Windows Analysis Report
https://t.co/4MnukUbNZX

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://t.co

{
    "risk_score": 7,
    "reasoning": "The script demonstrates high-risk behavior by redirecting the user to an untrusted domain, which could be part of a phishing or malicious campaign. The use of `window.opener = null` and `location.replace()` to forcefully redirect the user is a concerning pattern that warrants further investigation."
}

window.opener = null; location.replace("https:\/\/office.nredlearrn.org\/iplZpEER")

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
}

"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 6,
    "reasoning": "The script appears to be a Cloudflare challenge script, which is a common security measure used to protect websites from abuse. While it uses some techniques like obfuscation and dynamic code execution, these are likely for legitimate purposes. However, the script also sends user data to external domains, which raises some moderate risk concerns. Further review may be needed to fully understand the script's behavior and intent."
}

(function(){window._cf_chl_opt={cvId: '3',cZone: "office.nredlearrn.org",cType: 'managed',cRay: '8f384815e9169f76',cH: 'Bl.fwdTIC3PC.VgN.B6tuEIweD5QG1lnPTJqlg3fBM4-1734452857-1.2.1.1-v6B9Gc5QNYt5t9.5vNtLdm1aMF2BurAWZO4p6BBFoswa03mtxJGzy8uLx5korACM',cUPMDTk: "\/iplZpEER?__cf_chl_tk=doSTkyzlbwUxInuE9pm25eVp2aYOqXZsGu4VXg7UMdI-1734452857-1.0.1.1-tocnVaUjAc_JRxmA7xnlNDu0XBwEuDEdto8_7XmyCDA",cFPWv: 'b',cITimeS: '1734452857',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/iplZpEER?__cf_chl_f_tk=doSTkyzlbwUxInuE9pm25eVp2aYOqXZsGu4VXg7UMdI-1734452857-1.0.1.1-tocnVaUjAc_JRxmA7xnlNDu0XBwEuDEdto8_7XmyCDA",md: "NrOCY86c3hWr0GMmyBHMC99Ways0M_ozHFvi3fA3WU8-1734452857-1.2.1.1-06ZFti4aSlbAnPas_rpsYPywaPBS4UHziNyY4yzhMNrtynbAvYKimOVwaZ56FQndMwOB9Lj_a51kY.Fuull4kH4rlz2bsT.tXZCwhF7E2bXSp7CZSkylhr5mAoktbKcUtASAjPNMjf3i2JqwEvi5vdOOa5SHJH27MKK.LvRTUnn02mtE4sBWoZAHEunpRZBTbANowtQwMhbXUbhvypU0JJwqLGLSGQ.JCKrXsBLfWwYMnfl5NmR13IZ2lcfZLqjwOK7x2YSaZp9WgW2eH6xNJc0LLIIedWdjE4JGdQm52aATaVRyA04kxBZzzjJub2hqz_DddvWmJ0ckvelONCt4wP3g0DeOUawTyghvJMRk53WEAcM0fXCg7QGviAZgpsv61Shduz70YD5hErvzoUY5OhVxGdEQXwnnPzujnM2cG5zDdQWDlM.0xZDgtRf2cuZH3AqToaY9p6ppQjbWGdkscvXY4wapsZFZMkvrpIyAIsr0sNkWd8SExy5ZOM4hyzX1.jCqT0SmnRCaSMdVEEx1WeJRMtci1qI3fLx_XFhMUCJVUEpYkEzfmac8GyxtO.eVGm49lk8u82OxvxYUQTk9Q9ePlTOebBFbwoVJIZ0RrUpMi9Tk2usl.D9LaWR4U0ODOp7t7_iDF9DbZrVJD_.qUrYiVYz3f1Q8.JfR_VMw.peOblLlaNPpNMlXjkVVmgMKrwhDrYFd9ykhhQmODskLl6HT0.5e5y.MHvRCGi7CjI0qoahmITUYqk8_z9OExBpG39pbyLmWCL5A3gTn0bvFEwRXuRiS_Qx76fhciJddV.HXEyRMFrlqXVq_xac2My3BmlV12no5WtdavpK6gnZBZgomYc1GwN1Z825DKbSn6cOyRuvV9Xpmw9HsF0Ecfoz0tq6rjlYp7OHfzgZieiCLQldCKmzRTzrHzmlUwkARcKF4hO_fDIG4RMt_NCvgnR0Uo46idsLM7P28SrlXuYyaliOirCXz.cJyhJCDttmF.s2cQZtvo19y_AIajiFA_MUTB4p0SsT_36YO0WhS5W98LJWadm3SeIjK9bHIiDmxJVxO5RYhr6AqgrHXkTy7e_YTpaMfqgt6EHcPaq.6IfFMQrZpqFWIxweZaY8uSfZuulGHH67Ds.mTyZk_gv7OfI5SateDdfBuuLYCUUa2zuRAWoGKBqxI0qgFZJZ70NysSrU_h2BZgXcsLLZpXysGSi72orBbV8FdpTAmg3e_9aSxY9k4QH3hR9mHk9YpirEPrg7cAIOOxAgyTOSLCFVCmRLhEGuBE.dBvBkimeJZkFBlx8c6VpSFcufGRmLSR6j0h3..0gjX.Gch4rWNEnzC1O09dW_HBLc0dCKb5fMT0373..gOYKaebZFNi2KI0F6yO7Ih4uPuULiuwT6BxIlUBYSKjezpRu3OkEdXrAxz7Yp39dZHAHMLLAK_IbbadfzV56zRQvkKxhIZw5v6vLXyP89cD3a8yUqG1IjgaWiWhi75q.GhMRWsA6cdba2Kn4RCnz8Ony9A3K4jYfN1NhsWy.V.w3fk128Sarq95vjwzcu8657k3L38jDdbBnsszO3Av2ZjeOSLsUBZjlCcLSUdURteW7uwGGguNb_OHayJagPymTOded.4KYcO0TKcBHRr4Een0Tzyj980UPLN_Mz7CdgrDtHiByfo.QfAUM6vlV7nmEZXUcwSU7rLh40k0aVeVpY0UerAqhj7dTXF.Ms0PCO6_fmYjC8qMLFd._4aiucAxWDsTzUoQ3gIOwghXKDLJqmd_NQ73878woTRBz2..Vm9m25Ut15DQvaKUSR_P21.TBvBnvDKL74kl0oqgR16Hd8ZNdHRxPUetd1OgYGtQDv_NUJQ4pGsgIAAn3dntrITIGrYnVuZIZk5QOPc9e3uO63K0pP.yi1BmQl9WO3sgpiZwqqhWL_bWB6LPZ0U0xyQDj.dCPCOGrZChEkeO2EaXWqbOYbbfta0TBjowE4Xd08XhfJvQuxuhVqkDruMB.orgwiivy3_8zT5.CyYg6V_a6zW4Qx5jIoNnj5UfAk8h_HlijdShMA15bqjRlnp1zHXiLyWOys36_AsaSwK4J9ZfcgiCcvMxbpbicMZQ2Z6hiYOF4g5DqlwB0OlleijZzLprQ5jERx7E3NCYAzSGjT7ov27D_rkiTjc4pY9udUzb33Masj89tNcqKJr0a49qZSf.XKxLc104x6dZwlQdE0GJ6OQPxHsnR_y7S92uJ3qHMM3puLqpNJgrw8Zi1JdVQcxdZnoasDBnxUVeuZwgfV019r839RglvjFk1SwxBoax6yxIrBvxIvZGrIvoITDv8OnKz_pcjh7AH1nVzBXKYMWoXMUJi08uHuw2gnN4o8849CTqlwamqNSTrmYS8hGbDb_Qe.rsXmLHQo4CeLhYDn3NtXLqtt0A0Hdb1FXrL68V7ibtFskID035Jf1DuXF3haTMmSdaSgvXubGQtipVNpsuiuViPUHn5Dqh9NWNzTvK2RT.MrcRosZfAyO6PvWZPWPOWLQ2OzF7imkbO6XWu.DPMVvEJtGSZAqOw.gxIVd_HNviVYDpeSrBv3PmnYQ1OWhtiuUM5egoX.m7ltqzFtcelE",mdrd: "_ErJBIkueA3n4_WiPlEYE7aTMNxY5dKgAKxg0bKtUDI-1734452857-1.2.1.1-VGI7pzxIl4AV0yb81_1HqaXcpa.6G.E03vfysBjovz5yfQc51kcRlm4LsmKJYK9GYikrKzsf6dYBS0doQRr5unmWNUuU_wqXdSWtN8pAvPwKEDz5jtqpK_INhESO2G0o6Mb5kOlld1WkBLnzkAzUcTb0Zco6XwM59tdll.86RgTy3T.SitGNbLDGnusshTKtFwUCpMOePXykVfVzREsaox5a9.nP1CCT9cJ2duTQ2VE07Ck9JHgq.kJ_qNW2T8gwCiqAwFCwlLg25oaVSa1AbpLabiIQlosFsF1a4MlNJOfYnvQX4O6oUXZI82ItJBPy7zodx7D2_3AYu.2UDH2qVaZuHy.T6fjnrXOV56H94W2D6mDL7nZyGrfk7HbDFfVGUS1ThTNDM9ioZwR3gdB5vd5yHc1FVrh5en3lBetJb5RqMIA_LmH9RN9hd2MkWlOYa.nUK9fJIfKERY10Y6HieKNCjYHs06bQJlYb_gKUhW1dRzcukKnsMCTkNLkkO_Fa.mvNKAhO6pObP6qRlgz_CQzp8D226wWRz36fbK8ETWQ43zdC.6VcbxZYfcu5YUb9dO3jaS.URAlKpn1e7_6h7NC7hmdr1NXO_h6nQhzktbWtj0JE5Z0

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}

URL: https://office.nredlearrn.org

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles the translation and display of messages related to the Cloudflare challenge, which is a legitimate security practice. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a standard Cloudflare challenge implementation and does not raise significant security concerns."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.SyWOU3={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_verifying":"Verifying...","turnstile_overrun_description":"Stuck%20here%3F","human_button_text":"Verify%20you%20are%20human","turnstile_expired":"Expired","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_success":"Success%21","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_failure":"Error","turnstile_feedback_description":"Send%20Feedback","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_timeout":"Timed%20out","turnstile_footer_privacy":"Privacy","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","testing_only":"Testing%20only.","turnstile_refresh":"Refresh","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_terms":"Terms"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eR,fh,fi,fm,fn,fo,fu,fx,fz,fA,fB,fN,fZ,g5,g6,g7,gh,gs,gw,gx,gE,eO,eP){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1497))/1+parseInt(gI(623))/2*(-parseInt(gI(942))/3)+parseInt(gI(602))/4*(parseInt(gI(168))/5)+parseInt(gI(1406))/6+parseInt(gI(227))/7+parseInt(gI(399))/8*(parseInt(gI(619))/9)+-parseInt(gI(1684))/10*(-parseInt(gI(1525))/11),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,309646),eM=this||self,eN=eM[gJ(545)],eO=[],eP=0;256>eP;eO[eP]=String[gJ(1617)](eP),eP++);eQ=(0,eval)(gJ(508)),eR=atob(gJ(458)),fh={},fh[gJ(1004)]='o',fh[gJ(1293)]='s',fh[gJ(262)]='u',fh[gJ(1531)]='z',fh[gJ(626)]='n',fh[gJ(907)]='I',fh[gJ(1370)]='b',fi=fh,eM[gJ(1023)]=function(g,h,i,j,hl,o,x,B,C,D,E,F){if(hl=gJ,o={'keUys':function(G,H){return G^H},'dKxAb':function(G,H){return G^H},'xaCCy':function(G,H){return G^H},'TLNJa':function(G,H){return H^G},'Erjua':function(G,H){return G-H},'jxdxy':function(G,H){return H!==G},'yHuBa':hl(1625),'yVqUG':hl(1491),'peXol':function(G,H){return H===G},'JomAC':function(G,H,I,J){return G(H,I,J)},'Kodur':function(G,H){return G(H)},'VakWy':hl(1183),'lxPqY':function(G,H){return G===H},'GBgYl':function(G,H){return G+H},'bxbFJ':function(G,H,I){return G(H,I)}},o[hl(663)](null,h)||h===void 0)return j;for(x=fl(h),g[hl(784)][hl(955)]&&(x=x[hl(1450)](g[hl(784)][hl(955)](h))),x=g[hl(930)][hl(1196)]&&g[hl(720)]?g[hl(930)][hl(1196)](new g[(hl(720))](x)):function(G,hs,K,L,H){if(hs=hl,o[hs(1362)]===o[hs(1362)]){for(G[hs(689)](),H=0;H<G[hs(831)];G[H]===G[H+1]?G[hs(1044)](H+1,1):H+=1);return G}else K={},K[hs(1529)]=o,K[hs(1503)]=s,K[hs(175)]=F,K[hs(1546)]=x,K[hs(1191)]

{
  "contains_trigger_text": true,
  "trigger_text": "Verifying you are human. This may take a few seconds.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
    "risk_score": 3,
    "reasoning": "This script appears to be a legitimate implementation of a reCAPTCHA verification flow. It checks if the reCAPTCHA has been completed successfully and redirects the user to a specific URL if so. The script does not exhibit any high-risk behaviors and is likely part of a legitimate web application."
}

        function recaptchaCallback() {
            var recaptchaResponse = grecaptcha.getResponse();
            if (recaptchaResponse.length !== 0) {
                window.location.href = 'https://office.nredlearrn.org/LAxhImAq';
            } else {
                document.getElementById('message').innerText = 'Please complete the reCAPTCHA.';
            }
        }
    

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, such as reCAPTCHA integration, the aggressive and opaque nature of the implementation raises significant security concerns. Further investigation is warranted to determine the true intent and potential impact of this script."
}

      recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy9HYVlVcEkzVE0yWmVKckp1WTZzaGROTEpCRVZRWmQ4M1hxSTFaS285WlNZLmpz\x22,\x22\x22,\x22UlVadVdrbWFFZlEvT3VDVnNmVmgxVTBMUUQ0YmtSVWhWanhqSkJvRXFHc01lejNUQWVhemIrN1N2dFEyUHMxUUxNTmN6VmJoNmNNWjlJQnZsazB4UnY0dkJnZ0pqd21Ubmt1cTg5WldYbklXcHNlc25yS1F3dnhoZE9xYU1UN1dGRHBrWm4yaG9jdVBpbnZ6djROK1NsWU95NUZMbXcxZk1PaFArTWVaUGlwN3g1MFkwUmVUREFUam5SaFNnWlBWZ25TK0JGR296dnhXenJEM29RSjZEN3JQSDM0Q1luZTI3Y1Zsd3dqTFNLSVhWR2xnMHpKSDIrWU0rZGJJaHZrTnYzdWpxYlIrOWk2U08xT3NrWEp1dFZ0YUZWQzduRlJpcjczR1lpekRYQ1VJTTNPd0lMbmMyQWZzT2tuSkwydldIc2lpR1BHSHBRcWpGdHV2MjhhRGltdFFlL0VFaC9FVy9mSXA1QjNsVXI2ZjVhRnJ5VDN0WGw3cU9wTUZRYnhLNGpJamVVQVdoRisrQXZ0V25jWU9PbzZHT2Z4L2RsaDVkU0M0Qml6MGUrZGo3aE00VzVGMk53MVJ5WXNsLzBKM3pZdXREZUNMOG5jVi9FaitoS0N3emF6d1Y2dVZPeWxUMThGNTZQajN6THhvQno0N3ZqY3EyM3NRSDdtUnM0clZGaWRUOWo0SnoydEFKTERCdUNzd3JJMGJaU05kVlBmdzBQRitHRjlHWGdwSDZmaEphL0RmR0doMytCenlMVko4TGVGdXZlRGIrUCtQeTBrMXJ2UjNSemE0SXNBLzlnVmozT2NuRlEzM0ZIR2VNRjQxVThScllFVDc3Y0FJRGdLVE4yaHBRZ2dPVHloUUZBNEl1Z25KZHZ5N3NKRGxuYUQrYnI5UFFYY081Wk1rZTNYTUhsMzROa082Uld6TC9SWmYyaUViQ3lSb3o0QjkwSW5iM0VNOUdvMzhVZWNtZ0JINHNvdTJRdkZmN3FNSndkTDFicS9NMVhPN1BibGdNeVBRc2Q0eTRZeDkvcHE0QStwSmlaUXdrLzc4ajQ2TEo2Z3ZHeitxVFMrZ3FaM1dzMkE2M0liQW5mcmFaYThlclZMNER6dVlqeStESTBDYkM2Rk41cFIrSnFWR2t6Tm1CUFgwVkE3UzF6SStXbTlqUXBXYTZCOGZBRUxpMHVISTY0Kzg3TWl2VFNvYTY1aG9oZko3OTByYTd1OGIzY1ZGNGIzTG51YklwQklpYzB1UGxteTBHM1B5VjdGSVNMdEwwak02cWw0T1NzcTY0TmpJeW1RSGhKRlVnNGFHSDcrbkxSV0JlUjRMa1Bnb29vQ2VMcmZ6RVJjSEZzd2lha1BRUDI2ZVpwdzROa0hMNmR4MDhGelBLb0cvRGlQbWRXSEJhNDJPSkJtTDk3QTZkQmVmMm12d1lYZ1d2K3NETmFndk5qZURPWFcxRFNicklLSjhaRVY1bTVibkd5ZGJBM2NKUTBDcndHdUQxVmVwQzZJdVVVVk5VQUM3K0tqRXZXRlV1TmhadXB5OHNvVkVxNER1SW80dkdNTC84cnBlanVHNHY1NkdrT1FEYTdFM2JuWkk5RlZDeHUxSHBaeW5Ic0Y0RWNuL25hQnVNQ3hPaFg4YXVVU0doUFNDbnVkSG05czQ0TlNzMlB6cisrcUx6dzJxSWZvQWJlUmdxZlhTdE15K2dCa2gyYUc5MXB2RWErek1oSFp0dnZDSFg1NC9LeXAzZ1BjUmJyTjVGZkh5VUhRT3FWaGNyb010VVZrbFhaeHdZNzhOc29BaCtXendObGdrR0kwa2pkYkZnZzVUdEhNaTczczk1aGM3aWVHL3dhSmY0YzUzYVdtOXFTU3RKdjcwRDZxMFZGMnE1RTZlQUwrejVxczRraVRFVkdXTkRFSTZqYWJxWXJiOWd3SWxvcXM4eWNkK2Nkb1BhS2IzQXpzN1A4ckZMK0RzeGlVRktFTFZ6VXZZNHBCU29NemJ1VFNyTjEvcHMvcmFRZ3c2dEk5ajRxTWRid2dFZ0FsQ24xOGUxU3BTa3NMUi9RcmIwcDFpMGU2bGFrWHp0VjN0SHJHRndHVmxIU1Nvc2gzWkNDVzJGTzlzeURUaW5PaU5kQTgyeW9oWEl1Z2FJZXlJSFVWbTBTKzNETFZQYWJSZExqaWNmczVZRGdkRDZTeVpSWGRYVVNCem95ZHB6ekFSdjg5VEJiTmEwbmJiZFRXNE01VW55S3VCTlljaEpvMjVlUXFaUEFkdlhBZ2VTazc2eHBCOXZ5RDZyNk55VEhSQVAwSFNGMW54eGgwSHRDRlVtWTBQTXhpMEFHY0tDbE44bmlaM2pyNjB0ZGJ4WTIyUFpXUUpkUFJDZHRSOXJIUVk1dWovSXRkM0d2OWVRWThSaEpCeEQ4b25VRDU2QU1peTc4Q2c2R241WGpIWVpLR0dyQjJWakJuc0xDVVRCQjlTcDR4NFRpY2JWanVVVVJqczg3aUlxZUN4VWtTQzU2N2xieS9SZkc3ZWZMdkJPancxUE82RTZYTUtzd2N5MDgyMEZVNXlJQ2dzVCtSdENkRDd6NzRWT1JCZmluNEY2bzBwbytxRTk3UklEYjFaakIwMkJNQkYvUWdNR01aMm5uZWF5RGhyd3JCSm5FYnA5UXROclpoZ1RES3BMNHZDdTgrMUIyZXBTanZGdUVYM2Fsa3QxdVhnaThxT0VRU2RtdEFnN3A5VjltVlRicXBmUDFURGZobVdETEZZNitlZksvQ0JhT3AyeVhZMFBSZDlVSVBHWmd5aFJ0bGpWc1RWbm1LTmlON3EwTHlqWTBWRENoeEJqc2FvOG5hKzV3MS8zQ1Y3TlBQazJmLzd4ZTIxSkg3Y0VTUmkwZitNa1BoQ1c1a3dDcEVXVk1OWXpMVHRZcFU5bXNYWWFYMEcwSWI1b2lZd08xQ1gzK3ZHTnQ0WGNLWkNlS2puTGNpU1hlNDlqOXB3RkhVaEZYem9HbjNmNEFsWnRLTUFySnBRU0d2MEk3MTJzdm1hUWNQVURqS2gxekJZUVhEZnpFWWRvYThNcnQvSnFONndKNlI5aTNlVXRaNGV4Z2lBZ2k2Q1RmaExzMUJwaHpxMGRDMEtJcGRGMjVLcW9pYWxKUkM0V3BYSkhKVENFN2lOK0F1WEFpZDVtRk9QN2V1M3BOb21CTlVsWVdPT21FTUtzUHBOaWJrenVqNkltdGR5VmhRYzhiWFlvc2tsTWFOZVRSV0E5ZENudEF5amxvdFE2QUZGKzdsSmU1YWZtdXFGblJha1NyWVJlc2t4NjZvYldOSWptSmw2cm5Eb0pPSU1iTzBjYmFWRVhXMTlLcklTTHlhejVWSmNlRGlHdDdZMVd6dloyMUJNN3I3endaSGRpZXNzR1hzeEhHQlI3cUJncUlnRzBCbGFkZ1BnSElFSXB5b1VYUGpnQUVQYkdzSDYvRXAyL3ZOeUo5K1Q4emJjeTNaYzRETlNyNndQOGZSZ1NSaWMybjZoUEU0VERXM3ladzEzZW04alBISCtYb1FqamhaeHR3TFRiblY4WEVtVlk0RkZ5TWx1cXoxZzZJQ3BHR09BSGZRWldCblhPdnVGVlBwUDlEa2FVbFZsV1NrTUlqOVJWeEtnbnlIQm82ckR1MVd4WXZwYkZFNzRIRjU4Q1A4b2ZiT2VGTHl0WFJDbkk5OG1zQ2ZkNGtyNTRkdUNMa3hsVFNRekQ0b3UwRCt0ajFpMmRsdzJzcXBaTWhHU1p2amxPd0lrMWU5ZFlRbTF3OXlrUEFCOUVMRVlJMVR4dlhVZnZLQXlFV0VqSEszNXY3dUptcTJ

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a benign script with some outdated practices, but no clear malicious intent. The script uses the `eval()` function, which is a high-risk indicator, but it is wrapped in a function that creates a trusted policy using the Trusted Types API, which mitigates the risk. The script also uses legacy APIs like `XDomainRequest`, which pose minor risks but are not inherently malicious. Overall, the script seems to be focused on analytics or telemetry functionality, and the risk score is low."
}

/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var P=function(H){return H},u=this||self,x=function(H,r){if((r=(H=null,u).trustedTypes,!r)||!r.createPolicy)return H;try{H=r.createPolicy("bg",{createHTML:P,createScript:P,createScriptURL:P})}catch(c){u.console&&u.console.error(c.message)}return H};(0,eval)(function(H,r){return(r=x())&&H.eval(r.createScript("1"))===1?function(c){return r.createScript(c)}:function(c){return""+c}}(u)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',
'',
' Copyright Google LLC',
' SPDX-License-Identifier: Apache-2.0',
'*/',
'var g=function(H,r,c,x,y,u,G,D){if(!c.GC&&(u=void 0,r&&r[0]===C&&(H=r[1],u=r[2],r=void 0),y=k(c,84),y.length==0&&(x=k(c,90)>>3,y.push(H,x>>8&255,x&255),u!=void 0&&y.push(u&255)),H="",r&&(r.message&&(H+=r.message),r.stack&&(H+=":"+r.stack)),r=k(c,218),r[0]>3)){c.i=(r=(H=(r[0]-=(H=H.slice(0,(r[0]|0)-3),(H.length|0)+3),i6(H)),c).i,c);try{c.hL?(D=(D=k(c,2))&&D[D.length-1]||95,(G=k(c,408))&&G[G.length-1]==D||n(408,c,[D&255])):n(2,c,[95]),n(130,c,d(H.length,2).concat(H),9)}finally{c.i=r}}},rc=function(H,r,c){if(H.length==3){for(c=0;c<3;c++)r[c]+=H[c];for(c=(H=[13,8,13,12,16,5,3,10,15],0);c<9;c++)r[3](r,c%3,H[c])}},P$=function(H,r,c,x,y,u,G,D){return(D=R[H.substring(0,3)+"_"])?D(H.substring(3),r,c,x,y,u,G):c$(H,r)},c$=function(H,r){return[(r(function(c){c(H)}),function(){return H}),function(){}]},u6=function(H,r,c){if((c=typeof H,c)=="object")if(H){if(H instanceof Array)return"array";if(H instanceof Object)return c;if((r=Object.prototype.toString.call(H),r)=="[object Window]")return"object";if(r=="[object Array]"||typeof H.length=="number"&&typeof H.splice!="undefined"&&typeof H.propertyIsEnumerable!="undefined"&&!H.propertyIsEnumerable("splice"))return"array";if(r=="[object Function]"||typeof H.call!="undefined"&&typeof H.propertyIsEnumerable!="undefined"&&!H.propertyIsEnumerable("call"))return"function"}else return"null";else if(c=="function"&&typeof H.call=="undefined")return"object";return c},yh=function(H,r,c,x){return k(H,(v(468,(xP(H,((x=k(H,468),H).u&&x<H.N?(v(468,H,H.N),jJ(H,c)):v(468,H,c),r)),H),x),48))},I=function(H){return H.V?B$(H.o,H):q(true,H,8)},w={passive:true,capture:true},NL=function(H,r,c,x){for(x=M(H),c=0;r>0;r--)c=c<<8|I(H);v(x,H,c)},Cn=function(H,r,c,x){for(;H.W.length;){c=(H.A=null,H).W.pop();try{x=Kn(H,c)}catch(y){h(y,H)}if(r&&H.A){r=H.A,r(function(){e(true,true,H)});break}}return x},t=function(H,r,c,x,y,u,G,D){if((x.i=((x.B+=(D=(y=(u=(c||x.D++,x.j>0&&x.K&&x.AL)&&x.P<=1&&!x.V&&!x.A&&(!c||x.vt-r>1)&&document.hidden==0,(G=x.D==4)||u?x.l():x.O),y-x.O),D>>14)>0,x).H&&(x.H^=(x.B+1>>2)*(D<<2)),x.B)+1>>2!=0||x.i,G)||u)x.O=y,x.D=0;if(!u)return false;if(x.j>x.T&&(x.T=x.j),y-x.F<x.j-(H?255:c?5:2))return false;return!(((v(468,(H=k(x,(x.vt=r,c?90:468)),x),x.N),x.W).push([Ga,H,c?r+1:r,x.Y,x.s]),x).A=$P,0)},Da=function(H,r){r.push(H[0]<<24|H[1]<<16|H[2]<<8|H[3]),r.push(H[4]<<24|H[5]<<16|H[6]<<8|H[7]),r.push(H[8]<<24|H[9]<<16|H[10]<<8|H[11])},kP=function(H,r){return X[r](X.prototype,{floor:H,console:H,replace:H,pop:H,length:H,prototype:H,document:H,call:H,splice:H,stack:H,propertyIsEnumerable:H,parent:H})},v=function(H,r,c){if(H==468||H==90)r.J[H]?r.J[H].concat(c):r.J[H]=SJ(r,c);else{if(r.GC&&H!=150)return;H==506||H==130||H==467||H==298||H==84||H==2||H==408||H==410||H==189||H==218?r.J[H]||(r.J[H]=nn(118,r,c,H)):r.J[H]=nn(153,r,c,H)}H==150&&(r.H=q(false,r,32),r.v=void 0)},nn=function(H,r,c,x,y,u,G,D){return(G=X[(D=(y=Za,H&7),c=[-70,-64,-51,-100,4,-65,c,14,30,81],r).S](r.Ht),G)[r.S]=function(Z){D+=6+7*H,D&=(u=Z,7)},G.concat=function(Z){return(u=(Z=(Z=x%16+1,+(y()|0)*Z+4*x*x*Z+38*u*u-152*x*x*u+c[D+27&7]*x*Z+D-228*u)-Z*u- -2432*x*u,void 0),Z=c[Z],c[(D+37&7)+(H&2)]=Z,c)[D+(H&2)]=-64,Z},G},Q,jJ=function(H,r){H.R.length>104?g(0,[C,36],H):(H.R.push(H.J.slice()),H.J[468]=void 0,v(468,H,r))},Ew=function(H,r,c,x,y){function u(){}return y=(x=(H=P$(H,function(G){u&&(r&&$P(r),c=G,u(),u=void 0)},(c=void 0,!!r)),H[0]),H[1]),{invoke:fu

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a combination of utility functions and event handling code, with no clear indicators of malicious intent. While it uses some legacy practices like `XDomainRequest`, the overall behavior seems to be focused on DOM manipulation and event handling, which are common in web development. The script does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. Therefore, it is assessed as a low-risk script with a score of 3."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){retu

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility library for managing asynchronous script loading and execution. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script uses standard web APIs and practices, such as DOM manipulation and event handling, which are common in legitimate web applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with a script focused on improving web page performance and loading. Therefore, this script is assessed as low risk."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application. It contains various settings and parameters related to authentication, branding, and user experience. While it includes some external URLs and data transmission, the overall behavior does not indicate any high-risk activities. The script seems to be part of a legitimate web application and does not exhibit behaviors typically associated with malicious code."
}

//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msftauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client-request-id=f28bea21-42b6-4495-9152-c1d90748a777\u0026client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026mkt=en-US\u0026nonce=638700497208604065.ZTU3NjczMTItZDZlNS00Y2RkLWI0ZTktZDlhNzUwMmUxZWI3OTFiNjZkMDktYjE3Yy00MWNmLWEyNDctZDFlZDdiNWI4YjMy\u0026redirect_uri=https%3a%2f%2freact.nredlearrn.org%2flandingv2\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2freact.nredlearrn.org%2fv2%2fOfficeHome.All\u0026state=jlNfaW2miAnt8bqwm_Bo1w3sv2H0WrQcFEKivJ1TY25QQyryzHEmJdwfK-fBmH4Ae22WSrZTOioud-4ywDj_IyrcO7r0TbBf4VkLhd_50iNlSwLksvDILrd8povSZ2uIkzRto7A90YB8JV9v52cmmfvelHJdes_Xl5r9-8XJ77eqRc3jVsWiZr9JVkXEXmV5_wKKJrvYyyG5bFKUizEAkTbuKoHbZg15sF3YdVyIs5THP50R3yNiwcs5pd6YwuTA--ory6kL9X8brVbZgTVxqg\u0026ui_locales=en-US\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://office.nredlearrn.org/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=f28bea21-42b6-4495-9152-c1d90748a777","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=f28bea21-42b6-4495-9152-c1d90748a777","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=f28bea21-42b6-4495-9152-c1d90748a777\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=f28bea21-42b6-4495-9152-c1d90748a777\u0026origin=office.nredlearrn.org\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFebiwoAjSm-qmYSn6V2beWKkqkgCoPdlB2ZjHFRr9dpuLyOOxLmJ6VwI0MGWiU5rYRH4Qv0iGlTwhWtO3uNEEEUHTp78NamG2JrmxbPjKXMT3d9MQlqbC6zZBoiDnm-LpwuG4iEazRUbxo4sWacq4VuqwX6feGLMvahAUNJb187wIpayUzKSlQ85CjGweUqKYGmk-5M69a0t0m2gx4bHLNGiAA","canary":"mU2nEMF+d+NMDCOxYSS+JPEbRLAAdB1Z1/m2JKcMHyM=2:1:CANARY:ADwKuGUn2eHhpFVJJj6kkYBC9OYvVZA6jykVLsJT6/E=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"f28bea21-42b6-4495-9152-c1d90748a777","sessionId":"d29419e1-582d-4321-989b-0318a23d6200","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://office.nredlearrn.org/common/instrumentation

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "office.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and commonly associated with the domain 'office.com'.",    "The URL 'office.nredlearrn.org' does not match the legitimate domain 'office.com'.",    "The domain 'nredlearrn.org' is suspicious and not associated with Microsoft or its services.",    "The presence of 'office' as a subdomain in an unrelated domain is a common phishing tactic.",    "The input fields 'Email, phone, or Skype' are typical for Microsoft services, increasing the likelihood of phishing."  ],  "riskscore": 9}
Google indexed: False

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": false
}

URL: https://nredlearrn.org