Windows Analysis Report
https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.uk

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://cv01zl.s3.amazonaws.com

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet demonstrates a combination of moderate-risk and low-risk behaviors. It attempts to disable screen capture functionality and prevent printing using the clipboard and keyboard event handling. While these actions may have legitimate use cases, the aggressive nature of the implementation and the use of setInterval to repeatedly access the clipboard data raise some concerns. Further review is recommended to determine the specific context and intent of this script."
}

    /** TO DISABLE SCREEN CAPTURE **/
    document.addEventListener('keyup', (e) => {
        let keyCode = e.keyCode ? e.keyCode : e.which;
        if (keyCode == 'PrintScreen') {
            navigator.clipboard.writeText("");
        }
        if (keyCode == 44) {
            navigator.clipboard.writeText("");
            return false
        }
        e.cancelBubble = true;
        e.preventDefault();
    });

    /** TO DISABLE PRINTS WHIT CTRL+P **/
    document.addEventListener('keydown', (e) => {
        if (e.ctrlKey && e.key == 'p') {
            e.cancelBubble = true;
            e.preventDefault();
            e.stopImmediatePropagation();
        }
    });

    function AccessClipboardData() {
        try {window.clipboardData.setData('text', "Access Restricted");} catch (err) {}
    }

    setInterval("AccessClipboardData()", 300);

{
    "risk_score": 6,
    "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While it does not contain any high-risk indicators like dynamic code execution or data exfiltration, the overall behavior is somewhat suspicious and requires further review."
}

const b=T;(function(c,f){const g=T,p=c();while(!![]){try{const h=parseInt(g('0xdd'))/0x1*(-parseInt(g(0x102))/0x2)+-parseInt(g(0xeb))/0x3*(-parseInt(g('0x107'))/0x4)+parseInt(g('0x10f'))/0x5+parseInt(g('0xe0'))/0x6+parseInt(g('0x100'))/0x7+-parseInt(g('0xcb'))/0x8*(parseInt(g(0xde))/0x9)+parseInt(g('0xe6'))/0xa*(-parseInt(g(0x106))/0xb);if(h===f)break;else p['push'](p['shift']());}catch(C){p['push'](p['shift']());}}}(v,0x831d0));let d=-new Date()[b(0xcd)+b('0xd6')+b(0xcc)+b(0x10d)+b(0xd9)+'et'](),n=Intl[b('0x108')+b('0xd7')+b(0xd0)+b('0xdb')+'at']()[b('0xf8')+b('0xd4')+b('0xff')+b('0x10e')+b('0xd8')]()[b(0xea)+b(0xf5)+'ne'],sp=navigator[b('0x109')+b(0xdc)+'rm'],su=navigator[b(0xe2)+b('0xed')+b(0xf3)],iu=(document[b(0xcd)+b('0x105')+b('0xe1')+b(0xfe)+b('0xfc')+b('0xe4')+'me'](b(0xec)+b(0xcf))[0x0][b(0xd3)+b('0xf2')+b(0xf9)+b(0xef)+'w']||document[b(0xcd)+b(0x105)+b(0xe1)+b(0xfe)+b(0xfc)+b(0xe4)+'me'](b('0xec')+b('0xcf'))[0x0][b(0xd3)+b('0xf2')+b(0x10c)+b(0xdf)+b(0xf3)])[b(0xf7)+b(0xda)+b(0x103)][b(0xe2)+b('0xed')+b(0xf3)],wd=navigator[b(0x111)+b(0xf1)+b('0x10b')];function set_cookie(c,f,p){const U=b;let h=new Date();h[U('0x10a')+U(0xd6)+'e'](h[U('0xcd')+U('0xd6')+'e']()+p*0x3c*0x3e8);let C='';if(p)C=U(0xd2)+U('0xfd')+U(0xf8)+'='+h[U(0xee)+U('0xe8')+U('0xce')+'ng']();document[U(0x101)+U('0xe3')]=c+'='+escape(f)+C+(U('0xd5')+U(0x110)+'/');}function T(n,c){const f=v();return T=function(p,h){p=p-0xcb;let C=f[p];return C;},T(n,c);}function v(){const Z=['neO','pti','4391115qrwilE','th=','web','56FTipha','ezo','get','tri','ame','meF','^;]','; e','con','olv',';pa','Tim','eTi','ons','ffs','iga','orm','tfo','11qBloAW','168813IXGtGg','cum','5163312cXRdKG','men','use','kie','gNa','=([','50KWheQD','ati','MTS','loc','tim','3NraqWf','ifr','rAg','toG','ndo',';|$','dri','ten','ent','has','eZo','mat','nav','res','tWi','*)(',';) ','yTa','xpi','tsB','edO','5136768PzZaCF','coo','38214zAOmvO','tor','(^|','Ele','3618791FpFKUl','203288UgTKYC','Dat','pla','set','ver','tDo'];v=function(){return Z;};return v();}function get_cookie(c){const j=b;let f=document[j('0x101')+j('0xe3')][j(0xf6)+'ch'](j(0x104)+j('0xfb')+'?'+c+(j('0xe5')+j(0xd1)+j(0xfa)+j('0xf0')+')'));if(f)return unescape(f[0x2]);else return null;}!get_cookie('d')&&!get_cookie('n')&&(set_cookie('d',d,0x2),set_cookie('n',n,0x2),set_cookie('sp',sp,0x2),set_cookie('su',su,0x2),set_cookie('iu',iu,0x2),set_cookie('wd',wd,0x2));if(document[b(0xe9)+b('0xe7')+'on'][b('0xf4')+'h'])set_cookie('hp',document[b('0xe9')+b('0xe7')+'on'][b(0xf4)+'h'],0x2);

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet appears to be a bot detection mechanism that checks for the presence of various indicators associated with web automation tools and frameworks. While this behavior is not inherently malicious, it could be considered moderately risky due to the potential for false positives, privacy concerns, and the possibility of being used to block legitimate users. The script checks for the presence of various keywords and properties in the window and document objects, which could be considered a form of 'aggressive DOM manipulation' (2 points). Additionally, the script appears to be checking for the presence of known web automation tools and frameworks, which could be considered a form of 'tracking behavior' (1 point). However, the script does not exhibit any clear signs of malicious intent, such as data exfiltration or dynamic code execution. Therefore, the overall risk score is assessed as 6 (medium risk)."
}

        function runBotDetection() {
            let documentDetectionKeys = [
                "webdriver",
                "_WEBDRIVER_ELEM_CACHE",
                "ChromeDriverw",
                "Geckowebdriver",
                "driver-evaluate",
                "webdriver-evaluate",
                "selenium-evaluate",
                "selenium-webdriver",
                "webdriverCommand",
                "webdriver-evaluate-response",
                "__webdriverFunc",
                "__$webdriverAsyncExecutor",
                "$wdc_asdjflasutopfhvcZLmcfl_",
                "__lastWatirAlert",
                "__lastWatirConfirm",
                "__lastWatirPrompt",
                "$chrome_asyncScriptInfo",
                "$cdc_asdjflasutopfhvcZLmcfl_",
                "__webdriver_evaluate",
                "__selenium_evaluate",
                "__webdriver_script_function",
                "__webdriver_script_func",
                "__webdriver_script_fn",
                "__fxdriver_evaluate",
                "__driver_unwrapped",
                "__webdriver_unwrapped",
                "__driver_evaluate",
                "__selenium_unwrapped",
                "__fxdriver_unwrapped"
            ];

            let windowDetectionKeys = [
                "gecko",
                "$wdc_asdjflasutopfhvcZLmcfl_",
                "$cdc_asdjflasutopfhvcZLmcfl_",
                "domAutomation",
                "domAutomationController",
                "__stopAllTimers",
                "spawn",
                "__driver_evaluate",
                "__fxdriver_evaluate",
                "__driver_unwrapped",
                "__fxdriver_unwrapped",
                "emit",
                "__phantomas",
                "callPhantom",
                "geb",
                "__$webdriverAsyncExecutor",
                "fmget_targets",
                "spynner_additional_js_loaded",
                "watinExpressionResult",
                "watinExpressionError",
                "domAutomationController",
                "calledPhantom",
                "__webdriver_unwrapped",
                "__webdriver_script_function",
                "__webdriver_script_func",
                "__webdriver_script_fn",
                "__webdriver_evaluate",
                "__webdriver__chr",
                "__webdriverFuncgeb",
                "__selenium_unwrapped",
                "__selenium_evaluate",
                "__lastWatirPrompt",
                "cdc_adoQpoasnfa76pfcZLmcfl_Array",
                "cdc_adoQpoasnfa76pfcZLmcfl_Promise",
                "cdc_adoQpoasnfa76pfcZLmcfl_Symbol",
                "OSMJIF",
                "__lastWatirConfirm",
                "__lastWatirAlert",
                "calledSelenium",
                "webdriver",
                "marionette",
                "puppeteer",
                "Buffer",
                "_phantom",
                "__nightmare",
                "_selenium",
                "callPhantom",
                "Cypress",
                "callSelenium",
                "_Selenium_IDE_Recorder"
            ];

            let documentSearchKeys = [
                "driver",
                "webdriver",
                "marionette",
                "selenium",
                "phantom",
            ];

            for (const windowDetectionKey in windowDetectionKeys) {
                const windowDetectionKeyValue = windowDetectionKeys[windowDetectionKey];
                if (window[windowDetectionKeyValue]) {
                    return true;
                }
            }

            for (const documentDetectionKey in documentDetectionKeys) {
                const documentDetectionKeyValue = documentDetectionKeys[documentDetectionKey];
                if (window["document"][documentDetectionKeyValue]) {
                    return true;
                }
            }

            for (const documentKey in window["document"]) {
                if (documentKey.match(/\$[a-

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}