Windows Analysis Report
https://na4.docusign.net/Signing/EmailStart.aspx?a=ffa78034-d960-4bb3-b2a2-bb62a1fc4a65&etti=24&acct=86dab687-685e-40aa-af52-e5c3fc07b508&er=04714c6d-cc25-4a21-be91-01e1c43a5f3f

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://na4.docusign.net

{
    "risk_score": 7,
    "reasoning": "This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. While the script may have a legitimate purpose, such as preventing unauthorized framing, the lack of context and the use of obfuscated code raise significant security concerns."
}

//<![CDATA[
!function(){var e=window,s=e.document,i=e.$Config||{};if(e.self===e.top){s&&s.body&&(s.body.style.display="block")}else if(!i.allowFrame){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",
o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}();
//  

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility library for managing script loading and execution. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on handling document ready and load events, as well as providing logging and debugging functionality. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility purposes. Overall, the script seems to be a benign utility with no clear signs of malicious intent."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}funct

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger framework or library, likely used for managing dependencies and executing code on demand. While it contains some behaviors that could be considered risky, such as using `setTimeout` and `apply`, the overall intent seems to be for legitimate functionality rather than malicious purposes. The script does not exhibit any clear indicators of high-risk activities like dynamic code execution, data exfiltration, or suspicious redirects. Additionally, the use of a `$Do` object suggests this is a common pattern in the codebase, further reducing the risk. Overall, this script can be considered low-risk with some minor concerns around outdated practices."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application, likely related to authentication and user session management. While it contains some potentially sensitive information, such as API endpoints and client IDs, there are no clear indicators of high-risk behaviors like dynamic code execution, data exfiltration, or malicious redirects. The script seems to be focused on legitimate functionality, such as desktop single sign-on (SSO) and client-side telemetry. Some moderate-risk indicators, such as external data transmission and fallback domains, are present, but the overall context suggests this is likely a benign script with no clear malicious intent."
}

//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All\u0026response_mode=form_post\u0026nonce=638721188383507656.ZWRhNjdiNDMtMzI0ZS00ODlhLWJhODctMzE0NDU1ODFmYTI3NWFlMTkxZGQtYzU4YS00NGI1LWE1M2ItZTg4OGE0ODdiYjI2\u0026ui_locales=en-US\u0026mkt=en-US\u0026client-request-id=e52406da-b4cf-4c94-8e7f-8cc73ab20f1a\u0026state=s2xU_FbWZVVQWlovdkb6ohxRQDYkWB-HG794v7CN0FjtRGSXluBbKdq66Y-AhV58s_GvBRYelLUfIqSoNHVaFb_KyTNtsLUZv2jr9HapXAs0xpHicpt5UFURQvDUP3Re3J1jWROkFcICWutYIQkIpaw51h7SoSk_CdgPoqr-Rx6sFcLPlh_wzJgItGYAhgzDjr_aBOnowYdSrfRnaSWGj89zg8ER0SItcd6YtGWnpt0cXLemjDvY8MmxBtv7YulOLx9Q3gTRkikldkD-x-QhsQ\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://1oqinin-images.offic-pages-3df.workers.dev/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=e52406da-b4cf-4c94-8e7f-8cc73ab20f1a","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=e52406da-b4cf-4c94-8e7f-8cc73ab20f1a","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=e52406da-b4cf-4c94-8e7f-8cc73ab20f1a\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=e52406da-b4cf-4c94-8e7f-8cc73ab20f1a\u0026origin=1oqinin-images.offic-pages-3df.workers.dev\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeZ7g2f5i306pjjPwLQh-2vy9svvyhJM6FUrgVscdRpo5nwxXauQGJMy4VZ0Vmai1zhVERpLdvj4lgwsAOx7DSC1I44jBcgdcwnfu45q1WwhZdBr0R_rTfgHt5G5nhM6NknLkKpdTzO3NMPfaWzJm_r0bfoJKGCgL_a8lFNRupm-NpccORRfoG-nAh2p8jTBgaMYG7UU0BG9XhVEoyn6cm0iAA","canary":"yUOSwvE5xwBSdY2pOaIZWKWnpUHXPyaSl6Mu2olZNoM=6:1:CANARY:LcJ5XAMR0YJFnx9/KiTsY1SHXsKcQatNjPGbEDfPuuE=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"e52406da-b4cf-4c94-8e7f-8cc73ab20f1a","sessionId":"69addb78-5149-4b64-92a8-5e16c68d2c00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://1oqinin-images.off

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application. It contains various URLs and settings, but does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script seems to be focused on authentication and federated identity management, which is a common and legitimate use case. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and does not raise significant security concerns."
}

//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2f1oqinin-images.offic-pages-3df.workers.dev%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQKpbeYFOzI92s636bX3NBVN4uRMz4nswyschWjMmHj9C8wMr5gZLzFJOhflO6ZEl7slpqSWpRYkpmfd4FF4BULjwGzFQcHlwCDBIMCww8WxkWsQFt91ufoyhbN8d9_Zu0n_aA0hlOs-pWh_sHlZa6mFeVOwSmRRgX-iZ5R4d7heQWhHhEBlYnBOWa-pUb5OVF--b625laGE9iEJrAxnWJj-MDG2MHOMIud4QAn4wYexgO8DD_4epZMOzNt45l3Hq_4dfLNcp19TVzz_EotTEwdS8NLPDPdo6qCylO8XELM_TwKqkwMy9ICU029Sl1tNwgwPBBgAAA1\u0026estsfed=1\u0026uaid=34b41b71b8704e6f82cf862e83808a7e\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com","urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https%3a%2f%2f1oqinin-images.offic-pages-3df.workers.dev","urlOtherIdpForget":"https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2f1oqinin-images.offic-pages-3df.workers.dev","showCantAccessAccountLink":true,"urlGitHubFed":"https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2f1oqinin-images.offic-pages-3df.workers.dev%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQKpbeYFOzI92s636bX3NBVN4uRMz4nswyschWjMmHj9C8wMr5gZLzFJOhflO6ZEl7slpqSWpRYkpmfd4FF4BULjwGzFQcHlwCDBIMCww8WxkWsQFt91ufoyhbN8d9_Zu0n_aA0hlOs-pWh_sHlZa6mFeVOwSmRRgX-iZ5R4d7heQWhHhEBlYnBOWa-pUb5OVF--b625laGE9iEJrAxnWJj-MDG2MHOMIud4QAn4wYexgO8DD_4epZMOzNt45l3Hq_4dfLNcp19TVzz_EotTEwdS8NLPDPdo6qCylO8XELM_TwKqkwMy9ICU029Sl1tNwgwPBBgAAA1\u0026estsfed=1\u0026uaid=34b41b71b8704e6f82cf862e83808a7e\u0026fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guadeloupe~590!!!GU~Guam~1!!!GT~Guatemala~502!!!GG~Guernsey~44!!!GN~Guinea~224

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

```json
{
    "risk_score": 2,
    "reasoning": "The script includes moderate-risk indicators such as aggressive DOM manipulation and error reporting to third-party domains. However, there are no high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, which aligns with legitimate use cases, reducing the overall risk."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL '1oqinin-images.offic-pages-3df.workers.dev' does not match the legitimate domain 'microsoft.com'.",    "The URL contains suspicious elements such as 'offic-pages' which resembles 'office', a common Microsoft product, indicating potential phishing.",    "The use of a subdomain under 'workers.dev', a domain often used for cloud services, is suspicious when associated with a well-known brand like Microsoft.",    "The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft accounts."  ],  "riskscore": 9}
Google indexed: False