Windows Analysis Report
http://birchflarechurch.com

• EGA enabled

```json
{
  "loginform": true,
  "reasons": [
    "The text contains the phrase 'Sign in' which is commonly used in login forms.",
    "The text also contains the phrase 'Save your passwords securely with your Google Account' which suggests the presence of a login form.",
    "Additionally, the text includes the phrase 'Sign out' which is another indicator of a login form."
  ]
}

```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be part of Google's XJS library, which is commonly used for loading various resources such as JavaScript, CSS, and other assets. There are no indications of malicious behavior, such as data exfiltration, credential stealing, or unauthorized access attempts. The long random hexadecimal strings are typical for resource versioning and caching purposes."
}

(function(){google.xjs={basecomb:'/xjs/_/js/k\x3dxjs.hd.en.5CDJ9h41vL4.O/ck\x3dxjs.hd.8hwPorlr_xY.L.B1.O/am\x3dAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBAAwAEwTgoUwAgEAmIAACiACSQCAHAQCIYIQBSAUABgAAACBAAgAAwAEEDCAwIAIg4CEEADCgEwRgAQCQAAMMAgBAAAAAAPIAEBwAgxQEAAAAAAAAAAAAAAABSBDMhQQUREQAAAAAAAAAAAAAAACkpBMLGw/d\x3d1/ed\x3d1/dg\x3d0/br\x3d1/ujg\x3d1/rs\x3dACT90oEi2q155mVoX78yAINygkit6t9juQ',basecss:'/xjs/_/ss/k\x3dxjs.hd.8hwPorlr_xY.L.B1.O/am\x3dAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBAAwAAgQAAAAAgEAAIAACiACSQCADAQCIYIQBSAUABgAAACBAAgAAAAAEBCAwIAIg4CEEADCgEwQgAQCAAAMMAgAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAAAACA/br\x3d1/rs\x3dACT90oE0GEl0AjAy_kbugY4J9tMCpAZq4g',basejs:'/xjs/_/js/k\x3dxjs.hd.en.5CDJ9h41vL4.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBAAwAEQTgoUwAgAAmAAAAgACAQAAEAQCAAAAAAAUAAAAAAAAAAAAAwAEECAAAAAAAAAAAAACgEwBAAAAQAAMMAgBAAAAAAPIAEBwAgxQEAAAAAAAAAAAAAAABSBDMhQQUREQAAAAAAAAAAAAAAACkpBMLGw/dg\x3d0/br\x3d1/rs\x3dACT90oGdGM9UotaideiJkkp7DNQZiMnukg',excm:[]};})();

{
"loginform": true,
"reasons": [
"The text contains the phrase 'Sign in' twice, which is commonly used in login forms.",
"The text mentions 'Save your passwords securely with your Google Account', indicating the presence of a password management feature often found in login forms.",
"The text mentions 'Stay signed out', which is an option usually found in login forms."
]
}

```json
{
  "riskscore": 1,
  "reasons": "The JavaScript code appears to be from a legitimate source, likely Google, and does not exhibit any malicious behavior. It includes functionality for tracking page load events, handling scroll events, and managing some user interface elements. There is no evidence of phishing or harmful activities."
}

(function(){google.caft=function(a){if(null===google.aftq)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a);google.c.e("load","imn",String(document.getElementsByTagName("img").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")})})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&0===window.google.ishk.length&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dkerning\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3dice+cream+near+me\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dflip+a+coin\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/search?q\x3daskew\\u0026csf\x3db\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/search?q\x3dingenuity\\u0026csf\x3db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/search?q\x3dgoogle+doodles\\u0026csf\x3db\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/search?q\x3dGeorges+Seurat\\u0026csf\x3db\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dcomedy+movies\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22EFGA2pGkjIOn3LpVA1_mM9GlQOU\x22},\x22sf\x22:{},\x22sonic\x22:{},\x22spch\x22:{\x22ae\x22:\x22Please check your microphone.  \\u003Ca href\x3d\\\x22https://support.google.com/chrome/?p\x3dui_voice_search\\\x22 target\x3d\\\x22_blank\\\x22\\u003ELearn more\\u003C/a\\u003E\x22,\x22ak\x22:\x22\x22,\x22ao\x22:true,\x22cd\x22:0,

```json
{
  "riskscore": 2,
  "reasons": "The code contains a URL that redirects to a Google sign-in page. While this could be legitimate, it is a common tactic used in phishing attacks to harvest user credentials. Further investigation is needed to verify the authenticity of the URL."
}

AF_initDataCallback({key: 'ds:0', hash: '1', data:[[null,"Sign in to Google","Save your passwords securely with your Google Account","Sign in","Stay signed out","https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png","","https://www.google.com/url?q\u003dhttps://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%253A%252F%252Fwww.google.com%252F%253Fptid%253D19027681%2526ptt%253D8%2526fpts%253D0\u0026source\u003dhpp\u0026id\u003d19037050\u0026ct\u003d7\u0026usg\u003dAOvVaw17nhtj2bG975y5iQrI1sgf","48","48",null,null,null,null,2,null,19037050,7,null,null,null,null,null,null,null,0,1,null,null,false,null,0,0,null,false]], sideChannel: {}});

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be related to performance monitoring and lazy loading of images. It does not exhibit any characteristics of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. The code primarily focuses on measuring load times and handling image loading efficiently. Therefore, it is considered low risk."
}

(function(){'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(e){if(d&&d.now&&d.mark){var g=d.mark(e);if(g)return g.startTime;if(d.getEntriesByName&&(e=d.getEntriesByName(e).pop()))return e.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(e){return e.hasAttribute("data-src")||e.hasAttribute("data-ils")||"lazy"===e.getAttribute("loading")};
a.l=function(e){function g(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=e;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c||"none"==c.style.display)return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),"0px"==f.height||"0px"==f.width||"hidden"==f.visibility))return!1;if(!c.getBoundingClientRect)return!0;
var h=c.getBoundingClientRect();c=h.left+a.pageXOffset;f=h.top+a.pageYOffset;if(0>f+h.height||0>c+h.width||0>=h.height||0>=h.width)return!1;b=b.documentElement;return f<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),-1!==b&&(b=1===a.aft_counter.splice(b,
1).length,0===a.aft_counter.length&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this);
l('HgvS1c')

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be part of a legitimate web application, likely from Google, given the namespace and coding style. The code includes event listeners, object property definitions, and utility functions, which are typical for enhancing user interaction and functionality on a web page. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access attempts. The presence of error handling and the SPDX license identifier further suggests that this is legitimate code. The risk score is set to 1 due to the general caution required when evaluating JavaScript code."
}

this.gbar_=this.gbar_||{};(function(_){var window=this;
try{
_.fd=function(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.fd(a,b,d);else{d=(0,_.y)(a.C,a,b);const e=a.v+c;a.v++;b.dataset.eqid=e;a.B[e]=d;b&&b.addEventListener?b.addEventListener(c,d,!1):b&&b.attachEvent?b.attachEvent("on"+c,d):a.o.log(Error("z`"+b))}};
}catch(e){_._DumpException(e)}
try{
_.gd=function(){if(!_.r.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{const c=()=>{};_.r.addEventListener("test",c,b);_.r.removeEventListener("test",c,b)}catch(c){}return a}();
}catch(e){_._DumpException(e)}
try{
var hd=document.querySelector(".gb_k .gb_d"),id=document.querySelector("#gb.gb_Xc");hd&&!id&&_.fd(_.Qc,hd,"click");
}catch(e){_._DumpException(e)}
try{
_.jh=function(a){const b=[];let c=0;for(const d in a)b[c++]=a[d];return b};_.kh=function(a){if(a.v)return a.v;for(const b in a.i)if(a.i[b].qa()&&a.i[b].B())return a.i[b];return null};_.lh=function(a,b){a.i[b.K()]=b};var mh=new class extends _.P{constructor(){var a=_.Ac;super();this.B=a;this.v=null;this.o={};this.C={};this.i={};this.j=null}A(a){this.i[a]&&(_.kh(this)&&_.kh(this).K()==a||this.i[a].P(!0))}Xa(a){this.j=a;for(const b in this.i)this.i[b].qa()&&this.i[b].Xa(a)}qc(a){return a in this.i?this.i[a]:null}};_.Tc("dd",mh);
}catch(e){_._DumpException(e)}
try{
_.Ei=function(a,b){return _.K(a,36,b)};
}catch(e){_._DumpException(e)}
try{
var Fi=document.querySelector(".gb_b .gb_d"),Gi=document.querySelector("#gb.gb_Xc");Fi&&!Gi&&_.fd(_.Qc,Fi,"click");
}catch(e){_._DumpException(e)}
})(this.gbar_);
// Google Inc.
this.gbar_=this.gbar_||{};(function(_){var window=this;
try{
var md;_.jd=function(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};_.kd=function(a,b){if(void 0!==a.i||void 0!==a.j)throw Error("B");a.j=b;_.Hc(a)};_.ld=class extends _.O{constructor(a){super(a)}};md=class extends _.Uc{};_.nd=function(a,b){if(b in a.i)return a.i[b];throw new md;};_.od=function(a){return _.nd(_.Rc.i(),a)};
}catch(e){_._DumpException(e)}
try{
/*

 SPDX-License-Identifier: Apache-2.0
*/
var ud,Dd,Fd;_.pd=function(a){if(null==a)return a;if("string"===typeof a){if(!a)return;a=+a}if("number"===typeof a)return Number.isFinite(a)?a|0:void 0};_.qd=function(a){const b=a.length;if(0<b){const c=Array(b);for(let d=0;d<b;d++)c[d]=a[d];return c}return[]};_.sd=function(a){if(a instanceof _.rd)return a.i;throw Error("D");};ud=function(a){return new td(b=>b.substr(0,a.length+1).toLowerCase()===a+":")};
_.wd=function(a,b=_.vd){if(a instanceof _.rd)return a;for(let c=0;c<b.length;++c){const d=b[c];if(d instanceof td&&d.eh(a))return new _.rd(a)}};_.yd=function(a){if(xd.test(a))return a};_.zd=function(a){return a instanceof _.rd?_.sd(a):_.yd(a)};_.Ad=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}};_.Bd=function(a,b,c){return void 0!==_.jb(a,b,c,!1)};_.Cd=function(a,b){return _.pd(_.oc(a,

```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be configuration data for a web application, likely related to Google's OneGoogleWidgetUi. There are no indications of malicious behavior, such as obfuscated code, suspicious network requests, or attempts to steal user data. The presence of long random hexadecimal strings and tracking functionality is noted but considered no risk."
}

window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"3036458155876888229","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSFB0V99WlENysuBIKgPnaBgqR7QQK\"]]]","Vvafkd":false,"Yllh3e":"%.@.1716521402114357,146728080,235553199]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20240519.03_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48802160,93880154,97517168,97579925],"gGcLoe":false,"iCzhFc":false,"nQyAE":{},"qwAQke":"OneGoogleWidgetUi","rtQCxc":240,"uoqGRe":"WnksUc","w2btAe":"%.@.null,null,\"\",true,null,null,true,false]","y2FhP":"prod","zChJod":"%.@.]"};

```json
{
  "riskscore": 1,
  "reasons": "The JavaScript code appears to be associated with Google services and contains URLs pointing to legitimate Google domains such as google.com, accounts.google.com, and myaccount.google.com. There is no evident malicious behavior or phishing attempts in the provided code. The presence of long random hexadecimal strings is noted but considered no risk. The code seems to be part of a legitimate service, likely for user authentication or account management."
}

window.IJ_values = [[null,null,"",true,null,null,true,false],'0','https:\/\/ogs.google.com\/', null ,'boq_onegooglehttpserver_20240519.03_p0','ogs.google.com', 0.0 ,'','hc6ZIxy-2Zus7qAmmp9uaA','7zY7B9hRTd7bSvYVWBEosQ','DEFAULT','', 2024.0 ,'https:\/\/ogs.google.com\/widget\/callout', null ,'ltr', false ,'https:\/\/accounts.google.com\/AccountChooser?continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den\x26hl\x3den','https:\/\/accounts.google.com\/ServiceLogin?hl\x3den\x26continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/accounts.google.com\/SignOutOptions?continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/www.google.com', false , false , false , false , false ,'en','en','en','https:\/\/goto2.corp.google.com\/mdtredirect?data_id_filter\x3dogs.google.com\x26system_name\x3done-google-http-server', null , null ,'https:\/\/myaccount.google.com\/privacypolicy?hl\x3den', false , null , false , true ,'https:\/\/myaccount.google.com\/termsofservice?hl\x3den', 0.0 ,'en', null , false , null ,]; window.IJ_valuesCb && window.IJ_valuesCb();

```json
{
  "riskscore": 2,
  "reasons": "The JavaScript code appears to be related to error logging and configuration settings for a Google service. It includes functionality for capturing and reporting errors, which is typical for maintaining service reliability and debugging. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The presence of Google-related URLs and configurations suggests it is part of a legitimate service. However, any code that logs errors and sends data to a server could potentially be misused if not properly secured, hence a minimal risk score."
}

(function(){window.google.erd={jsr:1,bv:2012,sd:true,de:true};})();(function(){var sdo=false;var mei=10;
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);void 0===d&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(0>v){window.console&&console.error(a,b);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+
"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&1===google.ple&&(e=2);c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.s-_8OiN4zAs.2019.O","com","en","538",0,[4,2,"","","","635413608","0"],null,"tQlQZqi4Oai4i-gP-6q-yAg",null,0,"og.qtm._yk4Kx1DLwg.L.W.O","AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q","AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/am=AAAC/d=1/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20240331.0_p2","en",null,0],[0.009999999776482582,"com","538",[["19037050","19037049","7",1,5,2592000,"","AN2NJM7Bn6PPi3hdSJ3eSM2yYKfj1Wpaaw:1716521397943",0,1,2,"https://www.google.com/_/og/promos/",0],"n","",["","",""],1,2592000,null,null,"https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%253A%252F%252Fwww.google.com%252F%253Fptid%253D19027681%2526ptt%253D8%2526fpts%253D0\u0026source=hpp\u0026id=19037050\u0026ct=7\u0026usg=AOvVaw17nhtj2bG975y5iQrI1sgf",null,null,null,null,null,1,null,

```json
{
  "riskscore": 2,
  "reasons": "The code appears to be part of a legitimate library or framework, possibly related to Google's Closure Library, given the copyright notice. It includes functionality for handling UI elements and messaging, which is typical for web applications. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. However, it is always prudent to verify the source and context of the code to ensure it is not being used in a malicious manner."
}

'use strict';/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
function h(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};function k(a,b){a&&(a=a.parentNode);for(var d=0;a;){if(b(a))return a;a=a.parentNode;d++}return null};function n(a){var b=document.querySelector('[data-ogmv] > [role="dialog"]');return b?b.hasAttribute("data-"+a):!1}function p(a){return h(a)&&1==a.nodeType&&a.hasAttribute("data-dismiss")?a:(a=k(a,function(b){return h(b)&&1==b.nodeType&&b.hasAttribute("data-dismiss")}))?a:null};function q(a){this.data=a};function r(a){this.h=a}function t(a,b){u(a,b);return new r(a)}function w(a){var b=new MessageChannel;u(b.port1,a);return b}function u(a,b){b&&(a.onmessage=function(d){var c=d.data;t(d.ports[0]);b(new q(c))})};var x=/#|$/;function y(a){var b=z,d=b.search(x);a:{var c=0;for(var e=a.length;0<=(c=b.indexOf(a,c))&&c<d;){var f=b.charCodeAt(c-1);if(38==f||63==f)if(f=b.charCodeAt(c+e),!f||61==f||38==f||35==f)break a;c+=e+1}c=-1}if(0>c)return null;e=b.indexOf("&",c);if(0>e||e>d)e=d;c+=a.length+1;return decodeURIComponent(b.slice(c,-1!==e?e:0).replace(/\+/g," "))};var z=window.location.href,A="ogi_"+(y("cn")||""),B;
function C(a,b){b=void 0===b?{}:b;if(!B){var d=y("origin")||"",c={destination:window.parent,origin:d,g:A,onMessage:void 0};d=c.destination;var e=c.origin,f=void 0===c.i?void 0:c.i,g=void 0===c.g?"ZNWN1d":c.g;c=void 0===c.onMessage?void 0:c.onMessage;if("*"===e)throw Error("Sending to wildcard origin not allowed.");var v=w(c),l={};f=f?(l.n=g,l.t=f,l):g;d.postMessage(f,e,[v.port2]);B=t(v.port1,c)}a={event:a,data:b};b=B;var m=void 0===m?[]:m;d=w();b.h.postMessage(a,[d.port2].concat(m))};C("_startuploaded",{wt:"c"});
(function(a,b){a.addEventListener("click",function(d){if(d.target){var c;if(c=p(d.target)){var e=c.getAttribute("data-dismiss");var f=c.getAttribute("data-cmd");var g=c.hasAttribute("data-nd");c=parseInt(c.getAttribute("data-aei"),10);e&&e.match(/^[A-Za-z]{1,3}$/)&&(g&&!f?b(e,c,g):f?b(e,c,g,f,{middleButton:1===d.button,altKey:d.altKey,ctrlKey:d.ctrlKey,metaKey:d.metaKey,shiftKey:d.shiftKey}):b(e,c))}}})})(document,function(a,b,d,c,e){d?C("dismiss",{type:a,nd:d,cmd:c,clickInfo:e,aei:b}):C("dismiss",
{type:a,cmd:c,clickInfo:e,aei:b})});
(function(a){"loading"===document.readyState?document.addEventListener("DOMContentLoaded",function(){a()}):a()})(function(){window.setTimeout(function(){var a,b=document.querySelector('[data-ogmv] > [role="dialog"]');if(a=b?{width:Math.min(Math.max(b.scrollWidth+10,370),500),height:Math.min(Math.max(b.scrollHeight+10,180),500)}:null){b=a.height+"px";a=a.width+"px";var d=n("icss"),c=n("dc");b=void 0===b?"":b;a=void 0===a?"":a;d=void 0===d?!1:d;c=void 0===c?!1:c;var e={wt:"c"};if(null!=document.querySelector("[data-ogmv]")){var f=
window.performance&&window.performance.timing;e.ttf=f&&f.responseEnd&&f.fetchStart?f.responseEnd-f.fetchStart:null;b&&(e.height=b);a&&(e.width=a);e.icss=d;e.dc=c;C("_renderstart",e)}else C("_renderfailed",e)}},100)});

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be initializing some data and setting up callbacks. It references a Google URL and contains a random hexadecimal string, which is considered no risk. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access attempts. The risk score is low due to the lack of any clear malicious intent."
}

var AF_initDataKeys = ["ds:0"]; var AF_dataServiceRequests = {'ds:0' : {id:'a9HB7c',request:[null,19037050,19037049,"9ceb59a7585b55bd","https://www.google.com"]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code primarily deals with lazy loading and visibility tracking of images on the web page. It does not appear to contain any malicious elements such as data exfiltration, credential harvesting, or unauthorized access to user data. The code's purpose seems to be optimizing image loading and tracking their visibility, which is a common practice for improving web performance and user experience. Therefore, the risk score is very low."
}

(function(){'use strict';var c=window,d=[];c.aft_counter=d;var e=[],f=0;function _recordIsAboveFold(a){if(!c._isLazyImage(a)&&!a.hasAttribute("data-noaft")&&a.src){var b=(c._isVisible||function(){})(c.document,a);a.setAttribute("data-atf",b);b&&(-1!==e.indexOf(a)||-1!==d.indexOf(a)||a.complete||d.push(a),a.hasAttribute("data-iml")&&(a=Number(a.getAttribute("data-iml")),a>f&&(f=a)))}}
c.initAft=function(){f=0;e=Array.prototype.slice.call(document.getElementsByTagName("img")).filter(function(a){return!!a.getAttribute("data-iml")});[].forEach.call(document.getElementsByTagName("img"),function(a){try{_recordIsAboveFold(a)}catch(b){throw b.message=a.hasAttribute("data-iid")?b.message+"\nrecordIsAboveFold error for defer inlined image":b.message+("\nrecordIsAboveFold error for img element with <src: "+a.src+">"),b;}});if(0===d.length)c.onaft(f)};}).call(this);
initAft()

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be part of a legitimate library, likely related to Google's Closure Library, as indicated by the copyright notices and SPDX license identifiers. The code primarily deals with event handling and does not exhibit any obvious malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. No suspicious patterns or obfuscated code were detected."
}

(function(){'use strict';function l(){var b=m,a=0;return function(){return a<b.length?{done:!1,value:b[a++]}:{done:!0}}};/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
var n=this||self;/*

 Copyright 2024 Google, Inc
 SPDX-License-Identifier: MIT
*/
function q(b,a){if(null===a)return!1;if("contains"in b&&1===a.nodeType)return b.contains(a);if("compareDocumentPosition"in b)return b===a||!!(b.compareDocumentPosition(a)&16);for(;a&&b!==a;)a=a.parentNode;return a===b};function r(b){return"mouseenter"===b?"mouseover":"mouseleave"===b?"mouseout":"pointerenter"===b?"pointerover":"pointerleave"===b?"pointerout":b}function t(b){b=b.target;!b.getAttribute&&b.parentNode&&(b=b.parentNode);return b}
var v="undefined"!==typeof navigator&&/Macintosh/.test(navigator.userAgent),z="undefined"!==typeof navigator&&!/Opera/.test(navigator.userAgent)&&/WebKit/.test(navigator.userAgent),A={A:1,INPUT:1,TEXTAREA:1,SELECT:1,BUTTON:1},B={Enter:13," ":32},C={A:13,BUTTON:0,CHECKBOX:32,COMBOBOX:13,FILE:0,GRIDCELL:13,LINK:13,LISTBOX:13,MENU:0,MENUBAR:0,MENUITEM:0,MENUITEMCHECKBOX:0,MENUITEMRADIO:0,OPTION:0,RADIO:32,RADIOGROUP:32,RESET:0,SUBMIT:0,SWITCH:32,TAB:0,TREE:13,TREEITEM:13},D={CHECKBOX:!0,FILE:!0,OPTION:!0,
RADIO:!0},E={COLOR:!0,DATE:!0,DATETIME:!0,"DATETIME-LOCAL":!0,EMAIL:!0,MONTH:!0,NUMBER:!0,PASSWORD:!0,RANGE:!0,SEARCH:!0,TEL:!0,TEXT:!0,TEXTAREA:!0,TIME:!0,URL:!0,WEEK:!0},F={A:!0,AREA:!0,BUTTON:!0,DIALOG:!0,IMG:!0,INPUT:!0,LINK:!0,MENU:!0,OPTGROUP:!0,OPTION:!0,PROGRESS:!0,SELECT:!0,TEXTAREA:!0};function I(b){var a=b.event;var c=a.which||a.keyCode;!c&&a.key&&(c=B[a.key]);z&&3===c&&(c=13);if(13!==c&&32!==c)c=!1;else{var d=t(a);(a="keydown"!==a.type||!!(!("getAttribute"in d)||(d.getAttribute("type")||d.tagName).toUpperCase()in E||"BUTTON"===d.tagName.toUpperCase()||d.type&&"FILE"===d.type.toUpperCase()||d.isContentEditable)||a.ctrlKey||a.shiftKey||a.altKey||a.metaKey||(d.getAttribute("type")||d.tagName).toUpperCase()in D&&32===c)||((a=d.tagName in A)||(a=d.getAttributeNode("tabindex"),a=null!=
a&&a.specified),a=!(a&&!d.disabled));if(a)c=!1;else{a=(d.getAttribute("role")||d.type||d.tagName).toUpperCase();var f=!(a in C)&&13===c;d="INPUT"!==d.tagName.toUpperCase()||!!d.type;c=(0===C[a]%c||f)&&d}}c&&(b.eiack=!0,b.eventType="click")}
function J(b){var a;if(a=b.eiack){a=b.event;var c=t(a);c=(c.type||c.tagName).toUpperCase();if(!(a=32===(a.which||a.keyCode)&&"CHECKBOX"!==c)){a=t(b.event);c=a.tagName.toUpperCase();var d=(a.getAttribute("role")||"").toUpperCase();a="BUTTON"===c||"BUTTON"===d?!0:!(a.tagName.toUpperCase()in F)||"A"===c||"SELECT"===c||(a.getAttribute("type")||a.tagName).toUpperCase()in D||(a.getAttribute("type")||a.tagName).toUpperCase()in E?!1:!0}}a&&(b=b.event,b.preventDefault?b.preventDefault():b.returnValue=!1)}
function K(b,a,c){a.eia||"click"!==a.eventType||a.eiack||void 0===c.clickonly||(a.eventType="clickonly",a.eia=[c.clickonly,b])};var L={};var M={},N=/\s*;\s*/;function O(){var b={m:!0};b=void 0===b?{}:b;b=void 0===

```json
{
  "riskscore": 2,
  "reasons": "The JavaScript code provided appears to be part of Google's tracking and advertisement functionality, which is generally considered low risk. There are no obvious signs of malicious behavior such as obfuscated code, data exfiltration, or phishing attempts. The presence of long random hexadecimal strings and tracking-related variables further supports this conclusion."
}

(function(){google.kEXPI='0,3700269,1041,448603,96456,196066,144795,82368,19022,210949,6601,34357,5269060,547,5989998,2841955,53276179,42227,9621,100243,22896,1412,13358,2845,228,2915,3713,2912,917,433,2242,1589,5810,6624,1732,1346,2588,1266,2383,36,7473,1582,9,9,6,9,9,12,6,12,9,8,12,9,6,9,9,9,9,12,6,12,6,9,12,6,12,9,6,12,9,9,6,12,9,6,12,6,9,9,9,12,6,9,12,9,6,9,9,12,9,6,9,9,9,9,9,12,6,12,6,12,9,6,12,9,6,9,9,12,9,9,6,9,9,9,12,6,12,6,12,6,12,6,9,9,12,9,9,6,12,6,9,12,6,12,9,6,9,9,9,9,12,6,9,9,12,9,9,9,9,9,6,12,6,12,9,9,6,12,9,6,12,9,6,9,9,9,12,9,9,9,6,12,9,6,12,9,9,9,6,9,9,9,12,9,6,12,6,12,6,523,587,4596,958,159,340,9389,2473,2845,435,202,314,596,2105,1188,1296,795,65,25,101,2,2062,865,84,1245,994,1564,182,34,497,3869,100,369,151,236,1125,873,243,226,159,2375,494,713,134,127,1748,112,16,2552,588,281,616,526,428,1132,183,857,962,21225239,376095,125,7002,230,322,165,424';})();window._ = window._ || {};window._DumpException = _._DumpException = function(e){throw e;};window._s = window._s || {};_s._DumpException = _._DumpException;window._qs = window._qs || {};_qs._DumpException = _._DumpException;(function(){var t=[83456,0,24576,0,0,0,268435712,0,977314816,83893287,8526592,1048608,276824064,67371012,129761418,352422176,66055,273549364,80354816,160440320,201461792,16992258,6770,6363170,100668744,514,75506690,16805888,540024844,125861896,50331714,419628264,9437249,536590,1024,3964928,50338836,4178,0,0,134283264,303509569,71582016,0,0,0,960121408,1730];window._F_toggles = window._xjs_toggles = t;})();function _F_installCss(c){}
(function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.hd.en.5CDJ9h41vL4.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBAAwAEQTgoUwAgAAmAAAAgACAQAAEAQCAAAAAAAUAAAAAAAAAAAAAwAEECAAAAAAAAAAAAACgEwBAAAAQAAMMAgBAAAAAAPIAEBwAgxQEAAAAAAAAAAAAAAABSBDMhQQUREQAAAAAAAAAAAAAAACkpBMLGw/d\x3d1/ed\x3d1/dg\x3d2/br\x3d1/rs\x3dACT90oGdGM9UotaideiJkkp7DNQZiMnukg/ee\x3dALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:

```json
{
  "phishing_score": 0,
  "brands": "Google",
  "phishing": false,
  "suspicious_domain": false,
  "has_loginform": true,
  "has_captcha": false,
  "setechniques": false,
  "reasons": "The URL 'https://www.google.com/' is the legitimate domain for Google. The web page design matches the known design of Google's homepage. There are no suspicious elements or social engineering techniques present."
}

```json
{
  "phishing_score": 0,
  "brands": "Google",
  "phishing": false,
  "suspicious_domain": false,
  "has_loginform": true,
  "has_captcha": false,
  "setechniques": false,
  "reasons": "The URL is a legitimate Google domain (ogs.google.com) and the webpage design matches the official Google login page. There are no signs of social engineering techniques or suspicious elements."
}

```json
{
  "riskscore": 1,
  "reasons": "The JavaScript code appears to be from a legitimate source, likely related to Google services. It includes functionality for logging, event handling, and other common web operations. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The presence of tracking or advertisement functionality is noted but considered no risk."
}

(function(){var _g={kEI:'tQlQZoetOLWA9u8P0JCT4AU',kEXPI:'31',kBL:'jDMl',kOPI:89978449};(function(){var a;(null==(a=window.google)?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var h=this||self;function l(){return void 0!==window.google&&void 0!==window.google.kOPI&&0!==window.google.kOPI?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||m}function q(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function r(a){/^http:/i.test(a)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function t(a,b,c,d,k){var e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(0===c||0<c)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=void 0===e?l:e;c||(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=void 0===b?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};var d=[];google.fce=function(a,b,c,e){d.push([a,b,c,e])};google.qce=d;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cgpbc:false,cvb:true,di:false,fla:false,fli:false,frvt:true,gl:true,idt:16,inpp:98,inpsr:0.01,irsf:false,lfdt:50,lfsr:0.0,lhc:false,linp:true,llt:false,lsb:true,lsbsr:0.01,mais:false,marb:true,mcc:false,raf:false,si:true,sidt:200,sisr:0.01,sxs:false,taf:true,timl:false,tprc:false,vis:true,wh0:false,whu:false};})();(function(){
var p=this||self;window.google=w

```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be related to Google's services and contains URLs pointing to legitimate Google domains. There are no indications of malicious behavior or phishing attempts. The presence of tracking or advertisement functionality has been ignored as per the instructions."
}

window.IJ_values = [[null,null,"",true,null,null,true,false],'0','https:\/\/ogs.google.com\/', null ,'boq_onegooglehttpserver_20240519.03_p0','ogs.google.com', 0.0 ,'','GXbxjQkFoO9HgYAhsj9Pkg','Jk4CMWVMFasr3LtVqN8dng','DEFAULT','', 2024.0 ,'https:\/\/ogs.google.com\/widget\/app\/so', null ,'ltr', false ,'https:\/\/accounts.google.com\/AccountChooser?continue\x3dhttps:\/\/ogs.google.com\/widget\/app\/so?awwd%3D1%26gm3%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dapp%26pid%3D1%26spid%3D538%26hl%3Den\x26hl\x3den','https:\/\/accounts.google.com\/ServiceLogin?hl\x3den\x26continue\x3dhttps:\/\/ogs.google.com\/widget\/app\/so?awwd%3D1%26gm3%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dapp%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/accounts.google.com\/SignOutOptions?continue\x3dhttps:\/\/ogs.google.com\/widget\/app\/so?awwd%3D1%26gm3%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dapp%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/www.google.com', false , false , false , false , false ,'en','en','en','https:\/\/goto2.corp.google.com\/mdtredirect?data_id_filter\x3dogs.google.com\x26system_name\x3done-google-http-server', null , null ,'https:\/\/myaccount.google.com\/privacypolicy?hl\x3den', false , null , false , true ,'https:\/\/myaccount.google.com\/termsofservice?hl\x3den', 0.0 ,'en', null , false , null ,]; window.IJ_valuesCb && window.IJ_valuesCb();

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be initializing some data structures and setting up callbacks. There is no evident malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code seems to be part of a legitimate data initialization process. The presence of a random hexadecimal string is noted but not considered a risk."
}

var AF_initDataKeys = ["ds:0"]; var AF_dataServiceRequests = {'ds:0' : {id:'UVycre',request:[]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}

```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be related to performance monitoring and lazy loading of images. It does not exhibit any behavior typically associated with malicious activities such as data exfiltration, credential harvesting, or unauthorized access. The code primarily interacts with the browser's performance API and manages image loading, which are common practices in web development for optimizing page load times and user experience."
}

(function(){'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(e){if(d&&d.now&&d.mark){var g=d.mark(e);if(g)return g.startTime;if(d.getEntriesByName&&(e=d.getEntriesByName(e).pop()))return e.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(e){return e.hasAttribute("data-src")||e.hasAttribute("data-ils")||"lazy"===e.getAttribute("loading")};
a.l=function(e){function g(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=e;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c||"none"==c.style.display)return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),"0px"==f.height||"0px"==f.width||"hidden"==f.visibility))return!1;if(!c.getBoundingClientRect)return!0;
var h=c.getBoundingClientRect();c=h.left+a.pageXOffset;f=h.top+a.pageYOffset;if(0>f+h.height||0>c+h.width||0>=h.height||0>=h.width)return!1;b=b.documentElement;return f<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),-1!==b&&(b=1===a.aft_counter.splice(b,
1).length,0===a.aft_counter.length&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this);
l('HATY7b')

```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be configuration data for a legitimate web application. It does not contain any obvious signs of malicious activity such as obfuscated code, suspicious network requests, or attempts to access sensitive information. The presence of tracking or advertisement functionality has been ignored as per the instructions."
}

window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"-8982561560662892956","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSFx0S2eicEJbkAdysuBIKgPnaBgqR7QQK\"]]]","Vvafkd":false,"Yllh3e":"%.@.1716521414165794,146726121,268851392]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20240519.03_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48691166,48802160,93880154,97517168,97579925],"gGcLoe":false,"iCzhFc":false,"nQyAE":{},"qwAQke":"OneGoogleWidgetUi","rtQCxc":240,"uoqGRe":"WnksUc","w2btAe":"%.@.null,null,\"\",true,null,null,true,false]","y2FhP":"prod","zChJod":"%.@.]"};

```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be a configuration or initialization script for a legitimate Google service. It contains URLs pointing to various Google services and products, and there are no indications of malicious behavior such as data exfiltration, credential harvesting, or other harmful activities. The presence of tracking or advertisement functionality has been ignored as per the instructions."
}

AF_initDataCallback({key: 'ds:0', hash: '1', data:[[[[192,"Account","0 -1334px","https://myaccount.google.com/?utm_source\u003dOGB\u0026utm_medium\u003dapp","_top"],[1,"Search","0 -116px","https://www.google.com/","_top"],[8,"Maps","0 -986px","https://maps.google.com/","_top"],[36,"YouTube","0 -2204px","https://www.youtube.com","_top"],[78,"Play","0 -522px","https://play.google.com/","_top"],[426,"News","0 -2378px","https://news.google.com","_top"],[23,"Gmail","0 -1798px","https://mail.google.com/mail/","_top"],[411,"Meet","0 -406px","https://meet.google.com?hs\u003d197","_top"],[385,"Chat","0 -2494px","https://chat.google.com","_top"],[53,"Contacts","0 -870px","https://contacts.google.com/","_top"],[49,"Drive","0 -1044px","https://drive.google.com/","_top"],[24,"Calendar","0 -1972px","https://calendar.google.com/calendar","_top"],[51,"Translate","0 -2552px","https://translate.google.com/","_top"],[31,"Photos","0 -464px","https://photos.google.com/","_top"],[6,"Shopping","0 -290px","https://www.google.com/shopping?source\u003dog","_top"]],[[27,"Finance","0 -1392px","https://www.google.com/finance","_top"],[25,"Docs","0 -1450px","https://docs.google.com/document/?usp\u003ddocs_alc","_top"],[283,"Sheets","0 -928px","https://docs.google.com/spreadsheets/?usp\u003dsheets_alc","_top"],[281,"Slides","0 -696px","https://docs.google.com/presentation/?usp\u003dslides_alc","_top"],[10,"Books","0 -2146px","https://books.google.com/","_top"],[30,"Blogger","0 -2320px","https://www.blogger.com/","_top"],[136,"Keep","0 -580px","https://keep.google.com","_top"],[357,"Jamboard","0 -812px","https://jamboard.google.com/","_top"],[429,"Earth","0 -2088px","https://earth.google.com/web/","_top"],[338,"Saved","0 -1856px","https://www.google.com/save","_top"],[264,"Arts and Culture","0 -1276px","https://artsandculture.google.com/?utm_source\u003dogs.google.com\u0026utm_medium\u003dreferral","_top"],[304,"Google Ads","0 -348px","https://ads.google.com/home/?subid\u003dww-ww-xs-ip-awhc-a-ogb_cons!o2","_top"],[405,"Travel","0 -1508px","https://www.google.com/travel/?dest_src\u003dal","_top"],[330,"Forms","0 -1160px","https://docs.google.com/forms/","_top"],[635,"Google Store","0 -754px","https://store.google.com?utm_source\u003dapp_launcher\u0026utm_medium\u003dgoogle_oo\u0026utm_campaign\u003dGS107345","_top"],[421,"Chrome Web Store","0 -2436px","https://chrome.google.com/webstore?utm_source\u003dapp-launcher","_top"],[170,"Google Fi Wireless","0 -1566px","https://fi.google.com/?utm_source\u003dapp_launcher\u0026utm_medium\u003dembedded_promo","_top"],[44,"Google Analytics","0 0","https://analytics.google.com?utm_source\u003dOGB\u0026utm_medium\u003dapp","_top"]],null,"https://workspace.google.com/marketplace?pann\u003dogb","More from Google Workspace Marketplace","https://about.google/products/",null,null,null,null,"https://ssl.gstatic.com/gb/images/sprites/p_2x_387ed93f4280.png","53px 2605px",false,false,"https://ssl.gstatic.com/gb/images/sprites/p_1x_f137c4e7403a.png",

```json
{
  "riskscore": 3,
  "reasons": "The code includes functionality for message passing between different contexts (e.g., iframes or windows) using the postMessage API. While this is not inherently malicious, it can be used for phishing or other malicious activities if not properly secured. The code also dynamically executes functions based on message data, which could be exploited if the source of the messages is not trusted. However, there is no clear indication of malicious intent or behavior in the provided code."
}

'use strict';function h(a){this.data=a};function k(a){this.h=a}function n(a,c){p(a,c);return new k(a)}function q(a){var c=new MessageChannel;p(c.port1,a);return c}function p(a,c){c&&(a.onmessage=function(f){var d=f.data;n(f.ports[0]);c(new h(d))})};/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
var r=/#|$/;function v(a){var c=w,f=c.search(r);a:{var d=0;for(var b=a.length;0<=(d=c.indexOf(a,d))&&d<f;){var e=c.charCodeAt(d-1);if(38==e||63==e)if(e=c.charCodeAt(d+b),!e||61==e||38==e||35==e)break a;d+=b+1}d=-1}if(0>d)return null;b=c.indexOf("&",d);if(0>b||b>f)b=f;d+=a.length+1;return decodeURIComponent(c.slice(d,-1!==b?b:0).replace(/\+/g," "))};var w=window.location.href,x="ogi_"+(v("cn")||""),y;
function z(a,c,f){c=void 0===c?{}:c;if(!y){var d=v("origin")||"",b={destination:window.parent,origin:d,g:x,onMessage:void 0};d=b.destination;var e=b.origin,g=void 0===b.i?void 0:b.i,t=void 0===b.g?"ZNWN1d":b.g;b=void 0===b.onMessage?void 0:b.onMessage;if("*"===e)throw Error("Sending to wildcard origin not allowed.");var u=q(b),l={};g=g?(l.n=t,l.t=g,l):t;d.postMessage(g,e,[u.port2]);y=n(u.port1,b)}a={event:a,data:c};c=y;var m=void 0===m?[]:m;f=q(f);c.h.postMessage(a,[f.port2].concat(m))};z("_startuploaded",{wt:"al"},function(a){window._ed=a.data._ed});
(function(a){"loading"===document.readyState?document.addEventListener("DOMContentLoaded",function(){a()}):a()})(function(){var a=void 0===a?"":a;var c=void 0===c?"":c;var f=void 0===f?!1:f;var d=void 0===d?!1:d;var b={wt:"al"};if(null!=document.querySelector("[data-ogmv]")){var e=window.performance&&window.performance.timing;b.ttf=e&&e.responseEnd&&e.fetchStart?e.responseEnd-e.fetchStart:null;a&&(b.height=a);c&&(b.width=c);b.icss=f;b.dc=d;z("_renderstart",b)}else z("_renderfailed",b)});