Windows Analysis Report
XL-1-6-25-(EXCEL LATEST 2025).html

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: ://

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a cache implementation with no obvious malicious behaviors. It uses standard JavaScript features like `Map`, `Set`, and `Object.defineProperty` to implement a cache with expiration and eviction policies. While the code is somewhat complex, it does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be focused on caching functionality and does not exhibit any behaviors that would raise significant security concerns."
}

(()=>{var qv=Object.create;var Hi=Object.defineProperty;var $v=Object.getOwnPropertyDescriptor;var Lv=Object.getOwnPropertyNames;var Mv=Object.getPrototypeOf,Nv=Object.prototype.hasOwnProperty;var df=r=>Hi(r,"__esModule",{value:!0});var hf=r=>{if(typeof require!="undefined")return require(r);throw new Error('Dynamic require of "'+r+'" is not supported')};var P=(r,e)=>()=>(r&&(e=r(r=0)),e);var x=(r,e)=>()=>(e||r((e={exports:{}}).exports,e),e.exports),Ge=(r,e)=>{df(r);for(var t in e)Hi(r,t,{get:e[t],enumerable:!0})},Bv=(r,e,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of Lv(e))!Nv.call(r,i)&&i!=="default"&&Hi(r,i,{get:()=>e[i],enumerable:!(t=$v(e,i))||t.enumerable});return r},pe=r=>Bv(df(Hi(r!=null?qv(Mv(r)):{},"default",r&&r.__esModule&&"default"in r?{get:()=>r.default,enumerable:!0}:{value:r,enumerable:!0})),r);var m,u=P(()=>{m={platform:"",env:{},versions:{node:"14.17.6"}}});var Fv,be,ft=P(()=>{u();Fv=0,be={readFileSync:r=>self[r]||"",statSync:()=>({mtimeMs:Fv++}),promises:{readFile:r=>Promise.resolve(self[r]||"")}}});var Fs=x((oP,gf)=>{u();"use strict";var mf=class{constructor(e={}){if(!(e.maxSize&&e.maxSize>0))throw new TypeError("`maxSize` must be a number greater than 0");if(typeof e.maxAge=="number"&&e.maxAge===0)throw new TypeError("`maxAge` must be a number greater than 0");this.maxSize=e.maxSize,this.maxAge=e.maxAge||1/0,this.onEviction=e.onEviction,this.cache=new Map,this.oldCache=new Map,this._size=0}_emitEvictions(e){if(typeof this.onEviction=="function")for(let[t,i]of e)this.onEviction(t,i.value)}_deleteIfExpired(e,t){return typeof t.expiry=="number"&&t.expiry<=Date.now()?(typeof this.onEviction=="function"&&this.onEviction(e,t.value),this.delete(e)):!1}_getOrDeleteIfExpired(e,t){if(this._deleteIfExpired(e,t)===!1)return t.value}_getItemValue(e,t){return t.expiry?this._getOrDeleteIfExpired(e,t):t.value}_peek(e,t){let i=t.get(e);return this._getItemValue(e,i)}_set(e,t){this.cache.set(e,t),this._size++,this._size>=this.maxSize&&(this._size=0,this._emitEvictions(this.oldCache),this.oldCache=this.cache,this.cache=new Map)}_moveToRecent(e,t){this.oldCache.delete(e),this._set(e,t)}*_entriesAscending(){for(let e of this.oldCache){let[t,i]=e;this.cache.has(t)||this._deleteIfExpired(t,i)===!1&&(yield e)}for(let e of this.cache){let[t,i]=e;this._deleteIfExpired(t,i)===!1&&(yield e)}}get(e){if(this.cache.has(e)){let t=this.cache.get(e);return this._getItemValue(e,t)}if(this.oldCache.has(e)){let t=this.oldCache.get(e);if(this._deleteIfExpired(e,t)===!1)return this._moveToRecent(e,t),t.value}}set(e,t,{maxAge:i=this.maxAge===1/0?void 0:Date.now()+this.maxAge}={}){this.cache.has(e)?this.cache.set(e,{value:t,maxAge:i}):this._set(e,{value:t,expiry:i})}has(e){return this.cache.has(e)?!this._deleteIfExpired(e,this.cache.get(e)):this.oldCache.has(e)?!this._deleteIfExpired(e,this.oldCache.get(e)):!1}peek(e){if(this.cache.has(e))return this._peek(e,this.cache);if(this.oldCache.has(e))return this._peek(e,this.oldCache)}delete(e){let t=this.cache.delete(e);return t&&this._size--,this.oldCache.delete(e)||t}clear(){this.cache.clear(),this.oldCache.clear(),this._size=0}resize(e){if(!(e&&e>0))throw new TypeError("`maxSize` must be a number greater than 0");let t=[...this._entriesAscending()],i=t.length-e;i<0?(this.cache=new Map(t),this.oldCache=new Map,this._size=t.length):(i>0&&this._emitEvictions(t.slice(0,i)),this.oldCache=new Map(t.slice(i)),this.cache=new Map,this._size=0),this.maxSize=e}*keys(){for(let[e]of this)yield e}*values(){for(let[,e]of this)yield e}*[Symbol.iterator](){for(let e of this.cache){let[t,i]=e;this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}for(let e of this.oldCache){let[t,i]=e;this.cache.has(t)||this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}}*entriesDescending(){let e=[...this.cache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this._deleteIfExpired(n,s)===!1&&(yield[n,s.value])}e=[...this.oldCache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this.cache.has(n)||this._deleteIfExpire

{
  "contains_trigger_text": true,
  "trigger_text": "SIGN-IN WITH YOUR VALID EMAIL TO VIEW PURCHASE ORDER",
  "prominent_button_name": "View",
  "text_input_field_labels": [
    "Email",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "SIGN-IN WITH YOUR VALID EMAIL TO VIEW PURCHASE ORDER",
  "prominent_button_name": "View",
  "text_input_field_labels": [
    "Email",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "SIGN-IN WITH YOUR VALID EMAIL TO VIEW PURCHASE ORDER",
  "prominent_button_name": "View",
  "text_input_field_labels": [
    "Email",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple assignment of the current timestamp to a global variable `_hst`. This behavior is common for analytics or logging purposes and does not demonstrate any high-risk indicators."
}

window._hst=Date.now();

{
    "risk_score": 6,
    "reasoning": "This script exhibits several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While the intent is not immediately clear, the use of dynamic script loading and fallback domains raises some concerns that warrant further investigation."
}

(function(){var f="src href async nonce type charset crossorigin onload rel".split(" ");window._rtf=function(b,c){var a=document.createElement(b.tagName);f.forEach(function(e){a[e]=b[e]});a.onerror=function(){window._rtf(a,c)};var d=b.dataset.rtc===

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate Google Analytics script with no obvious malicious behaviors. It includes some legacy practices like the use of `XDomainRequest`, but these are low-risk indicators. The script's purpose seems to be related to analytics and telemetry, which is a common and expected behavior. Overall, this script poses a low risk and can be considered benign."
}

(function(){google.kEXPI='0,18168,184579,3097360,27,13187,8589,8288,31712,911,5428,1104,330938,658,435,617474,350740,104404,132168,20908,13446,51057,5208503,6000048,10284056,183,16496046,29284122,7433,117574,24584,6467,30050,19714,37662,5183,62265,9974,10955,89342,5278,4870,293,2986,4914,18996,6278,2311,8786,1289,5465,4193,6608,10834,5400,4131,5031,4145,42,6015,3390,817,1819,2887,2101,255,1393,64,2078,1393,4432,180,1229,1120,669,591,1553,113,708,592,968,473,75,2788,524,445,687,455,390,904,401,3639,99,2171,2333,715,270,768,10,675,115,730,652,93,720,2277,250,28,1879,880,1529,1863,5,682,3112,797,24,1023,409,677,20983425,405874,1424,2743,4177,1264,8021772';})();window._ = window._ || {};window._DumpException = _._DumpException = function(e){throw e;};window._s = window._s || {};_s._DumpException = _._DumpException;window._qs = window._qs || {};_qs._DumpException = _._DumpException;(function(){var t=[1394696,0,524288,0,0,0,0,0,1024,0,927006720,637534217,537837632,389026840,100687936,136348688,17301512,805437472,739246146,173015280,269418707,98440,738878750,16796674,327159908,1048252929,672399363,278006020,537919568,723534657,94720,1605638,67215360,402673665,8454216,67138560,142640640,974127105,153,35127312,54214720,12632962,16,536870912,503971902,370443776,0,0,0,273155072,269621040,131137,0,0,0,617750528,13847];window._F_toggles = window._xjs_toggles = t;})();window._F_installCss = window._F_installCss || function(css){};(function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.hd.en_US.WFRX-KyynoE.es5.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAQAAAQAAABAEIAgCAAAAQAAACwAAACCAwABAAAEAABAAOBRpgAIEAEAAAAAEABAACkAAAAQAAAAQAAAAAAAAAoAAAAAAAIAAAAAQAAAAAIEAAAAAAAAAAAACAAAgB4AAAAAAAAAQEAAAMAwMAABAAAAAACAPgAIHoAhhQUAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAgEgTFzY/d\x3d1/ed\x3d1/dg\x3d3/br\x3d1/rs\x3dACT90oF9wDWGPOlS0TQWL-hD9xZrRbxiMw/ee\x3dALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DMzTfb:fNTHad;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABS

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet contains several indicators of moderate risk, including the use of obfuscated code and external data transmission to a Google domain. While Google is a trusted domain, the heavy obfuscation and lack of transparency around the script's purpose warrant further review. The overall behavior suggests a potentially aggressive or overly complex script that may be performing additional actions beyond typical analytics or telemetry."
}

(function(){google.xjs={basecomb:'/xjs/_/js/k\x3dxjs.hd.en_US.WFRX-KyynoE.es5.O/ck\x3dxjs.hd.GZlm5WnHNxI.L.B1.O/am\x3dCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEHQnAACYAMAOIAQAAAQABgB

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Google Analytics and error reporting script. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on error handling and reporting, which is a common and legitimate practice. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a standard Google-related utility with no clear signs of malicious intent, so it is assessed as low risk."
}

(function(){window.google.erd={jsr:1,bv:2147,sd:true,de:true,dpf:'FcSScRtXpJeb_-T6gArrbLNy9cP8GYK2mZWtkTnnPWQ'};})();(function(){var sdo=false;var mei=10;var diel=0;
var g=this||self;var k,l=(k=g.mei)!=null?k:1,m,p=(m=g.diel)!=null?m:0,q,r=(q=g.sdo)!=null?q:!0,t=0,u,w=google.erd,x=w.jsr;google.ml=function(a,b,d,n,e){e=e===void 0?2:e;b&&(u=a&&a.message);d===void 0&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(x<0){window.console&&console.error(a,b);if(x===-2)throw a;b=!1}else b=!a||!a.message||a.message==="Error loading script"||t>=l&&!n?!1:!0;if(!b)return null;t++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(w.jsr)+
"&bver="+b(w.bv);w.dpf&&(c+="&dpf="+b(w.dpf));var f=a.lineNumber;f!==void 0&&(c+="&line="+f);var h=a.fileName;h&&(h.indexOf("-extension:/")>0&&(e=3),c+="&script="+b(h),f&&h===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&google.ple===1&&(e=2);c+="&jsel="+e;for(var v in d)c+="&",c+=b(v),c+="=",c+=b(d[v]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");c.length>=12288&&(c=c.substr(0,12288));a=c;n||google.log(0,"",a);return a};window.onerror=function(a,b,d,n,e){u!==a&&(a=e instanceof Error?e:Error(a),d===void 0||"lineNumber"in a||(a.lineNumber=d),b===void 0||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,a.name==="SyntaxError"||a.message.substring(0,11)==="SyntaxError"||a.message.indexOf("Script error")!==-1?3:p));u=null;r&&t>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.rX6uZdQxZxU.2019.O","com","en","538",0,[4,2,"","","","712356711","0"],null,"AZV-Z7LqO4Cn9u8P24bYiAI",null,0,"og.qtm.CEsjJf2wziM.L.W.O","AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ","AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,null,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0,""],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,null,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/d=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20241202.0_p1","en",null,0],[0.009999999776482582,"com","538",[["19037050","19037049","7",1,5,2592000,"","AN2NJM7u7rPIYwmFCiypBy-_yplGUlUI4A:1736348929985",0,1,2,"https://www.google.com/_/og/promos/",0],"n","",["","",""],1,2592000,null,null,"https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%253A%252F%252Fwww.google.com%252F%253Fptid%253D19027681%2526ptt%253D8%2526fpts%253D0\u0026source=hpp\u0026id=19037050\u0026ct=7\u0026usg=AOvVaw17nhtj2bG975y5iQrI1sgf",null,null,null,null,null,1,null,0,null,1,0,0,0,null,null,0,0,null,0,0,0,0,1],null,null,null,0],[1,null,null,40400,538,"USA","en","712356711.0",8,null,0,0,null,null,null,null,"3700949,3701384",null,null,null,"AZV-Z7LqO4Cn9u8P24bYiAI",1,0,0,null,2,5,"en",38,0,0,0,0,1,89978449,0,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=qabr,q_d,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ"],[null,null,null,"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"]],null,null,null,[[[null,null,[null,null,null,"https://ogs.google.com/widget/callout?prid=19037050\u0026pgid=19037049\u0026puid=9ceb59a7585b55bd\u0026eom=1\u0026cce=1\u0026dc=1"],

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a part of Google's internal analytics and tracking infrastructure. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for logging user interactions and performance metrics, which is a common and legitimate practice for web analytics. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and used for legitimate analytics purposes."
}

(function(){var _g={kEI:'AZV-Z6TUOoS79u8PqKPesAE',kEXPI:'31',kBL:'8OWv',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var g=this||self;function k(){return window.google&&window.google.kOPI||null};var l,m=[];function n(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||l}function p(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function q(a){/^http:/i.test(a)&&window.location.protocol==="https:"&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function r(a,b,d,c,h){var e="";b.search("&ei=")===-1&&(e="&ei="+n(c),b.search("&lei=")===-1&&(c=p(c))&&(e+="&lei="+c));var f=b.search("&cshid=")===-1&&a!=="slh";c="&zx="+Date.now().toString();g._cshid&&f&&(c+="&cshid="+g._cshid);(d=d())&&(c+="&opi="+d);return"/"+(h||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+c)};l=google.kEI;google.getEI=n;google.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x||(d.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1});var e;(e=google).sx||(e.sx=function(a){google.sy.push(a)});google.lm=[];var f;(f=google).plm||(f.plm=function(a){google.lm.push.apply(google.lm,a)});google.lq=[];var g;(g=google).load||(g.load=function(a,b,c){google.lq.push([[a],b,c])});var h;(h=google).loadAll||(h.loadAll=function(a,b){google.lq.push([a,b])});google.bx=!1;var k;(k=google).lx||(k.lx=function(){});var l=[],m;(m=google).fce||(m.fce=function(a,b,c,n){l.push([a,b,c,n])});google.qce=l;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a=c==="1"||c==="q"&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cli:true,csp:false,cwh:false,dclt:false,doiu:1,dstc:false,fla:false,fli:false,gl:true,irsf:true,lhc:false,marb:false,mcc:false,pci:true,raf:false,taf:true,timl:false,tprc:false,vis:true};})();(function(){
var p=this||self;window.google=window.google||{};var q=window.performance&&window.performance.timing&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,r=q?aa||window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno||0)}var ba=google.stvsc&&google.stvsc.rs,v=q?ba||window.performance.timing.responseStart:void 0;function ca(a,b,c,d,e){if(!a||!b&&da(a))return 0;if(!a.getBoundingClientRect)return 1;var l=function(g){return g.getBoundingClientRect()};return!b&&ea(a,d,l)||!b&&e&&fa(a,l)?0:ha(a,b,c,d,l)}function fa(a,b){a=b(a);return a.height<=0||a.width<=0?!0:!1}
function ea(a,b,c){a:{for(var d=a;d&&d!==b;d=d.parentElement)if(d.style.overflow==="hidden"||d.tagName==="G-EXPANDABLE-CONTENT"&&getComputedStyle(d).getPropertyValue("overflow")==="hidden"){b=d;break a}b=null}if(!b)return!1;a=c(a);c=c(b);return a.bottom<c.top||a.top>=c.bottom||a.right<c.left||a.left>=c.right}
function da(a){return a.style.display==="none"?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=document.defaultView.getComputedStyle(a),!!a&&(a.visibility==="hidden"||a.height==="0px"&&a.width==="0px")):!1

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, the level of obfuscation and the presence of suspicious domains raise significant security concerns. Further investigation is recommended to determine the true nature and intent of this script."
}

(function(){var p={astyp:'hpba',cee:'kvZGKe',ck:'_AZV-Z6TUOoS79u8PqKPesAE_8AZV-Z6TUOoS79u8PqKPesAE',cp:'x',id:'_AZV-Z6TUOoS79u8PqKPesAE_8',m:1,url:'/async/hpba?yv\x3d3\x26cs\x3d0\x26ei\x3dAZV-Z6TUOoS79u8PqKPesAE\x26async\x3d_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.WFRX-KyynoE.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAQAAAQAAABAEAAgCAAAAQAAACwAAACCAwABAAAEAABAAOBRpgAIEAEAAAAAEABAACkAAAAQAAAAQAAAAAAAAAoAAAAAAAIAAAAAQAAAAAIEAAAAAAAAAAAACAAAgB4AAAAAAAAAQEAAAMAwMAABAAAAAACAPgAIHoAhhQUAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAgEgTFzY/dg%3D0/br%3D1/rs%3DACT90oFScbx5gB9TRINEXiCw-E_0XXRAHA,_basecss:/xjs/_/ss/k%3Dxjs.hd.GZlm5WnHNxI.L.B1.O/am%3DCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEGAnAAAYAMAOIAQAAAQABgAAAIAACAAAAAiAACgEAMAAAgAIAAAHAAIAAAAAgMAKAAAEZACAEoAEkB8AQIEAAAgAQAAQYNAQiAogFAAIAAAAAAAABAAAAIYAEAgA0AEQAAaASAAAhB4IAAAAACAIAAA7g8AwMAABAAAAAAAAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAQAFAAAAAAAAAAAAAAAAAAAAgA/br%3D1/rs%3DACT90oEPgnzmjvEma9pnRKzLo6Pu1IAUaQ,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.WFRX-KyynoE.es5.O/ck%3Dxjs.hd.GZlm5WnHNxI.L.B1.O/am%3DCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEHQnAACYAMAOIAQAAAQABgBAEIAgCAAAAQiAACwEAMCCAwAJAAAHAAJAAOBRpsAKEAEEZACAEoBEkD8AQIEQAAgAQAAQYNAQiAogFAAIAAIAAAAARAAAAIYEEAgA0AEQAAaASAAAhB4IAAAAACAIQEA7g8AwMAABAAAAAACAPgAIHoAhhQUAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAgEgTFzY/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oHZJERoOupOQdhgGaXy9XtjhXHC4w,_fmt:prog,_id:_AZV-Z6TUOoS79u8PqKPesAE_8\x26sp_imghp\x3dfalse\x26sp_hpep\x3d2\x26sp_hpte\x3d0',wfpe:false,wfve:false};var h={};'use strict';p.h=h;google.ia.q(p);})();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate Google Analytics script that is commonly used for tracking and analytics purposes. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is interacting with known, reputable Google domains, and the behavior is consistent with typical analytics functionality. Therefore, this script poses a low risk and can be considered benign."
}

(function(){google.caft=function(a){if(google.aftq===null)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};var c=google.c.dstc;function d(a,b){google.c.e("load",a,String(b))};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a,"SearchBodyEnd");d("imn",document.getElementsByTagName("img").length);c&&(d("dtc",document.getElementsByTagName("div").length),d("stc",document.getElementsByTagName("span").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")});google.c.u("prt")})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&window.google.ishk.length===0&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3danimal+sounds\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3dpizza+near+me\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dflip+a+coin\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/search?q\x3ddvd+screensaver\\u0026csf\x3db\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/url?url\x3dhttps://www.google.com/search?q%3Dnebulae%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/url?url\x3d/doodles\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/asset/DwHa_BZQUdYEzw\\u0026sa\x3dt\\u0026usg\x3dAOvVaw2-p97sfTZuuYn4gJKl2Gh2\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dfriends+joey\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22P6qYyZmWFo9pPBZPVFmYMhhGUzo\x22},\x22sf\x22:{},\x22sonic\x22:{},\x22spch\x22:{\x22ae\x22:\x22Please check your microphone.  \\u003Ca href\x3d\\\x22https://support.google.com/chrome/?p\x3dui_voice_search\\\x22 target\x3d\\\x22_blank\\\x22\\u003ELearn more\\u003C/a\\u003E\x22,\x22ak\x22:\x22\x22,\x22cd\x22:0,\x22fp\x22:true,\x22hl\x22:\x22en-US\x22,\x22im\x22:\x22Click \\u003Cb\\u003EAllow\\u003C/b\\u003E to start voice search\x22,\x22iw\x22:\x22Waiting...\x22,\x22lm\x22:\x22Listening...\x22,\x22lu\x22:\x22%1$s voice search not available\x22,\x22mb\x22:false,\x22ne\x22:\x22No Internet connection\x22,\x22nt\x22:\x22Didn\x27t get that. \\u003Cspan\\u003ETry again\\u003C/span\\u003E\x22,\x22nv\x22:\x22Please check your microphone and audio levels.  \\u003Ca href\x3d\\\x22https://support.google.com/chrome/?p\x3dui_voice_search\\\x22 target\x3d\\\x22_blank\\\x22\\u003ELearn more\\u003C/a\\u003E\x22,\x22pe\x22:\x22Voice search has been turned off.  \\u003Ca href\x3d\\\x22https://support.google.com/chr

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors, some of which raise moderate concerns. While it does not contain any clear indicators of malicious intent, it engages in several practices that warrant further review. The script utilizes external data transmission, aggressive DOM manipulation, and some legacy practices, which collectively contribute to a medium-risk assessment. However, the script's overall purpose appears to be related to analytics and telemetry, which helps mitigate the risk. Additional context or a more detailed understanding of the script's functionality would be required to provide a more definitive assessment."
}

(function(){'use strict';var h={push:a=>void a()};var k=function(a){if(Array.isArray(a.g.cbvi))for(const b of a.g.cbvi)b();a.g.cbvi=h},l=function(a){k(a);var b,c;let d;const e=((b=google.stvsc)==null?void 0:b.ns)||((c=window.performance)==null?void 0:(d=c.timing)==null?void 0:d.navigationStart);e&&(a.i.ns=e);b=a.g.t.getAttribute("eid");c=[];for(var f of Object.keys(a.i))c.push(`${f}.${a.i[f]-a.L}`);for(const g of Object.keys(a.j))c.push(`${g}.${a.j[g]-a.L}`);f=`/gen_204?s=async&astyp=${a.g.astyp}&atyp=csi&ei=${b}&rt=${c.join(",")}`;e&&(f+=`&ns=${e}`);a.v&&(f+=`&twt=${a.v}&mwt=${a.D}`);a.C&&(f+=`&lvhr=${a.C}`);a.A&&(f+=`&${"imn"}=${a.A}`);a.B&&(f+=`&${"ima"}=${a.B}`);google.log("","",f)},m=function(a){a.A!==a.H||a.I||(a.i.art=Date.now(),l(a))},n=function(a){a.B===a.M&&k(a)},p=function(a,b,c){var d=a.g.t.querySelectorAll("[data-subtree]");for(const f of d){var e=f.dataset.subtree;e&&(d=`${"saft"}-${e}`,e=`${"sart"}-${e}`,f.contains(b)||b.contains(f))&&(a.j[d]=c,a.j[e]=c)}},q=function(a,b,c){var d=google.cv(b,!1,!0,a.g.t);d&1?(d=Date.now(),c&&(a.C=
c),a.i.aaft=d,a.i.aafct=d,p(a,b,d)):d&4&&(a.N=!0,n(a))},r=function(a,b,c,d=!1){b.getAttribute("data-deferred")==="1"?google.rll(b,!0,()=>{r(a,b,c,d)}):d||(b.getAttribute("data-deferred")==="2"&&b.setAttribute("data-deferred","3"),d=!0,t(a,b,c))},u=function(a,b,c){q(a,b,c);b=b.getElementsByTagName("img");for(c=0;c<b.length;c++){const d=b[c];++a.A;const e=d.complete&&!d.getAttribute("data-deferred"),f=d.hasAttribute("data-noaft");if(e||f){++a.H;continue}const g=!!(google.cv(d,!1,!0,a.g.t)&1);g&&++a.B;google.rll(d,!0,()=>{r(a,d,g)});a.i.irfi||(a.i.irfi=Date.now());a.i.irli=Date.now()}},t=function(a,b,c){const d=Date.now();a.i.irfie||(a.i.irfie=d);++a.H;c&&(++a.M,a.i.aaft=d,a.i.aafit=d,p(a,b,d));a.N&&n(a);a.S&&m(a)},v=function(a,b,c){var d=a.g.t.querySelectorAll("[data-subtree]");for(const f of d){var e=f.dataset.subtree;if(!e)continue;d=`${"sirt"}-${e}`;const g=`${"sart"}-${e}`;e=`${"scrt"}-${e}`;b.contains(f)?(a.j[d]||(a.j[d]=c),a.j[g]=c,a.j[e]=c):f.contains(b)&&(a.j[g]=c,a.j[e]=c)}},w=class{constructor(a){this.g=
a;this.L=Date.now();this.j={};this.i={};this.M=this.B=this.v=this.H=this.A=this.G=this.D=this.C=0}};
function x(a){a.req=new XMLHttpRequest;a.cbfd=[];a.cbvi=[]}function y(a){x(a);const b=new z(a);google.ia.was(a,()=>{b.g.req.addEventListener("readystatechange",b.J);b.g.req.open("GET",b.g.url);for(const c of Object.keys(b.g.h))b.g.req.setRequestHeader(c,b.g.h[c]);b.i.ipf=Date.now();b.g.req.send()})}
var A=function(a){a.s===0&&a.R&&google.drty&&google.drty()},B=function(a){if(!a.O){a.O=!0;if(Array.isArray(a.g.cbfd))for(const b of a.g.cbfd)b();a.g.cbfd=h}},D=function(a,b){a.I=!0;a.i.ft=Date.now();a.v=0;a.g.req.removeEventListener("readystatechange",a.J);a.g.req.abort();l(a);google.fce(a.g.t,a.g.cee,b);B(a)},K=function(a,b,c){const d=b[0];b=b[1];if(!a.T&&d===2&&b==null)return E(a,c),a.T=!0,a.g.t;switch(d){case 1:D(a,Error(c));break;case 2:return F(a,b,c);case 6:return G(a,b,c);case 3:H(a,b,c,!0);break;case 4:a.s++;google.ia.dq.push({astyp:a.g.astyp,cb:()=>{I(c);a.s--;A(a)}});break;case 7:J(a,c);break;case 5:google.ia.dq.push({astyp:a.g.astyp,md:c})}},E=function(a,b){const c=Date.now();a.i.st=c;a.g.t.innerHTML=b;v(a,a.g.t,c);L(a.g.t);a.g.t.setAttribute("eid",a.K[0]);u(a,a.g.t,++a.l)},F=function(a,b,c){b=document.getElementById(b);b.innerHTML=c;a.l++;for(const d of b.children)q(a,d,a.l);v(a,b,Date.now());L(b);return b},G=function(a,b,c){const d=a.g.t.querySelector(`[data-async-ph="${b}"]`);if(d)return M(a,d,c);a.s++;google.ia.dq.push({astyp:a.g.astyp,cb:()=>{M(a,a.g.t.querySelector(`[data-async-ph="${b}"]`),c);a.s--;A(a)}})},H=function(a,b,c,d){let e;const f=(e=document.getElementById(b))!=null?e:a.g.t.querySelector(`img[data-iid="${b}"]`);!f&&d?a.g.cbfd.push(()=>{google.ia.dq.push({astyp:a.g.astyp,cb:()=>{H(a,b,c,!1)}})}):(f.setAttribute("data-deferred","2"),f.src=c)},I=function(a){const b=document.createElement("script");b.textContent=a;document.body.appendChild(b)},J=function(a,b){con

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.google.com

{
  "brands": [
    "Google"
  ]
}