| URL: https://u5fv5thbb.cc.rs6.net Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://u5fv5thbb.cc.rs6.net |
| URL: https://docs.google.com/drawings/d/1ZOS_an7pjHUaCl... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including sending data to external domains via `sendBeacon` and redirecting to a potentially suspicious domain. While the script appears to be handling a JavaScript error scenario, the use of an obfuscated URL and the redirection to an unknown domain raise concerns. Further investigation may be needed to determine the legitimacy of the script's purpose."
} |
if ((!this['init_preview']) || false ) {if (window.navigator && window.navigator.sendBeacon) {var DOCS_hasSentJsNotLoadedError=window['DOCS_hasSentJsNotLoadedError']||false; var perfContext = '';var severityContext = DOCS_hasSentJsNotLoadedError?'&context.severity=postmortem':'';window.navigator.sendBeacon('\/drawings\/jserror?jobset\x3dprod\x26error\x3dJS+binary+load+failure&context.functionName=init_preview' + '&context.serviceWorkerControlled=' + !!(navigator.serviceWorker && navigator.serviceWorker.controller) + '\x26context.actionName\x3dPreview' + severityContext + perfContext); DOCS_hasSentJsNotLoadedError=true;}(window.enterCoreJsErrorDialog ? enterCoreJsErrorDialog() : (window.location.href = 'https:\/\/support.google.com\/accounts\/answer\/32050'))}init_preview({docId: '1ZOS_an7pjHUaClSXynbGUfEA7fF9zl7qP1huGkZ7hIY', enableSvgOnlyPreview: false ,vector: '\x3csvg version\x3d\x221.1\x22 viewBox\x3d\x220.0 0.0 960.0 720.0\x22 fill\x3d\x22none\x22 stroke\x3d\x22none\x22 stroke-linecap\x3d\x22square\x22 stroke-miterlimit\x3d\x2210\x22 xmlns:xlink\x3d\x22http:\/\/www.w3.org\/1999\/xlink\x22 xmlns\x3d\x22http:\/\/www.w3.org\/2000\/svg\x22\x3e\x3cclipPath id\x3d\x22p.0\x22\x3e\x3cpath d\x3d\x22m0 0l960.0 0l0 720.0l-960.0 0l0 -720.0z\x22 clip-rule\x3d\x22nonzero\x22\/\x3e\x3c\/clipPath\x3e\x3cg clip-path\x3d\x22url(#p.0)\x22\x3e\x3cpath fill\x3d\x22#ffffff\x22 d\x3d\x22m0 0l960.0 0l0 720.0l-960.0 0z\x22 fill-rule\x3d\x22evenodd\x22\/\x3e\x3cpath fill\x3d\x22#000000\x22 fill-opacity\x3d\x220.0\x22 d\x3d\x22m16.0 16.0l928.0001 0l0 650.4858l-928.0001 0z\x22 fill-rule\x3d\x22evenodd\x22\/\x3e\x3cg transform\x3d\x22matrix(0.49204671916010495 0.0 0.0 0.49204671916010495 16.0 16.0)\x22\x3e\x3cclipPath id\x3d\x22p.1\x22\x3e\x3cpath d\x3d\x22m7.1054274E-15 7.1054274E-15l1886.0 0l0 1322.0l-1886.0 0z\x22 clip-rule\x3d\x22evenodd\x22\/\x3e\x3c\/clipPath\x3e\x3cimage clip-path\x3d\x22url(#p.1)\x22 fill\x3d\x22#000\x22 width\x3d\x221886.0\x22 height\x3d\x221322.0\x22 x\x3d\x220.0\x22 y\x3d\x220.0\x22 crossorigin\x3d\x22use-credentials\x22 preserveAspectRatio\x3d\x22none\x22 xlink:href\x3d\x22https:\/\/lh7-rt.googleusercontent.com\/drawingsz\/AHiSRb2o9fEfNT55pAlbLaAZB5W7PAukKE8gBEeVHi3EXU_pVGTlhr5sCJ9upg2LgKGM_qX4Mi9RoBwyydTMXjQpbmTISee8ij74KTZYqdmz0vOc5XVJJAZyIU6ziK_rb-COa28?key\x3dDfOy8i41ssrBomXUfZT-O6tn\x22\/\x3e\x3c\/g\x3e\x3ca xlink:href\x3d\x22https:\/\/www.google.com\/url?q\x3dhttps:\/\/ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev\x26amp;sa\x3dD\x26amp;source\x3deditors\x26amp;ust\x3d1736878313217304\x26amp;usg\x3dAOvVaw3i7X6T6W51zPPyTm7vfkA3\x22 target\x3d\x22_blank\x22 rel\x3d\x22noreferrer\x22\x3e\x3cpath fill\x3d\x22transparent\x22 fill-opacity\x3d\x220\x22 d\x3d\x22m16.0 16.0l928.0001 0l0 650.4858l-928.0001 0z\x22 fill-rule\x3d\x22evenodd\x22\/\x3e\x3c\/a\x3e\x3c\/g\x3e\x3c\/svg\x3e',raster: 'https:\/\/docs.google.com\/drawings\/d\/1ZOS_an7pjHUaClSXynbGUfEA7fF9zl7qP1huGkZ7hIY\/image?pli\x3d1'});
|
| URL: https://docs.google.com/static/drawings/client/js/... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a utility function for initializing a global `_F_toggles` array. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is likely part of a larger framework or library and does not demonstrate any malicious intent. While it uses some legacy practices like `globalThis` checks, the overall behavior is benign and does not pose a significant security risk."
} |
function _F_toggles_initialize(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]}_F_toggles_initialize([]);
/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var aa="Edge",ba="Error in protected function: ",ca="Missing error cause.",da="Not available",ea="SCRIPT",fa="_/wa/",ha="apps_telemetry.processed",ia="attributionsrc",ja="bigint",ka="boolean",la="buildLabel",ma="complete",na="error",pa="fatal",n="function",qa="gssmodulesetproto",ra="iPad",sa="iPod",ua="incident",va="jsaction",wa="kaspersky-labs",xa="neurosurgeonundergo",r="number",u="object",ya="prerender",za="severity",Aa="severity-unprefixed",w="string",Ba="success",Ca="true",Da="unhandledrejection";
function Ea(){return function(a){return a}}function x(){return function(){}}function Fa(a){return function(){return this[a]}}function Ga(a){return function(){return a}}var y;function Ha(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}}var Ia=typeof Object.defineProperties==n?Object.defineProperty:function(a,c,e){if(a==Array.prototype||a==Object.prototype)return a;a[c]=e.value;return a};
function Ja(a){a=[u==typeof globalThis&&globalThis,a,u==typeof window&&window,u==typeof self&&self,u==typeof global&&global];for(var c=0;c<a.length;++c){var e=a[c];if(e&&e.Math==Math)return e}throw Error("a");}var Ka=Ja(this);function z(a,c){if(c)a:{var e=Ka;a=a.split(".");for(var f=0;f<a.length-1;f++){var g=a[f];if(!(g in e))break a;e=e[g]}a=a[a.length-1];f=e[a];c=c(f);c!=f&&c!=null&&Ia(e,a,{configurable:!0,writable:!0,value:c})}}
z("Symbol",function(a){function c(h){if(this instanceof c)throw new TypeError("b");return new e(f+(h||"")+"_"+g++,h)}function e(h,k){this.g=h;Ia(this,"description",{configurable:!0,writable:!0,value:k})}if(a)return a;e.prototype.toString=Fa("g");var f="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",g=0;return c});
z("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var c="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),e=0;e<c.length;e++){var f=Ka[c[e]];typeof f===n&&typeof f.prototype[a]!=n&&Ia(f.prototype,a,{configurable:!0,writable:!0,value:function(){return La(Ha(this))}})}return a});function La(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var Ma=typeof Object.create==n?Object.create:function(a){function c(){}c.prototype=a;return new c},Na;if(typeof Object.setPrototypeOf==n)Na=Object.setPrototypeOf;else{var Oa;a:{var Pa={a:!0},Qa={};try{Qa.__proto__=Pa;Oa=Qa.a;break a}catch(a){}Oa=!1}Na=Oa?function(a,c){a.__proto__=c;if(a.__proto__!==c)throw new TypeError("d`"+a);return a}:null}var Ra=Na;
function A(a,c){a.prototype=Ma(c.prototype);a.prototype.constructor=a;if(Ra)Ra(a,c);else for(var e in c)if(e!="prototype")if(Object.defineProperties){var f=Object.getOwnPropertyDescriptor(c,e);f&&Object.defineProperty(a,e,f)}else a[e]=c[e];a.Y=c.prototype}function B(a){var c=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(c)return c.call(a);if(typeof a.length==r)return{next:Ha(a)};throw Error("e`"+String(a));}
function Sa(a){if(!(a instanceof Array)){a=B(a);for(var c,e=[];!(c=a.next()).done;)e.push(c.value);a=e}return a}function Ta(a){return Ua(a,a)}function Ua(a,c){a.raw=c;Object.freeze&&(Object.freeze(a),Object.freeze(c));return a}function Va(){for(var a=Number(this),c=[],e=a;e<arguments.length;e++)c[e-a]=arguments[e];return c}
z("Promise",function(a){function c(k){this.g=0;this.l=void 0;this.j=[];this.v=!1;var l=this.o();try{k(l.resolve,l.reject)}catch(m){l.reject(m)}}function e(){this.g=null}function f(k){return k instanceof c?k:new c(function(l){l(k)})}if(a)return a;e.prototype.j=function(k){if(this.g==null){this.g=[];var l=this;this.l(function(){l.s()})}this.g.push(k)};var g=Ka.setTimeout;e.prototype.l=function(k){g(k,0)};e.prototype.s=function(){for(;this.g&&this.g.length;){var k=this.g;this.g=[];for(var l=0;l<k.length;++l){var m |
| URL: https://docs.google.com/drawings/d/1ZOS_an7pjHUaClSXynbGUfEA7fF9zl7qP1huGkZ7hIY/preview?pli=1 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "You have a new voice message",
"prominent_button_name": "Listen to Voicemail",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs.google.com/drawings/d/1ZOS_an7pjHUaClSXynbGUfEA7fF9zl7qP1huGkZ7hIY/preview?pli=1 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be related to Cloudflare's challenge system, which is a legitimate security mechanism. While it uses some legacy APIs and has some obfuscated elements, the overall behavior is consistent with Cloudflare's services and does not demonstrate any clear malicious intent. The risk score is low, as this is likely a benign script with some outdated practices."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '87ved',
chlApiSitekey: '0x4AAAAAAA5LpsjCCymM0ypi',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'xhvUj16ATcH0Vddu8LelnBk6jyCbN45gY9q5SC81QZc-1736874725-1.3.1.1-L_VFCDhmN39p0Pf2W3heioFkIY_dSPli0mIViRT4PwU',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '901f3fbd08fbc3ee',
cH: 'CX58X6jpF1zdU2yvWFTZgWgqOJ4x3HaNOOiTF_UIZTE-1736874725-1.1.1.1-wRSpsTqXt7.atb88rCn_.84hg_e71BGhMYWqIkiMU6YZhi6uLh9PaXgBOYI.nnyE',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'sr8.LijLytAUTkazGx51NxB73vDYnrVKPn2iQ7d_xCA-1736874725-1.1.1.1-F2NlYNrRFeIiX9sbTiCpuQRhKq8y7TBNNcDhDHg43.VgriM.dKreJ6HTgnCSdThTuDZPhQmUZHDJCS7Gr465exOKIIcV_.mxwUgf_8TL.sf5FbSU_oVfdIf7ukjyPre0m9CqX3tZ3AAXC9gKe7TbH_TXbeKQSA9lCMO0AFbLPOhFnlpdJybrmvVGtfIh0.mF7YZQXoVbqYVWD1WQy.t8KkzTPxJUvPiAA83Kyz53enrqYKhm3tY7MeYaLPdmx5STjYWuXXWgN01WHx2ky2qG3jFWbEk1sXO__TWomhJZRMPYyNj90P1XA6efQGRs2L1MFc7H4tVbxfYL._FNsVcuSOJA.IQqoPazpvfKTYdyb0K8W99xyui7C8X..ZzVq.LZarHWGX3F_XmCdUJQW4ZtNfb7WaaHAEPyVoNhE3FGHpCcNC_YxaYqbHg.Uq8Nxbw_bvu4MiQ9tMjw6J8qiTB4NCun3BhrR115r26iHe0PdQnsgV8d_lR5UfRuAHpqDFKU0CfRBmKBMnsCB5NtDfR7SA_VIsjSSY7ltNHqTzNZKypoOTPvNjdYV4r0xWY2NgQfMwJcNpVq9LXQdmjRt1jiPbSHgw3OMJB.TRcP5XvuZm6BEXmFrWSjqIZMCx31.drMUT_3Rg.FTXjwjt0r1GN966h50tGVYbW6Y4wLJgJ5DUlndgcpqFzK6ic0L4YwEHA2If4Gwsu23k7X.a_C509IjWoSkAOQi25gosMXI
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, and the behaviors observed are typical of a Cloudflare challenge. The script is likely legitimate and does not pose a significant security risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only":"Testing%20only.","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_footer_terms":"Terms","human_button_text":"Verify%20you%20are%20human","turnstile_footer_privacy":"Privacy","turnstile_refresh":"Refresh","turnstile_verifying":"Verifying...","turnstile_success":"Success%21","turnstile_timeout":"Timed%20out","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_failure":"Error","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_feedback_description":"Send%20Feedback","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_feedback_report":"Having%20trouble%3F","turnstile_overrun_description":"Stuck%20here%3F","turnstile_expired":"Expired","testing_only_always_pass":"Testing%20only%2C%20always%20pass."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eP,eT,eU,eV,eY,f1,f3,f4,f5,fh,ft,fz,fA,fB,fL,fW,g0,g1,g4,g5,gE,g2,g3){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1036))/1+-parseInt(gI(1041))/2+parseInt(gI(1349))/3*(-parseInt(gI(1029))/4)+-parseInt(gI(1085))/5*(-parseInt(gI(1260))/6)+-parseInt(gI(1631))/7+-parseInt(gI(1352))/8*(-parseInt(gI(676))/9)+parseInt(gI(829))/10,d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,384022),eM=this||self,eN=eM[gJ(1679)],eO={},eO[gJ(620)]='o',eO[gJ(1598)]='s',eO[gJ(1377)]='u',eO[gJ(1683)]='z',eO[gJ(1e3)]='n',eO[gJ(1881)]='I',eO[gJ(1238)]='b',eP=eO,eM[gJ(1867)]=function(g,h,i,j,gN,o,x,B,C,D,E,F){if(gN=gJ,o={'iGMXz':gN(1234),'DozEK':function(G,H){return G+H},'JEQYE':function(G,H){return G===H},'eixbO':function(G,H){return G<H},'Kywmm':function(G,H,I,J){return G(H,I,J)},'ZLtOl':function(G,H){return G(H)},'bvKxZ':function(G,H){return H===G},'mNiAn':function(G,H){return G+H},'JnPGX':function(G,H){return G+H}},o[gN(865)](null,h)||o[gN(865)](void 0,h))return j;for(x=eS(h),g[gN(1548)][gN(1321)]&&(x=x[gN(736)](g[gN(1548)][gN(1321)](h))),x=g[gN(856)][gN(1561)]&&g[gN(1587)]?g[gN(856)][gN(1561)](new g[(gN(1587))](x)):function(G,gP,H,K,I){if(gP=gN,H={'XSfIG':function(J,K){return J===K},'fZSWk':gP(518),'bAnlm':gP(1396),'kWrZR':function(J,K){return J(K)}},o[gP(1290)]!==o[gP(1290)])K=i[gP(1730)],K&&H[gP(1614)](K[gP(1226)],H[gP(1791)])&&H[gP(1614)](K[gP(1522)],H[gP(1524)])?o=s(function(){x()},1e3):K&&K[gP(1226)]===gP(518)&&K[gP(1522)]===gP(602)&&H[gP(1282)](x,B);else{for(G[gP(1307)](),I=0;I<G[gP(1083)];G[I]===G[I+1]?G[gP(1002)](o[gP(1545)](I,1),1):I+=1);return G}}(x),B='nAsAaAb'.split('A'),B=B |
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The script demonstrates a mix of behaviors, including the use of a CAPTCHA system, encryption of user agent data, and a redirect to an external URL. While the CAPTCHA and encryption suggest some security measures, the script also includes the use of an obfuscated URL and the potential for redirecting to an unknown domain, which raises moderate concerns. Further review may be necessary to determine the full context and intent of the script."
} |
var verifyCallback_CF = function (response) {
if (response && response.length > 10) {
sendRequest(); // Only send the request after CAPTCHA is solved
}
};
window.onloadTurnstileCallback = function () {
turnstile.render("#turnstileCaptcha", {
sitekey: "0x4AAAAAAA5LpsjCCymM0ypi",
callback: verifyCallback_CF,
});
};
function hh2(encryptedText, shift) {
let decryptedText = "";
for (let i = 0; i < encryptedText.length; i++) {
let c = encryptedText[i];
if (c.match(/[a-z]/i)) {
let code = encryptedText.charCodeAt(i);
if ((code >= 65) && (code <= 90)) {
c = String.fromCharCode(((code - 65 - shift + 26) % 26) + 65);
} else if ((code >= 97) && (code <= 122)) {
c = String.fromCharCode(((code - 97 - shift + 26) % 26) + 97);
}
}
decryptedText += c;
}
return decryptedText;
}
function Encrypt(text, publicKey) {
console.log('encrypt with public key:', publicKey);
return text;
}
let sx = "https://bastionbrands.org/?qerbmqhy";
const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1
R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh/kgrw8hv1ifOmf4Jrkis3tlW
qpIO2U9Nle23D1VKpxZSxRyYTbnoyq3lRcqY5txOJKdviR9fA9wPidS6KTXhX2xq
wq1jjYvgHtntEGYwK6Lzm6Q8jTjfV7ICqnV74GTKnPN7VMDKsS2+Dcf2Y2IoYY1o
NM7nWPKFeVUmkqFMowkdBmGJHL4UqRcxbhiRX3AAzzdQvbQg7OQxYjbKak23IvDN
1ia9SsXQyo5H/XnfXB2Nb9sNayO5sV+hDmBRlujtm1+maqGMJUXZeVHL81Q7O22a
WQIDAQAB
-----END PUBLIC KEY-----`;
function sendRequest() {
const userAgent = navigator.userAgent;
const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY);
console.log('Sending request with encrypted user-agent:', EncryptedUserAgent);
let xhr = new XMLHttpRequest();
xhr.open('GET', sx, true);
xhr.setRequestHeader("accept", "application/json");
xhr.setRequestHeader("qrc-auth", EncryptedUserAgent);
xhr.onreadystatechange = function() {
if (xhr.readyState === XMLHttpRequest.DONE) {
if (xhr.status === 200) {
const cc = JSON.parse(xhr.responseText);
if (cc.url) {
window.location = cc.url;
} else {
document.body.innerHTML = cc.error ? cc.error : 'ACCESS DENIED';
}
} else {
document.body.innerHTML = 'CONNECTION TO HOST FAILED';
}
}
};
xhr.send();
}
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script sets up various configuration options for the Cloudflare challenge, including the challenge ID, zone, and API settings. It also sets up a message event listener to handle communication between the challenge and the parent window. While the script uses some dynamic behavior, such as sending messages to the parent window, this is part of the expected functionality of the Cloudflare challenge and does not appear to be malicious. Overall, the script seems to be a legitimate security mechanism and does not demonstrate any high-risk indicators."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '87ved',
chlApiSitekey: '0x4AAAAAAA5LpsjCCymM0ypi',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'xhvUj16ATcH0Vddu8LelnBk6jyCbN45gY9q5SC81QZc-1736874725-1.3.1.1-L_VFCDhmN39p0Pf2W3heioFkIY_dSPli0mIViRT4PwU',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '901f3fbd08fbc3ee',
cH: 'CX58X6jpF1zdU2yvWFTZgWgqOJ4x3HaNOOiTF_UIZTE-1736874725-1.1.1.1-wRSpsTqXt7.atb88rCn_.84hg_e71BGhMYWqIkiMU6YZhi6uLh9PaXgBOYI.nnyE',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'sr8.LijLytAUTkazGx51NxB73vDYnrVKPn2iQ7d_xCA-1736874725-1.1.1.1-F2NlYNrRFeIiX9sbTiCpuQRhKq8y7TBNNcDhDHg43.VgriM.dKreJ6HTgnCSdThTuDZPhQmUZHDJCS7Gr465exOKIIcV_.mxwUgf_8TL.sf5FbSU_oVfdIf7ukjyPre0m9CqX3tZ3AAXC9gKe7TbH_TXbeKQSA9lCMO0AFbLPOhFnlpdJybrmvVGtfIh0.mF7YZQXoVbqYVWD1WQy.t8KkzTPxJUvPiAA83Kyz53enrqYKhm3tY7MeYaLPdmx5STjYWuXXWgN01WHx2ky2qG3jFWbEk1sXO__TWomhJZRMPYyNj90P1XA6efQGRs2L1MFc7H4tVbxfYL._FNsVcuSOJA.IQqoPazpvfKTYdyb0K8W99xyui7C8X..ZzVq.LZarHWGX3F_XmCdUJQW4ZtNfb7WaaHAEPyVoNhE3FGHpCcNC_YxaYqbHg.Uq8Nxbw_bvu4MiQ9tMjw6J8qiTB4NCun3BhrR115r26iHe0PdQnsgV8d_lR5UfRuAHpqDFKU0CfRBmKBMnsCB5NtDfR7SA_VIsjSSY7ltNHqTzNZKypoOTPvNjdYV4r0xWY2NgQfMwJcNpVq9LXQdmjRt1jiPbSHgw3OMJB.TRcP5XvuZm6BEXmFrWSjqIZMCx31.drMUT_3Rg.FTXjwjt0r1GN966h50tGVYbW6Y4wLJgJ5DUlndgcpqFzK6ic0L4YwEHA2If4Gwsu23k7X.a_C509IjWoSkAOQi25gosMXIxfBc4JJRxQKVOj9ZO95I81w8ccWYoP_qGpwoNBkkl0wB_4knIEkms2aqWyOXM5jZH6rAS6_aFysOjMoWmfpU1txxiNwNBLSJFOsvUbPLS2lNdNLosxvWbrAuHbNDlokwXdMrGSw2TdMnImJkdQcr5jeYLnPxXL7v6DrQbUaQf2qZPd7sNg6x.8t_yTk7_kVA77LSjGhjVv_L4AkliD4HO49pqf4_rt80FzaVBQHFubcoCIwyw6Lim1N7MdIS5t419QbgttPdE2oNWh.SN67wNmgvaXIzk8vDg1cXIiqMpSiaIwHezS4__R63WgTJo0_zCnhNDqvGX9y6NiK0pfh5knUPr6.3ZP96d8B7_VkmGD1KWb66Xyl3jcGBx2QFZT8pZ3eVp_Gbe93QX18IzVDrLW88AmPwL30pQgt7COc5zh9nApWclydo7qwh.oHvnFufMNquNF6aT35woJATG84yvfzHZUmHAOUYrsi8B5Arcbx4RXD2H_9gRwKqPIelJXFXTctCaRbdqwabbAXIsk1A5FXKkX2HjoBbstjBLl9wp.0_Pj.DJuOuRGrYB_vB5WXT4tg5xmCgHaVWdxUjkDltGUyzW1kSdaIFTjL6E92ophnB_NfgMEGBlWRIkJJXUnRJ6zLyUXCR5E2tcKabXhxYYjLynYOt3GhCWCVnKaaVNRFQL4ka0xUQLu27sja.oGy2CFU7i0',
cITimeS: '1736874725',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: '87ved',
nextRcV: 'xhvUj16ATcH0Vddu8LelnBk6jyCbN45gY9q5SC81QZc-1736874725-1.3.1.1-L_VFCDhmN39p0Pf2W3heioFkIY_dSPli0mIViRT4PwU',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev |
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://ed5eb86c.fc3b0a7544fc698f2914d6dd.workers.dev/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors. It primarily consists of utility functions and error handling, with no evidence of dynamic code execution, data exfiltration, or interaction with external domains. The code appears to be part of a larger library or framework, likely for handling asynchronous operations and error management."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
Edit tour
chrome.exe (PID: 1844 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node