Windows Analysis Report
https://maya-lopez.filemail.com/t/BLFGBJSQ

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://maya-lopez.filemail.com

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
    "contains_trigger_text": true,
    "trigger_text": "With you",
    "prominent_button_name": "Download file",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "risk_score": 2,
    "reasoning": "This appears to be a legitimate initialization script for Filemail.com. It sets up configuration variables, includes standard base64 decoding, and interacts only with trusted domains (filemail.com subdomains). The script contains basic platform detection and louserzation functionality without any suspicious behaviors."
}

    (function (w) {
        w.wasStartupInvoked = true;
        var f = w.Filemail = w.Filemail || {};
        f.websiteUrl = 'https://www.filemail.com';
        f.appUrl = 'https://app.filemail.com';
        f.apiSetup = { baseUrl: 'https://api.filemail.com', version: '2.0' };
        f.appver = '1.9810.0-2066.142f1f5';
        f.env = 'Production';
        f.scriptsVer = '1.9810.0.1';
        f.logenabled = false;
        f.pages = f.pages || {};
        f.ng = f.ng || {};
        f.datez = { firstDayOfWeek: 0 };
        f.defaultCulture = 'en-us';
        f.culture = 'en-us';
        f.currentUrlLanguagePart = '';
        f.b64decode = function (str) { return decodeURIComponent(atob(str).split('').map(function (c) { return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2); }).join('')); };
        f.colors = { primary: '#1377C3' };
        var config = JSON.parse(f.b64decode('eyJmYmlkIjoiMTM4MzAwMDMyMDk2IiwiY2RuIjoiIiwiY291bnRyeSI6IlVTIiwibWF4RnJlZVRyYW5zZmVyc1BlcjI0SCI6MiwibWVtYmVyc2hpcCI6IkZyZWUiLCJ1cGxvYWRlclVzZXIiOm51bGx9'));
        w.FacebookAppId = config.fbid;
        f.uploader = f.uploader || {};
        f.uploader.user = config.uploaderUser;
        f.uploader.upgradeInfo = config.upgradeInfo;
        f.Country = config.country;
        f.Settings = { MaxFreeTransfersPer24Hours: 2 };
        f.CDN = config.cdn;
        
        f.OSdetect = (function () {
            var macosPlatforms = ['Macintosh', 'MacIntel', 'MacPPC', 'Mac68K'],
                windowsPlatforms = ['Win32', 'Win64', 'Windows', 'WinCE'],
                iosPlatforms = ['iPhone', 'iPad', 'iPod'];
            var ua = (w.navigator.userAgent || '').toLowerCase(), pl = w.navigator.platform, os = null;
            if (ua.indexOf('iphone') > -1 || ua.indexOf('ipad') > -1 || ua.indexOf('macintosh') > -1 && 'ontouchend' in document) {
                os = 'iOS';
            } else if (macosPlatforms.indexOf(pl) !== -1) {
                os = 'Mac OS';
            } else if (windowsPlatforms.indexOf(pl) !== -1) {
                os = 'Windows';
            } else if (/android/.test(ua)) {
                os = 'Android';
            }
            if (!os && /Linux/.test(pl)) {
                os = 'Linux';
            }
            return os;
        })();
        
        f.deeplinkHost = 'https://deeplink.filemail.com';
        
        f.langs = JSON.parse(f.b64decode('eyJBQk9VVCI6IkFib3V0IiwiQUNDT1VOVCI6IkFjY291bnQiLCJBQ0NPVU5USU5GT1JNQVRJT04iOiJBY2NvdW50IEluZm9ybWF0aW9uIiwiQUREIjoiQWRkIiwiQUREQ09OVEFDVCI6IkFkZCBDb250YWN0IiwiQURERklMRVMiOiJBZGQgRmlsZXMiLCJBRERHUk9VUCI6IkFkZCBHcm91cCIsIkFERFBBU1NXT1JEUFJPVEVDVElPTiI6IlByb3RlY3QgZG93bmxvYWQgcGFnZSB3aXRoIHBhc3N3b3JkIiwiQUREUkVNT1ZFQ09OVEFDVFMiOiJBZGQvUmVtb3ZlIENvbnRhY3RzIiwiQUxMQ09OVEFDVFMiOiJBbGwgY29udGFjdHMiLCJBTExPV1VTRVJUT1JFQ0VJVkVGSUxFUyI6IkFsbG93IHVzZXIgdG8gcmVjZWl2ZSBmaWxlcyIsIkFSRVlPVVNVUkUiOiJBcmUgeW91IHN1cmU/IiwiQVJFWU9VU1VSRVlPVVdBTlRUT0RFTEVURVRISVNUUkFOU0ZFUiI6IkFyZSB5b3Ugc3VyZSB5b3Ugd2FudCB0byBkZWxldGUgdGhpcyB0cmFuc2Zlcj8iLCJBUkVZT1VTVVJFWU9VV0FOVFRPREVMRVRFVEhJU1VTRVIiOiJBcmUgeW91IHN1cmUgeW91IHdhbnQgdG8gZGVsZXRlIHRoaXMgdXNlcj8iLCJBUkVZT1VTVVJFWU9VV0FOVFRPTE9HT1VUIjoiQXJlIHlvdSBzdXJlIHlvdSB3YW50IHRvIGxvZyBvdXQ/IiwiQVZFUkFHRSI6IkF2ZXJhZ2UiLCJCUk9XU0VSIjoiQnJvd3NlciIsIkFCT1VUVE9FWFBJUkVUUkFOU0ZFUiI6IlRoaXMgY2hhbmdlIHdpbGwgZXhwaXJlIHRoZSB0cmFuc2Zlci4gSXQgd29uJ3QgYmUgYWNjZXNzaWJsZSBmcm9tIG5vdyBvbiBhbmQgYWxsIGl0cyBmaWxlcyB3aWxsIGJlIHJlbW92ZWQuIERvIHlvdSB3aXNoIHRvIHByb2NlZWQ/IiwiQURERk9MREVSIjoiQWRkIEZvbGRlciIsIkFERFNFTEVDVEVEVE9HUk9VUCI6IkFkZCB0byBncm91cHMiLCJBTExGSUxFUyI6IkFsbCBmaWxlcyIsIkFMTE9XVVNFUlNUT0NIQU5HRVBBU1NXT1JEIjoiQWxsb3cgdXNlcnMgdG8gY2hhbmdlIHBhc3N3b3JkIiwiQU5BQ0NPVU5URVhJU1RTUExFQVNFTE9HSU4iOiJBbiBhY2NvdW50IGV4aXN0cyBmb3IgW0VNQUlMXS4gPGJyPiBQbGVhc2UgbG9nIGluIHRvIHByb2NlZWQuIiwiQU5BTFlaSU5HRk9MREVSU1RSVUNUVVJFIjoiQW5hbHl6aW5nIGZvbGRlciBzdHJ1Y3R1cmUiLCJBTk9OWU1PVVMiOiJBbm9ueW1vdXMiLCJBTk9USEVSREVWSUNFSEFWRUxPR0dFRElOIjoiWW91IGhhdmUgYmVlbiBsb2dnZWQgb3V0IHNpbmNlIGFub3RoZXIgZGV2aWN

{
  "brands": "unknown"
}

{
    "risk_score": 2,
    "reasoning": "This is a legitimate implementation of Google reCAPTCHA v3. It loads the official Google reCAPTCHA script and initializes it with a valid site key. The code follows standard practices for async script loading and uses proper promise-based handling. The only minor risk factors are external script loading and the use of window object manipulation, but these are necessary for reCAPTCHA functionality."
}

    !function(e){var t=e.Filemail=e.Filemail||{};t.recaptcha={},t.recaptcha.setup=function(i){this.sitekey=i,this.initDone=!1,t.recaptcha.getToken=function(t){t=t||"submit";var i=this,n=new $.Deferred;return this.init().then((function(){e.grecaptcha.execute(i.sitekey,{action:t}).then((function(e){n.resolve(e)}))})),n.promise()},t.recaptcha.init=function(){var i=this,n=new $.Deferred;if(i.initDone)n.resolve();else{e.__recaptchaCallback=function(){i.initDone=!0,n.resolve()};var a="https://www.google.com/recaptcha/api.js?render="+i.sitekey+"&onload=__recaptchaCallback";t.loadScript(a,null,{async:!0})}return n.promise()}}}(window);

    Filemail.recaptcha.setup('6LfiE5ocAAAAAPIxSggV1OLpAwQcnEJPbS7aqwNp');

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://app.filemail.com

{
    "risk_score": 2,
    "reasoning": "This appears to be legitimate Matomo (formerly Piwik) analytics code. It includes proper licensing, source attribution, and uses standard analytics practices. The code performs local/session storage operations and DOM manipulation for tracking purposes. While it includes some data transmission capabilities, it's from a known, reputable analytics platform. The code is not obfuscated and follows expected patterns for analytics implementation."
}

/*!!
 * Matomo - free/libre analytics platform
 *
 * Matomo Tag Manager
 *
 * @link https://matomo.org
 * @source https://github.com/matomo-org/tag-manager/blob/master/js/piwik.js
 * @license https://matomo.org/free-software/bsd/ BSD-3 Clause (also in js/LICENSE.txt)
 */
(function(){var b=document;var a=window;
var ignoreGtmDataLayer = false;
;
/*!!! previewModeHook */
;if(typeof window.MatomoTagManager!=="object"){if(typeof window._mtm!=="object"){window._mtm=[]}window.MatomoTagManager=(function(){var k=new Date().getTime();function j(){if(window.mtmPreviewWindow&&"object"===typeof window.mtmPreviewWindow.mtmLogs){var G=new Date();var I=[];for(var H=0;H<arguments.length;H++){I.push(JSON.stringify(arguments[H],function(i,J){if(typeof J==="object"&&J instanceof Node){return J.nodeName}else{return J}}))}window.mtmPreviewWindow.mtmLogs.push({time:G.toLocaleTimeString()+"."+G.getMilliseconds(),messages:I})}}function d(G){if(window.mtmPreviewWindow&&"object"===typeof window.mtmPreviewWindow.mtmEvents&&G){var i=new Date();
G.time=i.toLocaleTimeString()+"."+i.getMilliseconds();window.mtmPreviewWindow.mtmEvents.push(G)}}var y={enabled:!!window.mtmPreviewWindow,log:function(){j.apply(a,arguments);if(this.enabled&&"undefined"!==typeof console&&console&&console.debug){console.debug.apply(console,arguments)}},error:function(){j.apply(a,arguments);if("undefined"!==typeof console&&console&&console.error){console.error.apply(console,arguments)}}};function C(i){y.error(i);if(typeof l!=="object"||l.THROW_ERRORS){throw new Error(i)}}function u(H,J){if(B.isString(H)&&H.indexOf(".")!==-1){var I=H.split(".");var G;for(G=0;G<I.length;G++){if(I[G] in J){J=J[I[G]]}else{return}}return J}}function F(K){var J="mtm:";var G={};function I(N){return K in a&&B.isObject(a[K])}function M(N){return I()&&B.isFunction(a[K][N])}function L(P,N){if(M("setItem")){try{a[K].setItem(J+P,JSON.stringify(N))}catch(O){}}else{G[P]=N}}function H(P){if(M("getItem")){try{var N=a[K].getItem(J+P);if(N){N=JSON.parse(N);if(B.isObject(N)){return N}}}catch(O){}return{}
}else{if(P in G){return G[P]}}}function i(O){if(M("removeItem")){try{a[K].removeItem(J+O)}catch(N){}}else{if(O in G){delete G[O]}}}this.set=function(R,O,S,N){var P=null;if(N){P=(new Date().getTime())+(parseInt(N,10)*1000)}var Q=H(R);Q[O]={value:S,expire:P};L(R,Q)};this.get=function(P,N){var O=H(P);if(O&&N in O&&"value" in O[N]){if(O[N].expire&&O[N].expire<(new Date().getTime())){delete O[N];L(P);return}return O[N].value}};this.clearAll=function(){G={};if(I()&&B.isFunction(Object.keys)){var N=Object.keys(a[K]);if(N){for(var O=0;O<N.length;O++){if(String(N[O]).substr(0,J.length)===J){i(String(N[O]).substr(J.length))}}}}}}var x=new F("localStorage");var e=new F("sessionStorage");var B={_compare:function(J,G,I){var H=["equals","starts_with","contains","ends_with"];if(this.indexOfArray(H,I)!==-1){J=String(J).toLowerCase();G=String(G).toLowerCase()}switch(I){case"equals":return String(J)===String(G);case"equals_exactly":return String(J)===String(G);case"regexp":return null!==(String(J).match(new RegExp(G)));
case"regexp_ignore_case":return null!==(String(J).match(new RegExp(G,"i")));case"lower_than":return J<G;case"lower_than_or_equals":return J<=G;case"greater_than":return J>G;case"greater_than_or_equals":return J>=G;case"contains":return String(J).indexOf(G)!==-1;case"match_css_selector":if(!G||!J){return false}var i=A.bySelector(G);return B.indexOfArray(i,J)!==-1;case"starts_with":return String(J).indexOf(G)===0;case"ends_with":return String(J).substring(J.length-G.length,J.length)===G}return false},compare:function(J,G,H){var I=String(H).indexOf("not_")===0;if(I){H=String(H).substr("not_".length)}var i=this._compare(J,G,H);if(I){return !i}return i},trim:function(i){if(i&&String(i)===i){return i.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,"")}return i},isDefined:function(G){var i=typeof G;return i!=="undefined"},isFunction:function(i){return typeof i==="function"},isObject:function(i){return typeof i==="object"&&i!==null},is

{
    "risk_score": 2,
    "reasoning": "This is a legitimate CSS loading polyfill script with low risk. It handles preloading of stylesheets and includes fallbacks for older browsers. While it uses DOM manipulation and contains legacy practices (attachEvent), these are for compatibility purposes. No data transmission or suspicious behaviors observed. The code is minified but not maliciously obfuscated."
}

!function (t) { "use strict"; t.loadCSS || (t.loadCSS = function () { }); var e = loadCSS.relpreload = {}; if (e.support = function () { var e; try { e = t.document.createElement("link").relList.supports("preload") } catch (t) { e = !1 } return function () { return e } }(), e.bindMediaToggle = function (t) { var e = t.media || "all"; function a() { t.addEventListener ? t.removeEventListener("load", a) : t.attachEvent && t.detachEvent("onload", a), t.setAttribute("onload", null), t.media = e } t.addEventListener ? t.addEventListener("load", a) : t.attachEvent && t.attachEvent("onload", a), setTimeout(function () { t.rel = "stylesheet", t.media = "only x" }), setTimeout(a, 3e3) }, e.poly = function () { if (!e.support()) for (var a = t.document.getElementsByTagName("link"), n = 0; n < a.length; n++) { var o = a[n]; "preload" !== o.rel || "style" !== o.getAttribute("as") || o.getAttribute("data-loadcss") || (o.setAttribute("data-loadcss", !0), e.bindMediaToggle(o)) } }, !e.support()) { e.poly(); var a = t.setInterval(e.poly, 500); t.addEventListener ? t.addEventListener("load", function () { e.poly(), t.clearInterval(a) }) : t.attachEvent && t.attachEvent("onload", function () { e.poly(), t.clearInterval(a) }) } "undefined" != typeof exports ? exports.loadCSS = loadCSS : t.loadCSS = loadCSS }("undefined" != typeof global ? global : this);

{
    "risk_score": 1,
    "reasoning": "This is the beginning of the legitimate jQuery library (v3.5.1), a widely-used and trusted JavaScript framework. The code shown is the standard jQuery initialization and core functionality implementation. It contains no malicious patterns, uses standard module loading practices, and is from a trusted source (jquery.org)."
}

/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document

{
  "brands": "unknown"
}

{
    "risk_score": 2,
    "reasoning": "This is a legitimate Intercom chat widget integration script. While it uses base64 encoding for settings (1 point) and loads external script from widget.intercom.io (1 point), Intercom is a trusted service provider. The script follows standard integration patterns, loads from official Intercom domain, and the encoded data only contains basic configuration. The delayed loading and event handling are standard practices."
}

    (function (w, d) {
        var l = function () {
            w.intercomSettings = JSON.parse(Filemail.b64decode('eyJhcHBfaWQiOiJwNDFyMThveCIsImlwIjoiOC40Ni4xMjMuMjI4In0='));
            var ic = w.Intercom;
            if (typeof ic === "function") {
                ic('reattach_activator');
                ic('update', intercomSettings);
            } else {
                var i = function () {
                    i.c(arguments);
                };
                i.q = [];
                i.c = function (args) {
                    i.q.push(args);
                };
                w.Intercom = i;
                var s = d.createElement('script');
                s.type = 'text/javascript';
                s.async = true;
                s.src = 'https://widget.intercom.io/widget/p41r18ox';
                var x = d.getElementsByTagName('script')[0];
                x.parentNode.insertBefore(s, x);
            }
        };
        
        var x = function () {
            setTimeout(l, 6002);
        };
        if (w.attachEvent) {
            w.attachEvent('onload', x);
        } else {
            w.addEventListener('load', x, false);
        }
        
        })(window, document);

{
  "contains_trigger_text": true,
  "trigger_text": "With you",
  "prominent_button_name": "Download file",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": true,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
    "risk_score": 1,
    "reasoning": "This is a legitimate script setting up the Google reCAPTCHA API endpoint. It's a common and safe practice used for implementing CAPTCHA verification. The domain is trusted (google.com), and the variable naming convention matches Google's official reCAPTCHA implementation."
}

window['__recaptcha_api'] = 'https://www.google.com/recaptcha/api2/';

{
    "contains_trigger_text": true,
    "trigger_text": "A document has been sent through One Drive. Click the Access Document button below and Log in with your email account to view it.",
    "prominent_button_name": "Access Document",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "risk_score": 2,
    "reasoning": "This is Google's reCAPTCHA initialization script. It loads from trusted Google domains (google.com, gstatic.com), includes security features like SRI (integrity check), nonce attributes, and origin-trial meta tag. The script follows security best practices including async loading and proper cross-origin handling. While it does load external resources and manipulate DOM, it's from a trusted source with proper security controls."
}

/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('6LfiE5ocAAAAAPIxSggV1OLpAwQcnEJPbS7aqwNp');(cfg['onload']=cfg['onload']||[]).push('__recaptchaCallback');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m);}});}else{d.head.prepend(m);}po.src='https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-BJuEtmqk8gvp2kvOiXzxtaoRQQS7QjSOSAczV0tKC29lpbOt/RFR43n1iVnzO4Em';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s);})();

{
    "contains_trigger_text": true,
    "trigger_text": "A document has been sent through One Drive. Click the Access Document button below and Log in with your email account to view it.",
    "prominent_button_name": "Access Document",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "risk_score": 2,
    "reasoning": "This appears to be a legitimate Google reCAPTCHA initialization script. While it contains encoded/base64 data (+1) and includes external resource loading (+1), it's from a trusted domain (google.com) and follows expected reCAPTCHA implementation patterns. The encoded data is a standard practice for reCAPTCHA's configuration and initialization."
}

      recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy9PLW9LN3RPNTNpNjN5dEhXbHhPckdfeUsxOFNEcUJzbk9FUTZBbnlyV09VLmpz\x22,\x22\x22,\x22V0l1R0wxWlZlMnV0Yy9nclZZSkFRbXJNTlFrNzU2M3prTjB3S3JwOWRjNUZaUG1TV0lKN3VSWTI2OENkdGMxNTJ0cStzeHV1YW5HLzR5VG5HeDdraEZndWJqU2VaT0tFd3FCc3d6UUMxSHhURVU2M2U5MFZncjA5eG8vLzBWaTJuN01ITkViRjlHWjVlUjZHaElJTjdZcHNtTzBrUzJ6WjRYUlRMQTMyK2RoSGttS0RTRVFjMDFDcEk0Nk5NUlNEcXFGSzU4YW1qa2FGWm9PUkw0cXlLVGdPdnk4ZjdPMlVxcHpOQlQ1b2E0K3ZEZ2M1dFZVMFN6N1MxcUJiSEhJcCtMSG44VmIzYll2MnVjdzc0WnU5eFdxMnJ6eVpXM1lrWTdzK1F0d1c5WHRiWWxDdlc0M0c4aWMybVJGWDc5MkhxTW55NXRTSER2ck8yeGFtMlJscnFjYndnZVpiYUpFZWlqRy9VQ2RGbWQvNUdRMjhNWGZWbVFIeExBcDVuM3lUY3o3REFSR1VqSFpLVlZlMFJ1c0JUMnJGbjJpWGFPdjJPSHVkM1ExVFhVMEtFUTFMRGFrZklLMmY4SDY1YWRtR0hqSUhKbXdJMmo1a3NUTFhXbWcyQjVZRTdjZkMwTktrb3gyZWh3eEt4RXA4WWt3Vis0SEloWTMyTUpjS1p0bGJEa2l3TlZQL0JBVDBNSURONlJxNTdzblpSQWVoOTlmSzFxeGdhMy9OdTlBMkM3V3hIM0l1YVZiUnU2OVpZZXJTdjd2MTJzK1E4L1VtbmRqWmJ4d2xrSzFleFZaa1dSRGdYNHpiajlZWXdxNWE4NVNrRUtNbHpsNjdoVHpuRDFOQUFDMjFpc0VCTkphejI1WjhSWFJXSlA1S2lkYjBYeFVFNVh0Uzk3NnZ6aWxDTW5yR1Z4eVA2QmF2eHBLYjVicnQxR3NmYmc5Wk5lZU1sY2t4Wk9UVEVZR2pqQThoZW1ob0VsY0JvMDVxYUw2M08vV2w4Q01nS0tmZFN2TXlnT2tlVlJoZVVkTnpZM05vb0p1MjFyaUtGK1pQcUY2UTc5Q3AyTmY3b2FWbFQxSkEyOWtIajRheVExRGdNclBBR0g4NTZkUjlBUFlBa2dRVVpha3krNXhXUG9ZR1JTWEpvcVFEbWc2UDBpeDlieUp2ZGhnVjNvNTRnRVczWUNabmkzK3d4bWR4N00yMVlNQytQTlkrRUQyWjJ4NHpBak1TRURJTHNYK2c0V2xwN08xWUptUldIMUdFZHg2RVpyRHA5WUlUbFQrQ2lqcjByVUJiSGhLcnVhWUQzSVhZUlNCMlhudlpzb0t5bmxYcExqNzZrMzJ1NGhNcGhqVXRXSDVuM1Q1QXl1THdzQU56ZldDMmI1VHFYZXpQV0tXTjBVS1l0WUdOMmNENWpjVHdOUEh6R2hkeTQzSlVFVVF5OWNycDVZcGp5WDJpNmxVaGs2QmZVVkl6WXlhV0o2TEhHbHlDWWd1QnEvdXZDYi94ZVFrMGJlQng3M2QwWm4rOEJTbGFzS01PUWE1Z2E3M2J0bHBYWFpDMGlIK2lvbzVKcDc5UFpyTmtVVmZYRWRMeHAvbkExZENDZ0JHeEIrY2NBUytEYmtsd2ptUVZ4bSs3cUd0TjVBdnY2eFltelUxYytHUGJzTXRyY2pIMVRvYzN0TkJ6YkNhb3c1NkNXK215bWUrUWwxdmdpWHNjYUtUZGMrcUd4dHpmWFFUYXRPSWt5SEhWNzZOSDc4TzhGZEdGU2VuV2dHL1NZZGdLMXJ5T09lcURhVUlLUys4OTlWamU5SnJwTkV2ZUtlRkdkc2ZRUlB2THBnRFJsUU9wUVhveDdrRHpmK2lzRG5tMVRaeWoyU0FwdldjMVRVVlV5OW9hWWVNMk9iandnSVloN0NUSE1Vbmt3emppbGd5Y1RqUFpRTk43dFpoTFhhYklSMGczdkZPdjI1MnNMNHArTWNKU0ZKeGtwOUt1VVFIV1V6ZlpaRnhwRW9iMXNyei9HRkdnbzJiRFN5VERvVUJaRzZUNW1TbEcyTUJidHh6SlFlNFA2VzRRc2xiQlNwL1BWY0J2YW9pZFlncG5GY3A1bFlYUmdJZGpiV0RrZTN6bVhWNktZYlFDVVZhQ0NES3ZKZTRkek1NOVZuZHZ2TjZyTGYxL042MDRiY0pxY2I4VDhCS21HanRGSklUOXM1cUljMndibTRKVHhmR1h2MmRpMy81eUZsSlNRZkpNUm5XYUpja2l0V2RDanFxdmorRkxrdktvcTN0dEE2cTRVNG44cjkwYW9xVkdzRzFib1JJbnNDNE1DRk84YzRiREhRTlpFY1R6WnBiVVpaY3NWQlFxa2NSNFNYS2wvLzRsdldCVG1uV3Y4Q3VFZi85NXJDOGlWZnJtL3lFZktqa0ROUkhDcTdNOTB5RUlkMzJ1UTlYb2U1aUlDcHlLTUFYQUhhUUs0WkNyL0hmWFdyci90UnhtZ2lGd2c0NERWa0hubmN2Z1p1SVJINjdmc1R2QW8zZEFOWUNpTTZoWDBZT3JGNjNMZ0dyaUYwYVVVT3czWHREQmRaTnZ1WEVmeGVzaEx2M1ErQ09FdGFwL2N0K0MwK0NCMkljMUhmOHpIN1l1WXhIOEg3K3JOb2UxaXV4bGhSeTFOTFJkdDVQR0FQeXJQdU5lYjFHMWQ2eFVnWllWUjdUM25rRktLV2Rrd3Roa2VnYmp4aWd2amdKWmdUU01rSlpGVHljTlRkVG50dk01YTdzVUhuQkczWU9EYy96WEJoQmVZaE5qT0dtS3U3cWF3K252Qy9MVW1jd0NLUVZKT05OdTd0SStOT2lWazBRTS9laVBPT0lDMTlYSU80eGF2T043S3hieW8yalpqQzYyblg5RWNLMTQvMkh5cG4vbEVQNVJETGJGMC90NzErem5FRmZJdHJEU2pCVm9EcHRzbTNrbnhEM1I3YkxtZmd6Q080Ym5ET25LVG12WlRNbVZoYUE3R01OcUNmL3dPVmJDeFAwT0c3N0tSdnpBbnprOCsxb08rK2JzSjd0a25KUkxTY1pLSWFvYUhqaVRyOGFzWldwM0ZlTWwvZTEweERXcE53VklsdGhONHMyNVJHMWNSNm1zMmtTL0o0MytGN0VHVExWY1ZqR3dUU3lVVzFGT0lIVkdxeVc5NGtmeGYxTytIK2pESVFaVnZyYVM1ckVuVEJCZWFCM0FCam1JK2d1MWNiZTduNnRydGc0UUVlM1NJK2lvRjR1cVoyM0UwdXlMYTduMU1RYklmNktoVVBzSWFSNGc1alN2UzJON3R5VlgyUTUrcno5TlpSZzlrSVd5bXlFVVVXMHR5RHRORThsak1DazJqbUlkNVBjWXBoQzFiOXlKMkxQUWZaUWdhc08wTGFoa2FzNlJYa2NYYUhzRFRheVdOdmpib1lVdUJUd2h5SDAwYStTL1FFN2hvdjU1TUtjZmlUMVV4MlUzelkyUlZkbTlFaVpJMFd6bDFhNjJmVFliSDh3SEZTUGtjaThFeGl4cjJqYVRMNjJodHI0enNESUpOQ25CdlgyZmxUUlJSeVhJZzJ2N1UwTEF6bWZBMmxFYk9DaEpjZDY4Z29KcHVXMkN1QmZXUEltclR1QklvYUlpQ1NLZW5RR1d4YUt2bEtVL3djeHV6MzJOUEI5UFloVW15ck5zUW5yUVQyMlZ1UEFqdHBNOU1zTDMxSVVWYk5YckQ4VVZJMTBPc3hKY2U5N3o1U0pYS1VDTWJRRzk5ZHlsMFNuRnlENGRSdHFPTkJ5Z1dxUGpMdFVScUdHeDRJbi8ydmdXNzMyVWs0RkVHU3F

{
  "brands": [
    "Office 365"
  ]
}

{
  "brands": [
    "Office 365"
  ]
}

{
  "brands": [
    "Office 365"
  ]
}

{
    "risk_score": 4,
    "reasoning": "The script shows moderate risk indicators including service worker registration and cross-origin messaging. While it appears to be a legitimate Google service worker implementation (based on copyright notice and coding style), it contains potential security-sensitive operations: cross-origin communication, dynamic URL construction, and message passing between windows. The code is minified but not maliciously obfuscated. The presence of trusted types policies and strict security checks reduces the risk score."
}

'use strict';class m{constructor(a){this.j=a;this.g={};this.h={};this.i=0;this.id=String(Math.floor(Number.MAX_SAFE_INTEGER*Math.random()))}}function n(a){return a.performance&&a.performance.now()||Date.now()}
var p=function(a,b){class d{constructor(c,g,f){this.failureType=c;this.data=g;this.g=f;this.h=new m(n(f))}s(c,g){const f=c.clientId;if(c.type===0){c.isDead=!0;var e=this.h,h=n(this.g);e.g[f]==null&&(e.g[f]=0,e.h[f]=h,e.i++);e.g[f]++;c.stats={targetId:e.id,clientCount:e.i,totalLifeMs:Math.round(h-e.j),heartbeatCount:e.g[f],clientLifeMs:Math.round(h-e.h[f])}}c.failure={failureType:this.failureType,data:this.data};g(c)}}return new d(5,a,b)};/*

 Copyright Google LLC
 SPDX-License-Identifier: Apache-2.0
*/
let q=globalThis.trustedTypes,r;function t(){let a=null;if(!q)return a;try{const b=d=>d;a=q.createPolicy("goog#html",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};var u=class{constructor(a){this.g=a}toString(){return this.g+""}};function v(a){const b=a;var d;r===void 0&&(r=t());d=r;return new u(d?d.createScriptURL(b):b)}function w(a){if(a instanceof u)return a.g;throw Error("");};function x(a,...b){if(b.length===0)return v(a[0]);let d=a[0];for(let c=0;c<b.length;c++)d+=encodeURIComponent(b[c])+a[c+1];return v(d)}function y(a){var b=x`sw.js`,d=w(b).toString();const c=d.split(/[?#]/),g=/[?]/.test(d)?"?"+c[1]:"";return z(c[0],g,/[#]/.test(d)?"#"+(g?c[2]:c[1]):"",a)}
function z(a,b,d,c){function g(e,h){e!=null&&(Array.isArray(e)?e.forEach(l=>g(l,h)):(b+=f+encodeURIComponent(h)+"="+encodeURIComponent(e),f="&"))}let f=b.length?"&":"?";c.constructor===Object&&(c=Object.entries(c));Array.isArray(c)?c.forEach(e=>g(e[1],e[0])):c.forEach(g);return v(a+b+d)};const A=/Chrome\/(\d+)/;var C=function(a){const b=a.origin;if(b){var d=a.o?"swe.js":"sw.js",c=a.g?x`/static/service_worker/${a.g}/${d}?origin=${b}`:x`/gtm/static/${d}?origin=${b}`,g=new Map([["origin",b]]);a.h&&g.set("path",a.h);var f=a.l?y(g):c,e=()=>{const k=A.exec(a.window.navigator.userAgent);return k&&Number(k[1])<119},h=a.window.document.location.href;a.g&&(a.l?h=`${a.h}/_/service_worker`:e()||(h="/static/service_worker"));var l={scope:h};a.g&&(l.updateViaCache="all");a.window.navigator.serviceWorker.register(w(f),
l).then(()=>{a.window.navigator.serviceWorker.ready.then(k=>{a.i=k.active;B(a)})},k=>{a.j=p(k==null?void 0:k.toString(),a.window);B(a)});a.window.navigator.serviceWorker.addEventListener("message",k=>{a.window.parent.postMessage(k.data,a.origin)})}},B=function(a){const b=a.m.slice();a.m=[];for(const d of b)a.handleEvent(d)};
(function(a){if((f=>{try{return f!==f.top}catch(e){return!0}})(a.window)){var b=new URL(a.window.document.location.href),d=b.searchParams.get("origin");if(d){a.origin=d;a.l=!!b.searchParams.get("1p");a.o=!!b.searchParams.get("e");a.h=b.searchParams.get("path")||"";var c=b.pathname.match(RegExp(".*/service_worker/(\\w+)/"));c&&c.length&&(a.g=c[1]);var g=a.window.document.location.ancestorOrigins;g&&g[0]!==a.origin||(C(a),a.window.addEventListener("message",f=>{a.handleEvent(f)}))}}})(new class{constructor(a){this.window=
a;this.origin="";this.o=this.l=!1;this.h="";this.j=this.i=null;this.m=[];this.g=""}handleEvent(a){a.origin===this.origin&&(this.i?this.i.postMessage(a.data):this.j?this.j.s(a.data,b=>{this.window.parent.postMessage(b,this.origin)}):this.m.push(a))}}(window));
  

{
  "contains_trigger_text": true,
  "trigger_text": "Online safety check underway.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://skov-dk.com

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, Phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The provided URL 'skov-dk.com' does not match the legitimate domain for Microsoft.",    "The URL 'skov-dk.com' contains a hyphen and does not resemble any known Microsoft subdomains or associated services.",    "The URL does not contain any recognizable Microsoft branding or domain elements.",    "The presence of input fields for 'Email, Phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong phishing indicator."  ],  "riskscore": 9}
Google indexed: False

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://filemail.com