Windows Analysis Report
https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://dreamsmaybachawuradekasa.org

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles the Cloudflare challenge process, which is a legitimate security practice. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and part of a standard Cloudflare security implementation."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"human_button_text":"Verify%20you%20are%20human","turnstile_timeout":"Timed%20out","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_report":"Having%20trouble%3F","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_refresh":"Refresh","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_failure":"Error","testing_only":"Testing%20only.","turnstile_overrun_description":"Stuck%20here%3F","turnstile_verifying":"Verifying...","turnstile_success":"Success%21","turnstile_feedback_description":"Send%20Feedback","turnstile_footer_terms":"Terms","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","turnstile_expired":"Expired"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eT,eV,eW,eX,f9,fl,fr,fs,ft,fD,fO,fS,fT,g0,g6,g7,gx,gy,gC,gD,gE,g4,g5){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(263))/1+parseInt(gI(1366))/2+-parseInt(gI(1044))/3*(-parseInt(gI(1203))/4)+-parseInt(gI(583))/5+parseInt(gI(748))/6+parseInt(gI(490))/7+parseInt(gI(1644))/8*(-parseInt(gI(1544))/9),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,264504),eM=this||self,eN=eM[gJ(675)],eM[gJ(1081)]=function(gK,d,e,f,g){gK=gJ,d={},d[gK(1589)]=gK(267),d[gK(1432)]=function(h,i){return i*h},d[gK(1578)]=function(h,i){return h<<i},e=d,f=1,g=e[gK(1432)](1e3,eM[gK(1144)][gK(661)](e[gK(1578)](2,f),32)),eM[gK(1413)](function(gL){gL=gK,eM[gL(1301)]&&(eM[gL(1006)][gL(1586)](),eM[gL(1006)][gL(733)](),eM[gL(319)]=!![],eM[gL(1301)][gL(282)]({'source':gL(1097),'widgetId':eM[gL(882)][gL(1257)],'event':e[gL(1589)],'cfChlOut':eM[gL(882)][gL(627)],'cfChlOutS':eM[gL(882)][gL(1270)],'code':gL(1054),'rcV':eM[gL(882)][gL(423)]},'*'))},g)},eM[gJ(1038)]=function(g,h,i,gM,j,k,l,m,n,o,s,x,B,C,D,E,F,H,I){k=(gM=gJ,j={},j[gM(742)]=function(G,H){return H^G},j[gM(1237)]=function(G,H){return H^G},j[gM(1368)]=function(G,H){return G===H},j[gM(1605)]=gM(920),j[gM(602)]=function(G,H){return G||H},j[gM(613)]=gM(1110),j[gM(526)]=function(G,H){return G+H},j[gM(479)]=gM(1381),j[gM(400)]=gM(387),j[gM(905)]=gM(807),j);try{if(k[gM(1605)]!==gM(338)){if(l=eO(g[gM(369)],g[gM(264)]),g[gM(369)]instanceof Error?g[gM(369)]=JSON[gM(1294)](g[gM(369)],Object[gM(298)](g[gM(369)])):g[gM(369)]=JSON[gM(1294)](g[gM(369)]),m=k[gM(602)](i,k[gM(613)]),n=eM[gM(882)][gM(300)]?'h/'+eM[gM(882)][gM(300)]+'/':'',o=k[gM(526)](k[gM(526)](k[g

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate security mechanism used to protect websites from abuse. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles communication between the challenge widget and the parent window, which is a common pattern for Cloudflare's managed challenge system. While the script uses some legacy APIs and performs aggressive DOM manipulation, these behaviors are likely necessary for the challenge functionality and do not indicate malicious intent. Overall, the script appears to be a benign implementation of Cloudflare's security measures."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: '08j62',
                chlApiSitekey: '0x4AAAAAAA4gFJ3zGbgjvbZh',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'spJgJIZXj7hzkQta99HC17wlTV4Yrjr_4OANokK2KWQ-1736194776-1.3.1.1-VIlZeRmZxxVEXRzwqLB10RDgZXK0mQ262gJf_PHuilM',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8fde676ac9728c6f',
                cH: 'tng49O9.XivBYSYymqyixGmsIsrFOoUzLRCiNS9NvfU-1736194776-1.1.1.1-wDI5uDgD3JKgeAznK_oPCzIpZqwOhprUHtWuTHcLvxsoCBkAEADLiwedbXD4xgke',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: 'whXLMgn5xd_GJ30u6y8l6PciFn.dwoupvBp3edHnQUg-1736194776-1.1.1.1-6mdxePCcjf_eUeUOV.1KcxBt1AcUW5SXt6PmPOkECWoj11wGEModI8Ox3KZmJ6u__jhyRcbTUK6bm1ml7YsFvskrIovouNvov18j104aSZWwFHjlyJ4i7KtI.5hshL.533YpQTjPG1u860uduFLwwlnU2y6J9dc4X7ZaYSs5upDha4PZYRmTgSGTE49HHIfS_93g.Vjb_HUGhu81gLWfut9_xqdtx1fjJAAMNNi76WvaUdBH4Lko2BLw7PhBA3bqt7TjOxjyli0eetQw3XfQetRiHQDszJTYl_6FUOETtb6aokBvQkPwYAgeC9y16wKZHGNLNffRMgLfFUSzm5WoR08uSY3S8ErANbmwVCsL1LMk1Ft6.BgPloBJ1016h4qbWIxaEENVLUZUyyUvGAHWbwO2fS0aU3MNBHWNXu1Otomo9yPHP9WeirdoDc27_6czDoowDrKLRM9iQJT5ifs3qBPf117X3RU3l6MX43UpHu_8UhHlUnfjk3tDVRey_k8Oy7KM5BZbqPoDuTHkNmPs7r1LYN9StRge6udMnzlbepgJ933zJj53AJoesoxSSl0v.ihC4GL.ZZdEftOi6uU98BAGuGV6ElWESVZil88uKIim4nT7i_2nh7FbS6mPs8THgqsci6a1TDreqG07.YyY2l.ZIDWZ6kSR1W5MbcarUlJeOFkdfIgt7nBFDbLgJagWWtWJNaXBaU1GON4.iDLrVAt6GLILSqtdbR_OwQlCG1q2S1DYioACGB9WDL4xfRUe6DoBNoNPLRODeAueFGRsyO3u.reOkGtl7kFRBUjtl2XI93M6js3jb0pNldUuViU.TLa9DsQlQi1Y5qg5rL2._JKZJGXtq.3jyxJRNyFw.Dg4zWo5xCOvibGfs.BRpGkqz_Dmu3NVGZtPF.74lOStd3Cp4wJ2RbK6L_eOKuO91N0TPsKsp6gA8n3D3JBH6wnibMEOdgYymb7U22WOwIrPgp099ufCIXxOIo07_k6rBZkg4DXL0ENLeREao6D_CSUE5y9jf5NBtt6Spml5Yq4DFODi0U.4UUMOM1M5anqlO3WJ7ZFZrtx0OjUbIVyx6oVUK6ZQGkv84buxOgFNA1bEmGKOw7imz6giKSPK6fFrpcWHRJkgEVK.1x.fWvzJSpd5itAddHuu3d4b.HBNZTJGZmv_soZlh2InpSkSYMxJ2djDMMkKf.lm9HsnO15HImcTgc_E70eX5M61CUIyM27dB7gavpvccrxVym55T3W1Iiav.cAL_NQ0fIlo4VmTOOe6LVq9iMXty0bAr6V49I1skFRwFqHAo_OW4N6AoLpnrM.029_WVKZ_xYdH2hb3MvGmORwRAuU66KQVSrSLGqNYJI7vf1zV3yk5EZv1l3ulQuCWpCs0tsH6tLY5ck4J4X1W',
                cITimeS: '1736194776',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: '08j62',
                            nextRcV: 'spJgJIZXj7hzkQta99HC17wlTV4Yrjr_4OANokK2KWQ-1736194776-1.3.1.1-VIlZeRmZxxVEXRzwqLB10RDgZXK0mQ262gJf_PHuilM',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
  "contains_trigger_text": true,
  "trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "brands": "unknown"
}

```json
{
    "risk_score": 1,
    "reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. It appears to be a utility script with functions for handling promises, object manipulation, and error handling. There are no interactions with external domains or aggressive DOM manipulations. The code is not obfuscated, and there are no legacy practices or tracking behaviors present."
}

"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 4,
    "reasoning": "The script appears to be setting up various configuration variables and data related to analytics and tracking, which is a moderate-risk behavior. However, there are no clear indicators of high-risk activities like dynamic code execution or data exfiltration. The script interacts with known domains like Yahoo, which reduces the overall risk. Further review may be needed to ensure the script's behavior is consistent with its apparent purpose."
}

            var pageStartTime = new Date().getTime();
            (function(root) {
                var isGoodJS = ('create' in Object && 'isArray' in Array && 'pushState' in window.history);
                root.isGoodJS = isGoodJS;
            }(this));
            
(function (root) {
/* -- Data -- */
root.YUI_config = {"comboBase":"https:\u002F\u002Fbuekwankesemamaawuradenyame.shop/s.yimg.com/~\u002Fzz\u002Fcombo?","combine":true,"root":"yui-s:3.18.0\u002F"};
root.I13N_config = {"keys":{"pt":"utility","ver":"nodejs"}};
root.I13N_config || (root.I13N_config = {});
root.I13N_config.spaceid = 794200018;
root.I13N_config.location = "https:\u002F\u002Flogin.yahoo.com\u002F";
root.I13N_config.referrer = "https:\u002F\u002Fdreamsmaybachawuradekasa.org\u002F";
root.I13N_config.keys || (root.I13N_config.keys = {});
root.I13N_config.keys.pg_name = "loginLanding";
root.I13N_config.keys.gm_np = "yahoo";
root.I13N_config.keys.p_sec = "DEFAULT_SECTION";
root.I13N_config.keys.p_subsec = "DEFAULT_SUBSECTION";
root.I13N_config.keys.test = "mbr-whatsapp-ac,mbr-enbl-commchnl-rev-trap-sess-ext,mbr-passkey-unr-reg,mbr-epay-wallet-ybar-enable,mbr-whatsapp-nac,mbr-aol-logo-update,mbr-passkey-mgmt,mbr-request-imapin-scopes-ym";
root.I13N_config.keys.cause = "direct-nav";
root.I13N_config.keys.src_id = 794200018;
root.COMET_URL = "https:\u002F\u002Fserver.comet.yahoo.com\u002Fcomet";
root.gamIframeUrl = "https:\u002F\u002Fgpt.mail.yahoo.net\u002Fsandbox?client=login&version=0.1&limited=0&headerBidder=1&haq=1&benji=1#config=%7B%22positions%22%3A%5B%7B%22adUnitPath%22%3A%22%2F22888152279%2Fus%2Fylogin%2Fmain%2Fdt%2Fus_ylogin_main_dt_full_screen%22%2C%22adLocation%22%3A%22full_screen%22%2C%22size%22%3A%5B%5B1440%2C1024%5D%2C%5B%22fluid%22%5D%5D%2C%22div%22%3A%22gpt-passback%22%7D%5D%2C%22pageUrl%22%3A%22https%3A%2F%2Flogin.yahoo.com%22%2C%22headerBidder%22%3Atrue%2C%22yahooPrebid%22%3Atrue%2C%22geoCountryCode%22%3A%22US%22%2C%22npa%22%3Afalse%2C%22limited%22%3Afalse%2C%22targetingConfig%22%3A%7B%22lang%22%3A%22en-US%22%2C%22bucket%22%3A%22mbr-whatsapp-ac%2Cmbr-passkey-unr-reg%2Cmbr-whatsapp-nac%2Cmbr-request-imapin-scopes-ym%22%2C%22spaceId%22%3A%22794200018%22%2C%22adLocation%22%3A%22full_screen%22%2C%22age%22%3A%220%22%2C%22gender%22%3A%220%22%2C%22colo%22%3A%22ne1%22%2C%22lu%22%3A%220%22%2C%22site%22%3A%22login%22%2C%22device%22%3A%22desktop%22%2C%22region%22%3A%22us%22%2C%22pageOrigin%22%3A%22https%3A%2F%2Flogin.yahoo.com%22%2C%22AXIds%22%3A%22__AXId__%22%2C%22tblaId%22%3A%22__tblaId__%22%7D%2C%22headerBidderConfig%22%3A%7B%22host%22%3A%22login.yahoo.com%22%2C%22pblob%22%3A%22lu%3A0%7C%7C794200018%7C%7C%22%2C%22buckets%22%3A%5B%22mbr-whatsapp-ac%22%2C%22mbr-passkey-unr-reg%22%2C%22mbr-whatsapp-nac%22%2C%22mbr-request-imapin-scopes-ym%22%5D%2C%22limited%22%3Afalse%2C%22cobrand%22%3A%22%22%2C%22lang%22%3A%22en-US%22%2C%22site%22%3A%22yahoo_login%22%2C%22region%22%3A%22us%22%2C%22adLocation%22%3A%22full_screen%22%7D%7D";
root.challenge || (root.challenge = {});
root.challenge.servingStamp = 1736194788513;
root.challenge.isAndroidWebview = false;
root.I13N_config.keys.pct = "signin";
root.I13N_config.keys.milestone = "signin";
root.currentURL = "\u002F?username=dylan.duffy8%40yahoo.com";
root.COUNTRY_CODES_MAP = {"AF":"+93","AL":"+355","DZ":"+213","AS":"+1","AD":"+376","AO":"+244","AI":"+1","AG":"+1","AR":"+54","AM":"+374","AW":"+297","AC":"+247","AU":"+61","AX":"+672","AT":"+43","AZ":"+994","BS":"+1","BH":"+973","BD":"+880","BB":"+1","BY":"+375","BE":"+32","BZ":"+501","BJ":"+229","BM":"+1","BT":"+975","BO":"+591","BA":"+387","BW":"+267","BR":"+55","VG":"+1","BN":"+673","BG":"+359","BF":"+226","BI":"+257","KH":"+855","CM":"+237","CA":"+1","CV":"+238","KY":"+1","CF":"+236","TD":"+235","CL":"+56","CN":"+86","CO":"+57","KM":"+269","CG":"+242","CK":"+682","CR":"+506","CI":"+225","HR":"+385","CU":"+53","CY":"+357","CZ":"+420","CD":"+243","DK":"+45","DG":"+246","DJ":"+253","DM":"+1","DO":"+1","TL":"+670","EC":"+593","EG":"+20","SV":"+503","GQ":"+240","ER":"+29

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be a consent management platform (CMP) implementation, which is a common practice for managing user consent for data processing. While the code contains some behaviors that could be considered moderate-risk, such as external data transmission and fallback domains, the overall context suggests this is likely a legitimate implementation. Further review may be needed to ensure the CMP is properly configured and transparent, but the risk level is not high."
}

/*! CMP 7.0.0 Copyright 2018 Oath Holdings, Inc. */
!function(){var e={1040:function(e){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}e.exports=function(){for(var e,n,i=[],r=window,o=r;o;){try{if(o.frames.__tcfapiLocator){e=o;break}}catch(e){}if(o===r.top)break;o=o.parent}e||(function e(){var t=r.document,n=!!r.frames.__tcfapiLocator;if(!n)if(t.body){var i=t.createElement("iframe");i.style.cssText="display:none",i.name="__tcfapiLocator",t.body.appendChild(i)}else setTimeout(e,5);return!n}(),r.__tcfapi=function(){for(var e=arguments.length,t=new Array(e),r=0;r<e;r++)t[r]=arguments[r];if(!t.length)return i;"setGdprApplies"===t[0]?t.length>3&&2===parseInt(t[1],10)&&"boolean"==typeof t[3]&&(n=t[3],"function"==typeof t[2]&&t[2]("set",!0)):"ping"===t[0]?"function"==typeof t[2]&&t[2]({gdprApplies:n,cmpLoaded:!1,cmpStatus:"stub"}):i.push(t)},r.addEventListener("message",(function(e){var n="string"==typeof e.data,i={};if(n)try{i=JSON.parse(e.data)}catch(e){}else i=e.data;var r="object"===t(i)&&null!==i?i.__tcfapiCall:null;r&&window.__tcfapi(r.command,r.version,(function(t,i){var o={__tcfapiReturn:{returnValue:t,success:i,callId:r.callId}};e&&e.source&&e.source.postMessage&&e.source.postMessage(n?JSON.stringify(o):o,"*")}),r.parameter)}),!1))}},6033:function(e,t,n){"use strict";n(9476);!window.document.documentMode&&(n(1007),n(5385))},5385:function(){"use strict";window.__gpp_addFrame=function(e){if(!window.frames[e])if(document.body){var t=document.createElement("iframe");t.style.cssText="display:none",t.name=e,document.body.appendChild(t)}else window.setTimeout(window.__gpp_addFrame,10,e)},window.__gpp_stub=function(){var e=arguments;if(__gpp.queue=__gpp.queue||[],__gpp.events=__gpp.events||[],!e.length||1==e.length&&"queue"==e[0])return __gpp.queue;if(1==e.length&&"events"==e[0])return __gpp.events;var t=e[0],n=e.length>1?e[1]:null,i=e.length>2?e[2]:null;if("ping"===t)n({gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}},!0);else if("addEventListener"===t){"lastId"in __gpp||(__gpp.lastId=0),__gpp.lastId++;var r=__gpp.lastId;__gpp.events.push({id:r,callback:n,parameter:i}),n({eventName:"listenerRegistered",listenerId:r,data:!0,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else if("removeEventListener"===t){for(var o=!1,s=0;s<__gpp.events.length;s++)if(__gpp.events[s].id==i){__gpp.events.splice(s,1),o=!0;break}n({eventName:"listenerRemoved",listenerId:i,data:o,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else"hasSection"===t?n(!1,!0):"getSection"===t||"getField"===t?n(null,!0):__gpp.queue.push([].slice.apply(e))},window.__gpp_msghandler=function(e){var t="string"==typeof e.data;try{var n=t?JSON.parse(e.data):e.data}catch(e){n=null}if("object"==typeof n&&null!==n&&"__gppCall"in n){var i=n.__gppCall;window.__gpp(i.command,(function(n,r){var o={__gppReturn:{returnValue:n,success:r,callId:i.callId}};e.source.postMessage(t?JSON.stringify(o):o,"*")}),"parameter"in i?i.parameter:null,"version"in i?i.version:"1.1")}},"__gpp"in window&&"function"==typeof window.__gpp||(window.__gpp=window.__gpp_stub,window.addEventListener("message",window.__gpp_msghandler,!1),window.__gp

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that warrant further review. While it includes some legitimate functionality, such as cookie and localStorage management, it also demonstrates several moderate-risk indicators that require closer examination. The script interacts with external domains, including some of unknown reputation, and performs aggressive DOM manipulation. Additionally, it attempts to leverage the 'join-ad-interest-group' feature, which may raise privacy concerns. Overall, the script's behavior is not clearly malicious, but the combination of its practices suggests a medium risk level that warrants additional scrutiny."
}

(()=>{"use strict";var n=function(n){if(n)return n;try{return document.location.hostname.match(/[\w]+\.([\w]+|co.uk)$/)[0]}catch(n){return""}};const t=function(n,t){for(var e="".concat(n,"="),o=(t||window.document).cookie.split(";"),a=0;a<o.length;a++){var i=(o[a]||"").trim();if(0===i.indexOf(e))return i.substring(e.length,i.length)}return""},e=function(t,e,o,a){(a||window.document).cookie="".concat(t,"=").concat(e,";Max-Age=").concat(31536e3,";Domain=").concat(n(o),";path=/;Secure;SameSite=None")},o=function(t,e,o){(o||window.document).cookie="".concat(t,"=;Max-Age=0;Domain=").concat(n(e),";path=/;Secure;SameSite=None")},a=function(n,t,e){try{var o=(e||window.localStorage).getItem(n);return t?JSON.parse(o):o}catch(n){return null}},i=function(n,t,e,o){try{e?(o||window.localStorage).setItem(n,JSON.stringify(t)):(o||window.localStorage).setItem(n,t)}catch(n){}},c=function(n,t){try{(t||window.localStorage).removeItem(n)}catch(n){}};var r="opus",d=function(n){for(var t=0,e=0;e<n.length;e++){t=(t<<5)-t+n.charCodeAt(e),t&=t}return new Uint32Array([t])[0].toString(36)};const s=function(){var n=t("A1S");return!!n&&d(n)!==(a(r,!0)||{}).a},u=function(){var n=t("A1S"),e=a(r,!0)||{};e.a=d(n),i(r,e,!0)},p=function(n){var t=document.createElement("iframe");return t.width=t.height=t.frameBorder=0,t.style.cssText="display:none",n&&(t.src=n),document.body.appendChild(t),t};const l=function(n){!function(n){"function"!=typeof window.__gpp?n({msg:"API not found"},!1):window.__gpp("addEventListener",(function(t,e){var o,a;e&&"error"!==(null==t||null===(o=t.pingData)||void 0===o?void 0:o.cmpStatus)?"ready"===(null==t||null===(a=t.pingData)||void 0===a?void 0:a.signalStatus)&&n(t,!0):n({},!1)}))}((function(t,e){!function(n){"function"!=typeof window.__tcfapi?n({msg:"API not found"},!1):window.__tcfapi("addEventListener",2,(function(t,e){e&&"error"!==(null==t?void 0:t.cmpStatus)?"tcloaded"!==(null==t?void 0:t.eventStatus)&&"useractioncomplete"!==(null==t?void 0:t.eventStatus)||n(t,!0):n({},!1)}))}((function(o,a){!function(n){"function"!=typeof window.__uspapi?n({msg:"API not found"},!1):window.__uspapi("getUSPData",null,(function(t,e){e?n(t,!0):n({},!1)}))}((function(i,c){var r,d;n({gpp:{success:e,raw:{gppString:null==t||null===(r=t.pingData)||void 0===r?void 0:r.gppString,applicableSections:(null==t||null===(d=t.pingData)||void 0===d||null===(d=d.applicableSections)||void 0===d?void 0:d.join(","))||"-1"},expanded:null==t?void 0:t.pingData},tcf:{success:a,raw:{tcString:null==o?void 0:o.tcString,gdprApplies:null==o?void 0:o.gdprApplies},expanded:o},usp:{success:c,raw:{uspString:null==i?void 0:i.uspString},expanded:i}},a&&e&&c)}))}))}))},f=function(){return"joinAdInterestGroup"in navigator&&document.featurePolicy.allowsFeature("join-ad-interest-group")},g=function(){return window.location.origin},w=function(n){for(var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:window.location.href,e=0;e<n.length;e++){if(n[e].test(t))return!0}return!1};var v="opus",m=[/^https:\/\/[^/?#]*yahoo.com/],h=function(n){try{if(f()&&function(n){var t=n&&n.tcf;return!(!t||!t.success||"error"===t.expanded.cmpStatus)&&("tcloaded"===t.expanded.eventStatus||"useractioncomplete"===t.expanded.eventStatus?!t.expanded.gdprApplies:void 0)}(n)&&w(m)&&(e=(a(v,!0)||{}).ig||0,Date.now()-864e5>e)){p("https://gps-aa.ybp.yahoo.com/bid/yoo/adslot/13885/?pa=1");var t=a(v,!0)||{};t.ig=Date.now(),i(v,t,!0)}}catch(n){}var e};const y={fireImagePixel:function(n,t){var e=t.createElement("img");e.width=0,e.height=0,e.src=n,t.body.appendChild(e)},fireImagePixels:function(n,t){for(var e=0;e<n.length;e++){var o=n[e];this.fireImagePixel(o.url,t)}},fireJsonPixel:function(n,t){try{fetch(n,{headers:{Accept:"application/json"},method:"GET",credentials:"include"}).then((function(n){n&&n.body&&n.body.getReader().read().then((function(n){if(n&&n.value){var e=String.fromCharCode.apply(null,n.value);t(JSON.parse(e))}}))})).catch((function(){t()}))}catch(n){t()}}};var S="opus",x=[{url:"https://sp.analytics.y

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be a utility function that handles cookie management and retrieval. While it does not exhibit any clear malicious behaviors, there are some moderate-risk indicators that warrant further review:

1. The script uses external data transmission to send user data to various third-party domains, such as 'analytics.example.com' and 'tracker-unknown.com'. This behavior requires additional context to determine if it is legitimate or suspicious.
2. The script uses obfuscated query strings, which can be a sign of attempts to hide potentially malicious activity.
3. The script interacts with multiple fallback domains, some of which may be of unknown or dubious reputation.

Overall, the script seems to be focused on cookie management and analytics/tracking functionality, but the lack of transparency around the data being transmitted and the use of obfuscation techniques result in a medium-risk score. Further investigation into the specific use cases and the reputation of the domains involved would be necessary to provide a more definitive assessment."
}

!function(){function le(l){var c={A1S:{log:!0,key:"_a1s"},B:{log:!1},BX:{log:!0,key:"bx"},WV:{log:!0,key:"_wv"},TT:{log:!1},D:{log:!1},_ga:{log:!0,key:"_ga"},yx:{log:!0,key:"_yx"},rxx:{log:!0,key:"_rx"},UNAUTHID:{log:!0,key:"aol_unauth"},_utd:{log:!0,key:"aol_utd",filter:function(e){e=e.match(/((?:\||^))gd#[^\|]+/g)[0].split("#")[1];return 24!==e.length&&console.warn("_utd value may be malformed"),e}},RSP_COOKIE:{log:!0,key:"aol_rsp",filter:function(e){e=e.match(/(?:(\&|^))sn=[^\&]+/g)[0].split("=")[1];return 24!==e.length&&console.warn("RSP_COOKIE value may be malformed"),e}},GUC:{log:!0,key:"_guc"},OTH:{log:!0,key:"_li",filter:function(){return"1"}}},u={};this.getCookieByName=function(e){return u[e]},this.setRxx=function(e){var o=-2,t=(document.domain||"").split("."),r=t.length;function a(e){return"."+t.slice(e).join(".")}function s(){var e,t=a(o),n="rxx",i=u[n];i||(e=(new Date).getTime()-14383872e5,i=parseInt(Math.random().toString().substring(2)).toString(36)+"."+e.toString(36)+"&v=1"),function(e,t,n,i){var o=new Date;o.setTime(o.getTime()+1e3*n),n="",n=e+"="+t+("; expires="+o.toGMTString())+(n=i?";domain="+i:n)+"; path=/";try{document.cookie=n}catch(e){console.warn("Rapid Was Prevented From Accessing Cookies:",e)}}(n,i,31536e3,t);t=-1;try{t=document.cookie.indexOf(i)}catch(e){console.warn("Rapid Was Prevented From Accessing Cookies:",e)}-1!==t?(u[n]=i,n=c[n],l&&n&&n.log&&l.set(n.key,i)):0<o+r&&(o--,s())}e.fpc&&".yahoo.com"!==a(o)&&s()};var e=null;try{e=document.cookie}catch(e){console.warn("Rapid Was Prevented From Accessing Cookies:",e)}if(e&&/[^=]+=[^=;]?(?:; [^=]+=[^=]?)?/.test(e))for(var t,n=e.split(/;\s/g),i=null,o=null,r=0,a=n.length;r<a;r++){if((t=n[r].match(/([^=]+)=/i))instanceof Array)try{i=decodeURIComponent(t[1]),o=n[r].substring(t[1].length+1)}catch(e){console.error(e)}else o=i=decodeURIComponent(n[r]);var s=c[i];if(s&&!u[i]){if(o=o.replace(/(^["']|["']$)/g,""),s.filter&&"function"==typeof s.filter)try{o=s.filter(o)}catch(e){console.error(i+" Has an Invalid Value; Cookie is not captured"),o=null}o&&(o=decodeURIComponent(o),u[i]||(u[i]=o,l&&s.log&&l.set(s.key||i,o)))}}}"undefined"!=typeof YAHOO&&YAHOO||(YAHOO={}),YAHOO.i13n=YAHOO.i13n||{},YAHOO.i13n.hasTAS=function(){return"3"===(function(e){if(e){e=e.split(":");if("1"===e[0])return{version:e[0],creation_time:e[1],app_spaceid:e[2],os:e[3],bundleid:e[4],app_version:e[5],effective_deviceid:e[6],deviceid_type:e[7],limit_ad_tracking:e[8]};if("2"===e[0])return{version:e[0],creation_time:e[1],app_spaceid:e[2],os:e[3],bundleid:e[4],app_version:e[5],effective_deviceid:e[6],deviceid_type:e[7],limit_ad_tracking:e[8],tracking_auth_status:e[9]}}return{}}((new le).getCookieByName("WV")).tracking_auth_status||-1)},YAHOO.i13n.EventTypes=function(){var e="richview";function t(e,t,n){this.yqlid=e,this.eventName=t,this.spaceidPrefix=n}t.prototype={getYQLID:function(){return this.yqlid},getEventName:function(){return this.eventName}};var n={pageview:new t("pv","pageview",""),simple:new t("lv","event","P"),linkview:new t("lv","linkview","P"),richview:new t(e,e,"R"),contentmodification:new t(e,"contentmodification","R"),dwell:new t("lv","dwell","D")};return{getEventByName:function(e){return n[e]}}}();var ce="3.53.39",ue="VERSIONED-PROD",de=[];YAHOO.i13n.__RAPID_INSTANCES__=de,YAHOO.i13n.__RAPID_INFO__={version:ce,comboName:ue},YAHOO.i13n.Rapid=function(s){var h={};function e(){}function d(e){this.map={},this.count=0,e&&this.absorb(e)}function g(){this.map={},this.count=0}"undefined"!=typeof console&&void 0!==console.log||(console={log:function(){}}),void 0===console.error&&(console.error=console.log),void 0===console.warn&&(console.warn=console.log),e.prototype={ser:function(){return y.ser(this.map)},set:function(e,t){t=t&&y.norm(t);null!==(t=null==t?"":t)&&y.isStr(t)&&(t=t.replace(/\\/g,"\\\\")),e=e.replace(/[^a-zA-Z0-9-_\u0080-\uFFFF]/g,"_"),y.isValidPair(e,t)&&(this.map[y.norm(e)]=t,this.count++)},get:function(e){return this.map[e]},getAll:function(){return this.map},absorb:functio

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://buekwankesemamaawuradenyame.shop

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": "Dylan.duffy8@yahoo.com",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "brands": [
    "Yahoo"
  ]
}

{
  "brands": [
    "Yahoo"
  ]
}

```json{  "legit_domain": "yahoo.com",  "classification": "wellknown",  "reasons": [    "The brand 'Yahoo' is a well-known brand with a legitimate domain of 'yahoo.com'.",    "The URL 'buekwankesemamaawuradenyame.shop' does not match the legitimate domain associated with Yahoo.",    "The domain name is unusual and does not contain any recognizable association with Yahoo.",    "The use of a '.shop' domain extension is uncommon for Yahoo and could be suspicious.",    "The URL contains no recognizable elements or subdomains that would suggest a legitimate association with Yahoo."  ],  "riskscore": 9}
Google indexed: False

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "hylan.duffy8@yahoo.com",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Yahoo"
  ]
}