x6D\x41\x4A\x62\x6C\x39\x79\x53\x6E\x64\x41\x27\x20\x2B\x20\x27\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D\x27\x20\x2B\x20\x27\x4D\x6F\x6E\x2C\x20\x31\x33\x2D\x4A\x61\x6E\x2D\x32\x35\x20\x30\x37\x3A\x35\x37\x3A\x33\x33\x20\x47\x4D\x54\x27\x20\x2B\x20\x27\x3B\x20\x70\x61\x74\x68\x3D\x2F\x27\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2F\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x20\x70\x75\x7A\x7A\x6C\x65\x20\x66\x6F\x72\x20\x62\x72\x6F\x77\x73\x65\x72\x20\x74\x6F\x20\x66\x69\x67\x75\x72\x65\x20\x6F\x75\x74\x20\x74\x6F\x20\x67\x65\x74\x20\x61\x6E\x73\x77\x65\x72\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x63\x61\x6C\x6C\x50\x68\x61\x6E\x74\x6F\x6D\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x20\x50\x68\x61\x6E\x74\x6F\x6D\x4A\x53\x2D\x62\x61\x73\x65\x64\x20\x77\x65\x62\x20\x70\x65\x72\x66\x20\x6D\x65\x74\x72\x69\x63\x73\x20\x2B\x20\x6D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67\x20\x74\x6F\x6F\x6C\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x42\x75\x66\x66\x65\x72\x29\x7B\x2F\x2A\x6E\x6F\x64\x65\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x65\x6D\x69\x74\x29\x7B\x2F\x2A\x63\x6F\x75\x63\x68\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x73\x70\x61\x77\x6E\x29\x7B\x2F\x2A\x72\x68\x69\x6E\x6F\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x77\x65\x62\x64\x72\x69\x76\x65\x72\x29\x7B\x2F\x2A\x73\x65\x6C\x65\x6E\x69\x75\x6D\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be the Bootstrap library, which is a widely used and trusted front-end framework. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on handling CSS transitions and implementing an alert functionality, which are common and legitimate use cases for a UI framework like Bootstrap. Overall, this snippet poses a low risk and is likely part of a legitimate web application." }
/! Bootstrap v3.4.1 (https://getbootstrap.com/) * Copyright 2011-2019 Twitter, Inc. * Licensed under the MIT license / if (typeof jQuery === 'undefined') { throw new Error('Bootstrap\'s JavaScript requires jQuery') } +function ($) { 'use strict'; var version = $.fn.jquery.split(' ')[0].split('.') if ((version[0] < 2 && version[1] < 9) \|\| (version[0] == 1 && version[1] == 9 && version[2] < 1) \|\| (version[0] > 3)) { throw new Error('Bootstrap\'s JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4') } }(jQuery); / ======================================================================== * Bootstrap: transition.js v3.4.1 * https://getbootstrap.com/docs/3.4/javascript/#transitions * ======================================================================== * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== / +function ($) { 'use strict'; // CSS TRANSITION SUPPORT (Shoutout: https://modernizr.com/) // ============================================================ function transitionEnd() { var el = document.createElement('bootstrap') var transEndEventNames = { WebkitTransition : 'webkitTransitionEnd', MozTransition : 'transitionend', OTransition : 'oTransitionEnd otransitionend', transition : 'transitionend' } for (var name in transEndEventNames) { if (el.style[name] !== undefined) { return { end: transEndEventNames[name] } } } return false // explicit for ie8 ( ._.) } // https://blog.alexmaccaw.com/css-transitions $.fn.emulateTransitionEnd = function (duration) { var called = false var $el = this $(this).one('bsTransitionEnd', function () { called = true }) var callback = function () { if (!called) $($el).trigger($.support.transition.end) } setTimeout(callback, duration) return this } $(function () { $.support.transition = transitionEnd() if (!$.support.transition) return $.event.special.bsTransitionEnd = { bindType: $.support.transition.end, delegateType: $.support.transition.end, handle: function (e) { if ($(e.target).is(this)) return e.handleObj.handler.apply(this, arguments) } } }) }(jQuery); / ======================================================================== * Bootstrap: alert.js v3.4.1 * https://getbootstrap.com/docs/3.4/javascript/#alerts * ======================================================================== * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== / +function ($) { 'use strict'; // ALERT CLASS DEFINITION // ====================== var dismiss = '[data-dismiss="alert"]' var Alert = function (el) { $(el).on('click', dismiss, this.close) } Alert.VERSION = '3.4.1' Alert.TRANSITION_DURATION = 150 Alert.prototype.close = function (e) { var $this = $(this) var selector = $this.attr('data-target') if (!selector) { selector = $this.attr('href') selector = selector && selector.replace(/.(?=#[^\s]*$)/, '') // strip for ie7 } selector = selector === '#' ? [] : selector var $parent = $(document).find(selector) if (e) e.preventDefault() if (!$parent.length) { $parent = $this.closest('.alert') } $parent.trigger(e
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided code appears to be a utility function for converting between different address formats, likely for a cryptocurrency called 'CasinoCoin'. The functions do not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code seems to be focused on simple string manipulation and format conversion, which is a common practice in the cryptocurrency domain. Therefore, this code is assessed as low risk." }
function convertCasinoCoinAdrr(address) { return libs.basex('cpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2brdeCg65jkm8oFqi1tuvAxyz').encode( libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(address) ) } function convertCasinoCoinPriv(priv) { return libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(priv).toString("hex").slice(2,66) }
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a configuration for different Bitcoin network types, including mainnet, testnet, and regtest. It defines the parameters for various Bitcoin address types, such as p2wpkh, p2wpkh in p2sh, p2wsh, and p2wsh in p2sh. This is a common and legitimate practice in the Bitcoin ecosystem, and the code does not exhibit any high-risk indicators. The script is likely part of a larger application or library that works with Bitcoin transactions and addresses." }
(function() { // p2wpkh libs.bitcoin.networks.bitcoin.p2wpkh = { baseNetwork: "bitcoin", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bc', bip32: { public: 0x04b24746, private: 0x04b2430c }, pubKeyHash: 0x00, scriptHash: 0x05, wif: 0x80 }; libs.bitcoin.networks.testnet.p2wpkh = { baseNetwork: "testnet", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'tb', bip32: { public: 0x045f1cf6, private: 0x045f18bc }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; libs.bitcoin.networks.regtest.p2wpkh = { baseNetwork: "regtest", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bcrt', bip32: { public: 0x045f1cf6, private: 0x045f18bc }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; // p2wpkh in p2sh libs.bitcoin.networks.bitcoin.p2wpkhInP2sh = { baseNetwork: "bitcoin", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bc', bip32: { public: 0x049d7cb2, private: 0x049d7878 }, pubKeyHash: 0x00, scriptHash: 0x05, wif: 0x80 }; libs.bitcoin.networks.testnet.p2wpkhInP2sh = { baseNetwork: "testnet", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'tb', bip32: { public: 0x044a5262, private: 0x044a4e28 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; libs.bitcoin.networks.regtest.p2wpkhInP2sh = { baseNetwork: "regtest", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bcrt', bip32: { public: 0x044a5262, private: 0x044a4e28 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; // p2wsh libs.bitcoin.networks.bitcoin.p2wsh = { baseNetwork: "bitcoin", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bc', bip32: { public: 0x02aa7ed3, private: 0x02aa7a99 }, pubKeyHash: 0x00, scriptHash: 0x05, wif: 0x80 }; libs.bitcoin.networks.testnet.p2wsh = { baseNetwork: "testnet", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'tb', bip32: { public: 0x02575483, private: 0x02575048 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; libs.bitcoin.networks.regtest.p2wsh = { baseNetwork: "regtest", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bcrt', bip32: { public: 0x02575483, private: 0x02575048 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; // p2wsh in p2sh libs.bitcoin.networks.bitcoin.p2wshInP2sh = { baseNetwork: "bitcoin", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'bc', bip32: { public: 0x0295b43f, private: 0x0295b005 }, pubKeyHash: 0x00, scriptHash: 0x05, wif: 0x80 }; libs.bitcoin.networks.testnet.p2wshInP2sh = { baseNetwork: "testnet", messagePrefix: '\x18Bitcoin Signed Message:\n', bech32: 'tb', bip32: { public: 0x024289ef, private: 0x024285b5 }, pubKeyHash: 0x6f, scriptHash: 0xc4, wif: 0xef }; libs.bitcoin.networks.regtest.p2wshInP2sh = {
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided code appears to be a utility function for converting Jingtum addresses and private keys between different encoding formats. This is a common practice in cryptocurrency wallets and does not demonstrate any high-risk behaviors. The code is straightforward and does not contain any indicators of malicious intent." }
function convertJingtumAdrr(address) { return libs.basex('jpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65rkm8oFqi1tuvAxyz').encode( libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(address) ) } function convertJingtumPriv(priv) { return libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(priv).toString("hex").slice(2,66) }
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This JavaScript snippet appears to be a part of the jQuery library, which is a widely used and trusted JavaScript framework. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The code is primarily focused on defining the jQuery object and its associated methods, which are common practices in JavaScript development. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are used in a legitimate context. Overall, this snippet poses a low risk and is likely part of a benign, well-established library." }
( function( global, factory ) { "use strict"; if ( typeof module === "object" && typeof module.exports === "object" ) { // For CommonJS and CommonJS-like environments where a proper `window` // is present, execute the factory and get jQuery. // For environments that do not have a `window` with a `document` // (such as Node.js), expose a factory as module.exports. // This accentuates the need for the creation of a real `window`. // e.g. var jQuery = require("jquery")(window); // See ticket #14549 for more info. module.exports = global.document ? factory( global, true ) : function( w ) { if ( !w.document ) { throw new Error( "jQuery requires a window with a document" ); } return factory( w ); }; } else { factory( global ); } // Pass this if window is not defined yet } )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { // Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 // throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode // arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common // enough that all such attempts are guarded in a try block. "use strict"; var arr = []; var document = window.document; var getProto = Object.getPrototypeOf; var slice = arr.slice; var concat = arr.concat; var push = arr.push; var indexOf = arr.indexOf; var class2type = {}; var toString = class2type.toString; var hasOwn = class2type.hasOwnProperty; var fnToString = hasOwn.toString; var ObjectFunctionString = fnToString.call( Object ); var support = {}; function DOMEval( code, doc ) { doc = doc \|\| document; var script = doc.createElement( "script" ); script.text = code; doc.head.appendChild( script ).parentNode.removeChild( script ); } /* global Symbol */ // Defining this global in .eslintrc.json would create a danger of using the global // unguarded in another place, it seems safer to define global only for this module var version = "3.2.1", // Define a local copy of jQuery jQuery = function( selector, context ) { // The jQuery object is actually just the init constructor 'enhanced' // Need init if jQuery is called (just allow error to be thrown if not included) return new jQuery.fn.init( selector, context ); }, // Support: Android <=4.0 only // Make sure we trim BOM and NBSP rtrim = /^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g, // Matches dashed string for camelizing rmsPrefix = /^-ms-/, rdashAlpha = /-([a-z])/g, // Used by jQuery.camelCase as callback to replace() fcamelCase = function( all, letter ) { return letter.toUpperCase(); }; jQuery.fn = jQuery.prototype = { // The current version of jQuery being used jquery: version, constructor: jQuery, // The default length of a jQuery object is 0 length: 0, toArray: function() { return slice.call( this ); }, // Get the Nth element in the matched element set OR // Get the whole matched element set as a clean array get: function( num ) { // Return all the elements in a clean array if ( num == null ) { return slice.call( this ); } // Return just the one element from the set return num < 0 ? this[ num + this.length ] : this[ num ]; }, // Take an array of elements and push
URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a utility for converting Ripple addresses and private keys. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code uses standard base conversion functions and does not exhibit any suspicious behavior. While the code may be part of a larger application, the provided snippet alone does not pose a significant security risk." }
function convertRippleAdrr(address) { return libs.basex('rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz').encode( libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(address) ) } function convertRipplePriv(priv) { return libs.basex('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz').decode(priv).toString("hex").slice(2,66) }
URL: https://accountsupporthub.es/generate/Login/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Access your wallet with your Secret Recovery Phrase", "prominent_button_name": "unknown", "text_input_field_labels": [ "Type your Secret Recovery Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://accountsupporthub.es/generate/Login/... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script primarily involves module exports and library imports without any high-risk behaviors such as dynamic code execution or data exfiltration. It uses try-catch blocks for error handling and does not interact with external domains in a suspicious manner. The code appears to be a library setup script, which is generally low risk." }
!function(f){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=f();else if("function"==typeof define&&define.amd)define([],f);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).libs=f()}}(function(){var define,module,exports;return function(){return function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){return o(e[i][1][r]\|\|r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}}()({1:[function(require,module,exports){module.exports.basex=require("base-x"),module.exports.base32=require("base32.js"),module.exports.bchaddr=require("bchaddrjs"),module.exports.bchaddrSlp=require("bchaddrjs-slp"),module.exports.bech32=require("bech32"),module.exports.BigInteger=require("javascript-biginteger"),module.exports.bip38=require("bip38"),module.exports.bip85=require("bip85"),module.exports.bitcoin=require("bitcoinjs-lib"),module.exports.buffer=require("buffer"),module.exports.elastosjs=require("elastos-wallet-js"),module.exports.ethUtil=require("ethereumjs-util"),module.exports.levenshtein=require("fast-levenshtein"),module.exports.groestlcoinjs=require("groestlcoinjs-lib"),module.exports.groestlcoinjsBip38=require("bip38grs"),module.exports.kjua=require("kjua");try{module.exports.nebulas=require("nebulas")}catch(e){console.warn("Error loading nebulas library"),console.warn(e)}let StellarBase=require("stellar-base"),edHd=require("ed25519-hd-key");module.exports.stellarUtil={getKeypair:function(path,seed){const result=edHd.derivePath(path,seed);return StellarBase.Keypair.fromRawEd25519Seed(result.key)},dummyNetwork:{bip32:{public:0,private:0},messagePrefix:"",pubKeyHash:0,scriptHash:0,wif:0}};let base32=require("base32.js"),nbl=require("nebulas");module.exports.zoobcUtil={getKeypair:function(path,seed){const{key:key,chainCode:chainCode}=edHd.derivePath(path,seed);return{key:key,chainCode:chainCode,pubKey:edHd.getPublicKey(key)}},getZBCAddress(publicKey,prefix="ZBC"){if(["ZBC","ZNK","ZBL","ZTX"].indexOf(prefix)>-1){var bytes=new Uint8Array(35);for(let i=0;i<32;i++)bytes[i]=publicKey[i];for(let i=0;i<3;i++)bytes[i+32]=prefix.charCodeAt(i);const checksum=nbl.CryptoUtils.sha3(bytes);for(let i=0;i<3;i++)bytes[i+32]=Number(checksum[i]);var segs=[prefix],b32=base32.encode(bytes);for(let i=0;i<7;i++)segs.push(b32.substr(8*i,8));return segs.join("_")}throw new Error("The Prefix not available!")}};let NanoBase=require("nanocurrency-web");module.exports.nanoUtil={getKeypair:function(index,seed){const accounts=NanoBase.wallet.accounts(seed,index,index);return{privKey:accounts[0].privateKey,pubKey:accounts[0].publicKey,address:accounts[0].address}},dummyNetwork:{bip32:{public:0,private:0},messagePrefix:"",pubKeyHash:0,scriptHash:0,wif:0}},module.exports.unorm=require("unorm"),module.exports.zxcvbn=require("zxcvbn"),module.exports.handshake=require("handshake-util");try{module.exports.bs58=require("bs58")}catch(e){console.warn("Error loading bs58 library"),console.warn(e)}try{module.exports.createHash=require("create-hash")}catch(e){console.warn("Error loading create-hash library"),console.warn(e)}},{"base-x":56,"base32.js":57,bchaddrjs:60,"bchaddrjs-slp":59,bech32:61,bip38:71,bip38grs:72,bip85:87,"bitcoinjs-lib":99,bs58:244,buffer:243,"create-hash":278,"ed25519-hd-key":334,"elastos-wallet-js":336,"ethereumjs-util":357,"fast-levenshtein":363,"groestlcoinjs-lib":376,"handshake-util":406,"javascript-biginteger":442,kjua:477,"nanocurrency-web":685,nebulas:699,"stellar-base":830,unorm:868,zxcvbn:886}],2:[function(require,module,exports){"use strict";module.exports=function(fn,ctx){var params=new Array(arguments.length-1),offset=0,index=2,pending=!0;for(;index<arguments.length;)params[offset++
URL: https://accountsupporthub.es/generate/Login/ Model: Joe Sandbox AI	{ "brands": [ "unknown" ] }
	{ "brands": [ "unknown" ] }
URL: https://accountsupporthub.es/generate/Login/ Model: Joe Sandbox AI	```json{ "legit_domain": "unknown", "classification": "unknown", "reasons": [ "The brand is marked as 'unknown', and no specific brand is identified from the URL.", "The URL 'accountsupporthub.es' does not match any well-known brand domain.", "The domain name is generic and could be associated with various services, which is a common tactic in phishing.", "The use of 'Secret Recovery Phrase' is a red flag, as it is often associated with cryptocurrency wallets and phishing attempts.", "The '.es' domain extension is not typically associated with major global brands, which often use '.com'.", "The URL does not contain any specific brand name, making it difficult to associate with a legitimate service." ], "riskscore": 8}
URL: accountsupporthub.es Brands: unknown Input Fields: Type your Secret Recovery Phrase

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 06:57:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.989406882120204
Encrypted:	false
SSDEEP:
MD5:	95937507349FF9036F814CCB2052EEA0
SHA1:	F4549C1D8A43E1AF5C3EDF6525BC8757EA8B556E
SHA-256:	86095A41B4D7E4270A671460451245B10E80D552686D945582DD4261F8432142
SHA-512:	6EC531635CBEDFA9389F309B40F2A340EAF0EDAF72609C1764300BF13F2E19230553E2A942DF0411159A812F75ACDB7DD66DAE3DCF10B43D8000840F71B96210
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z1?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 06:57:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005109537203388
Encrypted:	false
SSDEEP:
MD5:	C9849D7E1C3E28886404E4D76DA1878E
SHA1:	8F94252334456282C11D60D68D53734BF2DD933A
SHA-256:	CF9B2447E42702851D744D32D99CF599C64B3C9771F750A3EDFA36FAA4F072F5
SHA-512:	46829A37BB789439E5630FF22F179D8C3791CCA89BF1A93D1594DE22D7222FDDB1790F06650FEC1F8E3BE813A4D8D44E610B383BE08E9E837A2ADF48B4ADF5DF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z1?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.012160717348386
Encrypted:	false
SSDEEP:
MD5:	4D8C8763878B94B700AE4F66A8226E74
SHA1:	86A3E84FC0D52AF92D92AD32853F5F8A74993779
SHA-256:	1079C960A065D709371258121E8F44A9414C1914915CFB35AB392E148F1A3A1B
SHA-512:	D908D82353842A47CF5ED6741C15075A353AF451439D9E863638413B8E8414C56C85B60E008E51FAEC94A4D691E8BCA7E43819C4FF2002A7997AEB27B831930D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 06:57:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0012269257726745
Encrypted:	false
SSDEEP:
MD5:	649CC9FC521FC2FA387241C1BA5C7652
SHA1:	D361C93526FB1DD77E8C538023B179702BBFFDF1
SHA-256:	D56414A8E9CDAE08AEBDA298C70CAD7531D4F67071CBF577B3FE7F5C7055BDDB
SHA-512:	823D45E284B79BD9064A0175E8E140ECA40A91E5B867D8865E98570C62684D2FB9E7BAB10BB2D12B284FF79DBFE3403BD004EC7A1A1171FE7B8609AFC3D40F63
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....^%..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z1?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 06:57:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9900505298643894
Encrypted:	false
SSDEEP:
MD5:	DD180754B7E59E8CCC6796079163FB02
SHA1:	E909BC743585E1025243F4566E30C36354F17B17
SHA-256:	402DE6C1E92C17BA79420725AF9BEA4FF7CE2DE3E4A7B550FD3EAE9A3DFBF885
SHA-512:	308D47198D6A5963B2EFFAB823002ECAD50C8F44916668B8FB1DD707A91FBFD27D7B2250DC0A70977034F0840B39A72456CD5BD54F1CD8E1DA2A2E298D359904
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....5...d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z1?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 06:57:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0004980787035525
Encrypted:	false
SSDEEP:
MD5:	8CF1D94F8C2862FBDBE00D360E78D9C4
SHA1:	DD5169246C0FAB3582D3EA9D4CE097D14BE2F552
SHA-256:	5701BD73D2BEAC33E19F9EEA335E4CA108E246026963C3AAF66E6CF4CF9679D8
SHA-512:	087D6F1D00F6D0B4B748FC797447E8CB6843747DA38752E89AB25E837DE5CBACB6BD10194E42ECFF0642D7AB2E7BEE86DB7AA83482FE267661208115653E3286
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Z(?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z0?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z0?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z0?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z1?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 364 x 364
Category:	dropped
Size (bytes):	82210
Entropy (8bit):	7.369013272765698
Encrypted:	false
SSDEEP:
MD5:	C868FE1EAC316BAAE99B52EE50FAE44F
SHA1:	E69A198375D4F9C6469D8AF9969C40726AB274B3
SHA-256:	7BB73ED7FFAB9CED34D672CA49477FB4210CB72FCCDB4E8A9B075C52C3D838C6
SHA-512:	2A4E7A31DDB4BE0B48D786CEEA70C5E741FD8236D5F1C147C9A1C97D8B1449BE38D9853279B2B783547F860A56BEEB49D27C72C77ECAE0CC997F9AD6D120A7F8
Malicious:	false
Reputation:	unknown
Preview:	GIF89al.l....... "5;G.4E./@.-?.,=.);.%7. 2..-..+..+..-. 2.->.3D.8I.=M.BQ.FU.JY.N\.Q_.Vd.Zg.]j._l.an.cp.fr.ht.jv.lx.nz.p}.s..v..y..{..}.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.....t.,....l.l........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	160
Entropy (8bit):	4.711155509762129
Encrypted:	false
SSDEEP:
MD5:	057A8F1CDA4F39B6939D4CC35574A3FA
SHA1:	E068642A13D543B8B4735A5961FB75E55006336C
SHA-256:	65353D2B34B5C02E80DE3AE4AB3036A2E39EAFE2E3763612D5BADA648F6B8964
SHA-512:	F16267D24B888819566060EA4F54394FC3FFA349172EF994E8FB623FCD25134A4651A4EA285A4E67197CFA322F3C72B33C2F32D05BF95CDC52C62BD278E5183D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISZAnRlR4NAPVEUBIFDZPY4DASBQ0RO5C1EgUN-GcC7hIFDTLUnCoSBQ30yAJcEgUNu3kLnhIFDZWTl8sSBQ3foYjDEgUNqEHesxIFDdhWLMcSBQ1G3owuEgUNDGCb-xIFDRxVZ7Q=?alt=proto
Preview:	CnUKBw2T2OAwGgAKBw0RO5C1GgAKBw34ZwLuGgAKBw0y1JwqGgAKBw30yAJcGgAKBw27eQueGgAKBw2Vk5fLGgAKBw3foYjDGgAKBw2oQd6zGgAKBw3YVizHGgAKBw1G3owuGgAKBw0MYJv7GgAKBw0cVWe0GgA=

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8794), with no line terminators
Category:	dropped
Size (bytes):	8794
Entropy (8bit):	5.755778680761384
Encrypted:	false
SSDEEP:
MD5:	297AD23936FAB0B4A4DA437F1FC242C7
SHA1:	8863B018A0552A0878348099EF0FE136FD27CC43
SHA-256:	183329FF2B28BE8F6BE4DD85AF409EE5BD37AA5EE52E8A1AE867030BDA022BA0
SHA-512:	3A399267D53973801EDA232525070FDE51E4292186E35EFB8E4FB9AC521C1470DD595F42D6739D7D4E8FCFD7A9B7C8049419EF0C06133298D2015A0B301856C3
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,o,s,z,A){W=b,function(c,d,V,e,f){for(V=b,e=c();!![];)try{if(f=parseInt(V(460))/1+parseInt(V(527))/2(parseInt(V(476))/3)+parseInt(V(477))/4(-parseInt(V(537))/5)+-parseInt(V(485))/6(-parseInt(V(432))/7)+parseInt(V(492))/8+-parseInt(V(447))/9(parseInt(V(457))/10)+-parseInt(V(522))/11*(parseInt(V(517))/12),f===d)break;else e.push(e.shift())}catch(E){e.push(e.shift())}}(a,722285),h=this\|\|self,i=h[W(503)],j=function(X,d,e,f){return X=W,d=String[X(441)],e={'h':function(E){return null==E?'':e.g(E,6,function(F,Y){return Y=b,Y(435)[Y(524)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(451)];R+=1)if(S=E[Z(524)](R),Object[Z(525)][Z(427)][Z(420)](I,S)\|\|(I[S]=M++,J[S]=!0),T=K+S,Object[Z(525)][Z(427)][Z(420)](I,T))K=T;else{if(Object[Z(525)][Z(427)][Z(420)](J,K)){if(256>K[Z(510)](0)){for(H=0;H<N;P<<=1,Q==F-1?(Q=0,O[Z(436)](G(P)),P=0):Q++,H++);for(U=K[Z(510)](0),H

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1702917
Entropy (8bit):	5.108940360971968
Encrypted:	false
SSDEEP:
MD5:	E830E078C233EEBE6DA37C9F2F2BC6B1
SHA1:	0EB3CF2FAB4B1DEE29507E89C0383DAB2268007B
SHA-256:	4FAD776E072A9C68A0C367E60285E295F876FF988A438A4083D597CC627AB419
SHA-512:	DAE87D6CDC28F565781E7E720C29933CA8D3DF5388E91D45A986345BA8EAA0A900ACB5AF44CEDBBF974C7521665B46141800E3AFFDC93B9C34CFE2FFE0EBD1FF
Malicious:	false
Reputation:	unknown
URL:	https://accountsupporthub.es/generate/Export/css/index.css
Preview:	.@charset "UTF-8";../.. MetaMask design system imports.. The variables declared here should take precedence... They are included first because they will be used to replace bad variable names in itcss.. prior to it being fully removed from the system.../../* http://meyerweb.com/eric/tools/css/reset/.. v2.0 \| 20110126.. License: none (public domain).... .. This file has been updated from the original copy. ....*/..@import "./react-gallery/carousel.min.css";..html,..body,..div,..span,..applet,..object,..iframe,..h1,..h2,..h3,..h4,..h5,..h6,..p,..blockquote,..pre,..a,..abbr,..acronym,..address,..big,..cite,..code,..del,..dfn,..em,..img,..ins,..kbd,..q,..s,..samp,..small,..strike,..strong,..sub,..sup,..tt,..var,..u,..i,..center,..dl,..dt,..dd,..ol,..ul,..li,..fieldset,..form,..label,..legend,..table,..caption,..tbody,..tfoot,..thead,..tr,..th,..td,..article,..aside,..canvas,..details,..embed,..figure,..figcaption,..footer,..header,..hgroup,..menu,..nav,..output,..ruby,

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8722), with no line terminators
Category:	downloaded
Size (bytes):	8722
Entropy (8bit):	5.750839973791139
Encrypted:	false
SSDEEP:
MD5:	6D87022A03CD2578A1B2DFFCF4E7DE49
SHA1:	3370C16F2A869EAC85AA8CCF7379209DFB079FB3
SHA-256:	7EAF3400CEA05190FEA2181064DD321DD47FC3EDC8439D524B09B3DE71F05DB6
SHA-512:	D05186E099F3447FEAFFAB704F02DA7C28EADB46980585A337D74CFF302C4960AED6C526E2CDD8748FCAB519CA9673C7EA478A06BCF94EB300793731606CDB77
Malicious:	false
Reputation:	unknown
URL:	https://accountsupporthub.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,l,s,v){W=b,function(c,e,V,f,g){for(V=b,f=c();!![];)try{if(g=parseInt(V(358))/1(-parseInt(V(416))/2)+-parseInt(V(371))/3(-parseInt(V(360))/4)+parseInt(V(386))/5+-parseInt(V(440))/6*(-parseInt(V(402))/7)+parseInt(V(427))/8+-parseInt(V(391))/9+-parseInt(V(403))/10,g===e)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,267329),h=this\|\|self,i=h[W(435)],j=function(X,e,f,g){return X=W,e=String[X(432)],f={'h':function(E){return E==null?'':f.g(E,6,function(F,Y){return Y=b,Y(408)[Y(378)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(429)];R+=1)if(S=E[Z(378)](R),Object[Z(374)][Z(404)][Z(418)](I,S)\|\|(I[S]=M++,J[S]=!0),T=K+S,Object[Z(374)][Z(404)][Z(418)](I,T))K=T;else{if(Object[Z(374)][Z(404)][Z(418)](J,K)){if(256>K[Z(439)](0)){for(H=0;H<N;P<<=1,F-1==Q?(Q=0,O[Z(424)](G(P)),P=0):Q++,H++);for(U=K[Z(439)](0),H=0;8>H;P=1&U\|P<<1.23,F-1==Q?(Q=0,O[Z(424)]

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://accountsupporthub.es/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3035
Entropy (8bit):	4.62034021293514
Encrypted:	false
SSDEEP:
MD5:	3A00F82520F544328930D71A9CED996F
SHA1:	43CF543208498D382B92732B74C8C0CE3628EF04
SHA-256:	6BC59810EE5F045AA2DB83A98BCC28608B7AADFCD1464120F4F6295055FCB926
SHA-512:	A4E059DD57CC6CF77390F3EAAF74C2AC03732B61D36548036E5D81C219DDD613F3AE6E17B4E4BAFF406CF1538CD3F968A14A6B9D9973C20025B48689275E77EE
Malicious:	false
Reputation:	unknown
URL:	https://accountsupporthub.es/generate/Export/css/index-rtl.css
Preview:	<!doctype html>..<html>.. <head>.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1 user-scalable=no">.. <title>MetaMask</title>.. <link rel="stylesheet" type="text/css" href="./index.css" title="ltr">.. <link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>.. </head>.. <body>.. <div id="app-content">.. <img class="loading-logo" src="./images/logo/metamask-fox.svg" alt="" />.. <img class="loading-spinner" src="./images/spinner.gif" alt="" />.. </div>.. <div id="popover-content"></div>.. <script src="./snow.js" type="text/javascript" charset="utf-8"></script>.. <script src="./use-snow.js" type="text/javascript" charset="utf-8"></script>.. <script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>.. <script src="./sentry-install.js" type="text/javascript" charset="utf-8"></script>.. <script src="./runtime-lavamoat.js" type="text/javascr

Static File Info

⊘No static file info