Windows Analysis Report
invoice_AG60538.pdf

{
  "contains_trigger_text": true,
  "trigger_text": "MASTER AGRICULTURIST AWARDS PROGRAM",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Informa"
  ]
}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript code appears to be a legitimate form handling functionality with no high-risk indicators. It uses common UI patterns like modals and form validation, which are typical of benign web applications. The code does not exhibit any behaviors associated with dynamic code execution, data exfiltration, or suspicious redirects. While it uses some legacy APIs like `$find()`, these are low-risk indicators and do not suggest malicious intent. Overall, this script is likely a part of a legitimate web application and poses a low risk."
}

        function newAccount(sender, args)
        {
            var inst = $("[data-remodal-id=modal-request]").remodal();
            // Make sure that the modal is placed back inside the FORM
            inst.$wrapper.detach();
            inst.$wrapper.appendTo("form");

            inst.open();
        }

        function closeRequest()
        {
            var inst = $("[data-remodal-id=modal-request]").remodal();
            inst.close();
        }

        function closeConfirm()
        {
            var inst = $("[data-remodal-id=modal-confirm]").remodal();
            inst.close();
        }

        function confirmRequest()
        {
            closeRequest();

            var inst = $("[data-remodal-id=modal-confirm]").remodal();
            // Make sure that the modal is placed back inside the FORM
            inst.$wrapper.detach();
            inst.$wrapper.appendTo("form");

            inst.open();
        }

        function confirmEntry(sender, args)
        {
            var tName = $find('ctl00_contentBody_tName');
            var tCompany = $find('ctl00_contentBody_tCompany');
            var tPhone = $find('ctl00_contentBody_tPhone');
            var tEmail = $find('ctl00_contentBody_tEmail');
            var tAccountNo = $find('ctl00_contentBody_tAccountNo');
            var tComment = $find('ctl00_contentBody_tComment');

            var messages = '';

            if (tName.get_value().trim() == '')
            {
                messages += "<li>" + "Your Full Name" + "</li>";
            }

            if (tCompany.get_value().trim() == '')
            {
                messages += "<li>" + "Your Company Name" + "</li>";
            }

            if (isValidEmail(tEmail.get_value().trim()) == false)
            {
                messages += "<li>" + "Your email address (must be a valid email)" + "</li>";
            }

            if (messages != '')
            {
                console.log(messages);
                radalert(
                    "Oops, looks like you forgot some critical information - please fill in the following fields: <ul>" + messages + "</ul>",
                    500,
                    250,
                    "Error",
                    null);
                args.set_cancel(true);
            }
        }

        function isValidEmail(email)
        {
            var re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
            return re.test(email);
        }

    

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility library for common web development tasks, such as DOM manipulation, AJAX requests, and event handling. While it contains some legacy practices like `XDomainRequest`, the overall behavior is benign and does not demonstrate any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script seems to be focused on providing utility functions for legitimate web development purposes."
}

parcelRequire=function(e,r,t,n){var i,o="function"==typeof parcelRequire&&parcelRequire,u="function"==typeof require&&require;function f(t,n){if(!r[t]){if(!e[t]){var i="function"==typeof parcelRequire&&parcelRequire;if(!n&&i)return i(t,!0);if(o)return o(t,!0);if(u&&"string"==typeof t)return u(t);var c=new Error("Cannot find module '"+t+"'");throw c.code="MODULE_NOT_FOUND",c}p.resolve=function(r){return e[t][1][r]||r},p.cache={};var l=r[t]=new f.Module(t);e[t][0].call(l.exports,p,l,l.exports,this)}return r[t].exports;function p(e){return f(p.resolve(e))}}f.isParcelRequire=!0,f.Module=function(e){this.id=e,this.bundle=f,this.exports={}},f.modules=e,f.cache=r,f.parent=o,f.register=function(r,t){e[r]=[function(e,r){r.exports=t},{}]};for(var c=0;c<t.length;c++)try{f(t[c])}catch(e){i||(i=e)}if(t.length){var l=f(t[t.length-1]);"object"==typeof exports&&"undefined"!=typeof module?module.exports=l:"function"==typeof define&&define.amd?define(function(){return l}):n&&(this[n]=l)}if(parcelRequire=f,i)throw i;return f}({"Gmzz":[function(require,module,exports) {
module.exports=r;var e=document.createElement("div");e.innerHTML='  <link/><table></table><a href="/a">a</a><input type="checkbox"/>';var t=!e.getElementsByTagName("link").length;e=void 0;var l={legend:[1,"<fieldset>","</fieldset>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],_default:t?[1,"X<div>","</div>"]:[0,"",""]};function r(e,t){if("string"!=typeof e)throw new TypeError("String expected");t||(t=document);var r=/<([\w:]+)/.exec(e);if(!r)return t.createTextNode(e);e=e.replace(/^\s+|\s+$/g,"");var i=r[1];if("body"==i)return(o=t.createElement("html")).innerHTML=e,o.removeChild(o.lastChild);var o,a=l[i]||l._default,d=a[0],n=a[1],c=a[2];for((o=t.createElement("div")).innerHTML=n+e+c;d--;)o=o.lastChild;if(o.firstChild==o.lastChild)return o.removeChild(o.firstChild);for(var p=t.createDocumentFragment();o.firstChild;)p.appendChild(o.removeChild(o.firstChild));return p}l.td=l.th=[3,"<table><tbody><tr>","</tr></tbody></table>"],l.option=l.optgroup=[1,'<select multiple="multiple">',"</select>"],l.thead=l.tbody=l.colgroup=l.caption=l.tfoot=[1,"<table>","</table>"],l.polyline=l.ellipse=l.polygon=l.circle=l.text=l.line=l.path=l.rect=l.g=[1,'<svg xmlns="http://www.w3.org/2000/svg" version="1.1">',"</svg>"];
},{}],"ybwN":[function(require,module,exports) {
var e=new Date,t=e.getFullYear()%100;module.exports={cvvLengths:{visa:["3"],american_express:["4"],discover:["3"],jcb:["3"],diners_club:["3"],master:["3"],dankort:["3"],default:["3"]},dateRanges:{month:[1,12],year:[t,t+50]},_twoDigitDateField:function(e,t){return!!(e&&2==e.length&&Number(e)&&e>=this.dateRanges[t][0]&&e<=this.dateRanges[t][1])},expDate:function(a,n){var i=this._twoDigitDateField(a,"month"),r=this._twoDigitDateField(n,"year");return!(!i||!r)&&(n!=t||a>=e.getMonth())},fullName:function(e){return!!e&&!!e&""!==e&e.length>2}};
},{}],"AQDk":[function(require,module,exports) {
module.exports={ajax:{post:function(t,e,o){var i=new XMLHttpRequest;i.onreadystatechange=function(){4==i.readyState&&o(i.status,i.responseText)},i.open("POST",t,!0),i.setRequestHeader("CONTENT-TYPE","application/json"),i.send(e)}},addListener:function(t,e,o){t.addEventListener?t.addEventListener(e,o,!1):t.attachEvent&&t.attachEvent("on"+e,o)},addInputListener:function(t,e){void 0===t.oninput?this.addListener(t,"keyup",e):this.addListener(t,"input",e)},removeListener:function(t,e,o){t.addEventListener?t.removeEventListener(e,o,!1):t.attachEvent&&t.detachEvent("on"+e,o)},getElementWithAttribute:function(t,e){for(var o=document.getElementsByTagName(t),i=0;i<o.length;i++)if(o[i].getAttribute(e))return o[i]},domain:function(t){if(void 0!==t){var e=t.match(/^(https?\:\/\/[^\/?#]+)(?:[\/?#]|$)/i);return e&&e[1]}},camelize:function(t){if(void 0!==t){var e=t.split("-");if(1==e.length)return t;for(var o=e[0],i=1;i<e.length;i++){var n=e[i];o=o+n.charAt(0).toUpperCase()+n.slice(1)}return o}},stripTags:function(

{
    "risk_score": 1,
    "reasoning": "This appears to be the jQuery library, which is a widely used and trusted JavaScript library. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is well-structured and follows common JavaScript patterns, indicating it is likely a legitimate library."
}

/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)||(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)+1>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b||this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid||n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),f

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a common pattern for handling form submissions in ASP.NET web applications. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily responsible for managing the form submission process, which is a legitimate and expected behavior. While it uses some legacy practices like the `__doPostBack` function, these are common in older web frameworks and do not pose a significant security risk on their own. Overall, this script demonstrates low-risk behavior and is likely part of a benign web application."
}

//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
    theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//  

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a module loader or bundler, which is a common and legitimate practice in modern web development. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code seems to be focused on handling transaction status updates, which is a typical use case for payment processing applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with a legitimate application and does not raise significant security concerns."
}

!function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=37)}([function(t,e){t.exports=function(t){return t&&t.__esModule?t:{default:t}},t.exports.__esModule=!0,t.exports.default=t.exports},function(t,e){t.exports=function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")},t.exports.__esModule=!0,t.exports.default=t.exports},function(t,e,n){var r=n(6);function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,r(i.key),i)}}t.exports=function(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),Object.defineProperty(t,"prototype",{writable:!1}),t},t.exports.__esModule=!0,t.exports.default=t.exports},function(t,e){function n(e){return t.exports=n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t.exports.__esModule=!0,t.exports.default=t.exports,n(e)}t.exports=n,t.exports.__esModule=!0,t.exports.default=t.exports},function(t,e,n){"use strict";var r=n(0),i=r(n(1)),o=r(n(2)),a=n(17),s=n(18),c=n(19),l={settings:{coreHost:"https://core.spreedly.com"}};function u(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:l;return"".concat(e.settings.coreHost,"/api/internal/v1/transactions/").concat(t,"/status.json")}function d(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e={};return t.environmentKey&&(e["Spreedly-Environment-Key"]=t.environmentKey),e}var h=function(){function t(e,n,r,o){var a=arguments.length>4&&void 0!==arguments[4]?arguments[4]:20,c=arguments.length>5&&void 0!==arguments[5]?arguments[5]:500,d=arguments.length>6&&void 0!==arguments[6]?arguments[6]:l;(0,i.default)(this,t),this.endpoint=u(e,d),this.done=n,this.handleData=this.handleData.bind(this),this.handleError=this.handleError.bind(this),this.fetchData=this.fetchData.bind(this),this.retryable=new s(a,c,this.fetchData,r),this.environmentKey=o}return(0,o.default)(t,[{key:"run",value:function(){this.retryable.runNow()}},{key:"stop",value:function(){this.retryable.stop()}},{key:"fetchData",value:function(){var t=d({environmentKey:this.environmentKey}),e=(new Date).getTime();a.getJSON("".concat(this.endpoint,"?time=").concat(e),this.handleData,this.handleError,t)}},{key:"handleData",value:function(t){return!!this.retryable.isRunning()&&(t.transaction&&t.transaction.state&&"pending"!==t.transaction.state?(this.retryable.stop(),this.done(t.transaction),!0):(this.done(t.transaction),this.retryable.runLater(),!0))}},{key:"handleError",value:function(){return!!this.retryable.isRunning()&&(this.retryable.runLater(),!0)}}],[{key:"withStatus",value:function(t,e,n,r){var i=d({environmentKey:e});a.getJSON(u(t),n,r,i)}},{key:"withContext",value:function(e,n,r,i){t.withStatus(e,n,(function(t){r(c.decode(t.transaction&&t.transaction.context)||t.transaction)}),i)}},{key:"contextFrom",value:function(t){var e=null;if(t.transaction&&t.transaction.context)try{var n=window.atob(t.transaction.context);e=window.JSON.parse(n)}catch(t){}return e}}]),t}();t.exports=h},f

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a part of a legitimate UI library, Telerik Web UI, and does not contain any high-risk indicators. The code is responsible for implementing a material design-inspired ripple effect on user interactions, which is a common UI pattern. While the code uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script seems to be focused on providing a smooth and responsive user experience, and there are no clear signs of malicious intent."
}

(function(G){Type.registerNamespace("Telerik.Web.UI");
var a=Telerik.Web.UI,f=Telerik.Web.BrowserFeatures,g=Math.ceil,l="scale(0.0001, 0.0001)",j="",k=0.6,B="t-ripple-effect-icon",x="t-ripple-effect-button",z="t-ripple-container",A="t-ripple-effect",y="t-ripple-center",w="t-ripple",C="t-ripple-white",c="t-ripple-animating",H="t-ripple-visible",n="mousedown",p="mouseup",o="mouseleave",s="pointerdown",u="pointerup",t="pointerleave",q="MSPointerDown",r="MSPointerUp",F="touchstart",E="touchend",e="blur",b=Sys.UI.DomElement.addCssClass,v=Sys.UI.DomElement.removeCssClass,h=Sys.UI.DomElement.containsCssClass,D='<span class="t-ripple"></span>',i=Function.createDelegate,d=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame||function(I){setTimeout(I,1000/60);
},m=function(I){return I?I.tagName=="BUTTON":false;
};
a.MaterialRippleConstants={RIPPLE_ICON:B,RIPPLE_BUTTON:x,RIPPLE_ELEMENT:A,RIPPLE_CONTAINER:z,VISIBLE:H};
a.MaterialRippleType=function(){throw Error.invalidOperation();
};
a.MaterialRippleType.prototype={Element:0,Icon:1};
a.MaterialRippleType.registerEnum("Telerik.Web.UI.MaterialRippleType",false);
a.MaterialRipple=function(I,J){this._element=I;
this._frameCount=0;
this._rippleSize=0;
this._x=0;
this._y=0;
this._ignoringMouseDown=false;
this._options=J||{};
this.initialize();
};
a.MaterialRipple.prototype={initialize:function(){var I=this._element;
this._applyElementClasses();
if(h(I,B)){this._isIconRipple=true;
b(I,y);
}this._initializeRippleElement();
this._attachEvents();
},_applyElementClasses:function(){var I=this._element;
var J=this._options;
if(J&&J.rippleType==a.MaterialRippleType.Icon){b(I,B);
if(J.hasButtonParent){b(I,x);
}}else{b(I,A);
}},_initializeRippleElement:function(){var J=this._element;
var K;
var I;
var L=J.getElementsByClassName(w);
if(L.length===0){I=document.createElement("span");
b(I,z);
I.innerHTML=D;
J.appendChild(I);
K=I.firstChild;
}else{K=L[0];
}this._rippleElement=K;
},_attachEvents:function(){var I=this._getButton();
var J=I||this._element;
if(I){this._downDelegate=i(this,this._buttonDownHandler);
this._upDelegate=i(this,this._buttonUpHandler);
this._downHandlerDelegate=i(this,this._downHandler);
this._upHandlerDelegate=i(this,this._upHandler);
}else{this._downDelegate=i(this,this._downHandler);
this._upDelegate=i(this,this._upHandler);
}if(J.addEventListener){if(f.pointerEvents){J.addEventListener(s,this._downDelegate);
J.addEventListener(u,this._upDelegate);
J.addEventListener(t,this._upDelegate);
}else{if(f.msPointerEvents){J.addEventListener(q,this._downDelegate);
J.addEventListener(r,this._upDelegate);
J.addEventListener(o,this._upDelegate);
}else{J.addEventListener(n,this._downDelegate);
J.addEventListener(F,this._downDelegate);
J.addEventListener(p,this._upDelegate);
J.addEventListener(E,this._upDelegate);
J.addEventListener(o,this._upDelegate);
}}J.addEventListener(e,this._upDelegate);
}},_getButton:function(){var J=this._element;
var I;
if(($telerik.isIE||$telerik.isFirefox)&&h(J,x)){I=$telerik.getParentBy(J,m);
if(I){this._button=I;
this._buttonIsRightToLeft=$telerik.isRightToLeft(I);
}}return I;
},_detachEvents:function(){var I=this._button||this._element;
if(I.removeEventListener){if(f.pointerEvents){I.removeEventListener(s,this._downDelegate);
I.removeEventListener(u,this._upDelegate);
I.removeEventListener(t,this._upDelegate);
}else{if(f.msPointerEvents){I.removeEventListener(q,this._downDelegate);
I.removeEventListener(r,this._upDelegate);
I.removeEventListener(o,this._upDelegate);
}else{I.removeEventListener(n,this._downDelegate);
I.removeEventListener(F,this._downDelegate);
I.removeEventListener(p,this._upDelegate);
I.removeEventListener(E,this._upDelegate);
I.removeEventListener(o,this._upDelegate);
}}I.removeEventListener(e,this._upDelegate);
}},get_frameCount:function(){return this._frameCount;
},set_frameCount:function(I){this._frameCount=I;
},get_rippleElement:function()

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Telerik.Web.UI.RadAjaxControl library, which is a legitimate and widely used AJAX control for web applications. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles AJAX-related functionality, including request queuing, loading panel management, and event handling. While the code uses some legacy practices like `XDomainRequest`, these are not inherently malicious and are commonly found in older web frameworks. Overall, the script seems to be part of a legitimate web application and poses a low risk."
}

Type.registerNamespace("Telerik.Web.UI");
Telerik.Web.UI.RadAjaxControl=function(a){Telerik.Web.UI.RadAjaxControl.initializeBase(this,[a]);
this._clientEvents={};
this._uniqueID="";
this._enableHistory=false;
this._enableAJAX=true;
this._requestQueueSize=0;
this._requestQueue=[];
this._loadingPanelsToHide=[];
this._initializeRequestHandler=null;
this._endRequestHandler=null;
this._isRequestInProgress=false;
this._hideLoadingPanels=false;
this._links=[];
this._styles=[];
this.Type="Telerik.Web.UI.RadAjaxControl";
this._postBackControls=null;
this._showLoadingPanelForPostBackControls=false;
this.UniqueID=this._uniqueID;
this.EnableHistory=this._enableHistory;
this.EnableAJAX=this._enableAJAX;
this.Links=this._links;
this.Styles=this._styles;
this._enableAriaSupport=false;
this._updatePanels="";
};
Telerik.Web.UI.RadAjaxControl.prototype={initialize:function(){Telerik.Web.UI.RadAjaxControl.callBaseMethod(this,"initialize");
var b=[];
if(this._postBackControls){b=this._postBackControls.split(",");
}this._setupExclusionFilters(b);
for(var a in this._clientEvents){if(typeof(this._clientEvents[a])!="string"){continue;
}if(this._clientEvents[a]!=""){var c=this._clientEvents[a];
if(c.indexOf("(")!=-1){this[a]=c;
}else{this[a]=eval(c);
}}else{this[a]=null;
}}var d=Sys.WebForms.PageRequestManager.getInstance();
this._initializeRequestHandler=Function.createDelegate(this,this._initializeRequest);
d.add_initializeRequest(this._initializeRequestHandler);
if(this.get_enableAriaSupport()){this._initializeAriaSupport();
d.add_beginRequest(this._beginRequestSaveFocusHandler);
d.add_endRequest(this._endRequestRestoreFocusHandler);
}},_beginRequestSaveFocusHandler:function(b){var a=b._activeElement||document.activeElement;
if(a&&a.id){window._focusedElement=a.id;
}},_endRequestRestoreFocusHandler:function(b){var a;
if(window._focusedElement){a=document.getElementById(window._focusedElement);
if(a){a.focus();
window._focusedElement=null;
}}},_setupExclusionFilters:function(b){var d=this;
var a=new RegExp("[;:|]ExportTo(?:excel|word|csv|pdf)[;:|]","ig");
var c;
b.push("ExportToExcelButton","ExportToWordButton","ExportToPdfButton","ExportToCsvButton");
c=function(i,e){var f=i._form.__EVENTARGUMENT.value;
var h;
d._hideLoadingPanels=false;
if(e.get_postBackElement().name){h=e.get_postBackElement().name;
}else{if(i._form.__EVENTTARGET&&i._form.__EVENTTARGET.value){h=i._form.__EVENTTARGET.value;
}else{h=e.get_postBackElement().id.replace(/\_?ctl[0-9]+\_?/g,function(j){return j.replace(/^\_|\_$/g,"$");
});
}}for(var g=0;
g<b.length;
g++){if(h.indexOf(b[g])!=-1||a.test(f)){e.set_cancel(true);
i._form.__EVENTTARGET.value=h;
i._form.submit();
d._hideLoadingPanels=!d._showLoadingPanelForPostBackControls;
if(d._showLoadingPanelForPostBackControls){setTimeout(function(){d.ajaxRequest("InternalHideLoadingPanelAfterPostback");
Sys.WebForms.PageRequestManager.getInstance().remove_initializeRequest(c);
},100);
}return;
}}Sys.WebForms.PageRequestManager.getInstance().remove_initializeRequest(c);
};
Sys.WebForms.PageRequestManager.getInstance().add_initializeRequest(c);
},_getResponseHeader:function(c,b){try{return c.getResponseHeader(b);
}catch(a){return null;
}},_handleAsyncRedirect:function(d){var b=this._getResponseHeader(d,"Location");
if(b&&b!=""){var c=document.createElement("a");
c.style.display="none";
c.href=b;
document.body.appendChild(c);
if(c.click){try{c.click();
}catch(a){}}else{window.location.href=b;
}document.body.removeChild(c);
return true;
}return false;
},_initializeAriaSupport:function(){var b=document.getElementsByTagName("div");
for(var c=0;
c<b.length;
c++){var a=b[c];
if(a.className&&a.className.indexOf("RadAjaxPanel")>-1){a.setAttribute("aria-live","assertive");
}}},_onFormSubmitCompleted:function(s,a){if(s._xmlHttpRequest!=null){if(this._handleAsyncRedirect(s._xmlHttpRequest)){try{s._aborted=true;
}catch(d){}return;
}}var g,k;
if(s._xmlHttpRequest!=null&&!s.get_timedOut()){var r=this.getResponseItems(s.get_responseData(),"scriptBlock");
for

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript code appears to be a part of the Telerik Web UI library, which is a legitimate and widely-used UI framework. The code defines an 'Overlay' class that creates an iframe element to overlay on top of a target element, likely for UI-related purposes. The code does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The code uses standard DOM manipulation and positioning techniques, which are common in web development. Overall, this script seems to be a benign and legitimate part of the Telerik UI library, with no clear signs of malicious intent."
}

Type.registerNamespace("Telerik.Web.UI");
Telerik.Web.UI.Overlay=function(a){this._targetElement=a;
this._element=null;
};
Telerik.Web.UI.Overlay.IsSupported=function(){return $telerik.isIE;
};
Telerik.Web.UI.Overlay.prototype={initialize:function(){var a=document.createElement("div");
a.innerHTML="<iframe>Your browser does not support inline frames or is currently configured not to display inline frames.</iframe>";
this._element=a.firstChild;
this._element.src="about:blank";
this._targetElement.parentNode.insertBefore(this._element,this._targetElement);
if(this._targetElement.style.zIndex>0){this._element.style.zIndex=this._targetElement.style.zIndex-1;
}this._element.style.position="absolute";
this._element.style.border="0px";
this._element.frameBorder=0;
this._element.style.filter="progid:DXImageTransform.Microsoft.Alpha(style=0,opacity=0)";
this._element.tabIndex=-1;
if(!$telerik.isSafari&&!$telerik.isIE10Mode){a.outerHTML=null;
}this.updatePosition();
},dispose:function(){if(this._element.parentNode){this._element.parentNode.removeChild(this._element);
}this._targetElement=null;
this._element=null;
},get_targetElement:function(){return this._targetElement;
},set_targetElement:function(a){this._targetElement=a;
},get_element:function(){return this._element;
},updatePosition:function(){this._element.style.top=this._toUnit(this._targetElement.style.top);
this._element.style.left=this._toUnit(this._targetElement.style.left);
this._element.style.width=this._targetElement.offsetWidth+"px";
this._element.style.height=this._targetElement.offsetHeight+"px";
},_toUnit:function(a){if(!a){return"0px";
}return parseInt(a,10)+"px";
}};
Telerik.Web.UI.Overlay.registerClass("Telerik.Web.UI.Overlay",null,Sys.IDisposable);
if(typeof(Sys)!=='undefined')Sys.Application.notifyScriptLoaded();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a utility function for handling the 'Enter' key press event within a RadWindow prompt. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The function simply triggers the click event on a button within the prompt when the 'Enter' key is pressed, which is a common and legitimate user interaction pattern. Overall, this script poses a low risk and is likely part of a legitimate application."
}

                        function RadWindowprompt_detectenter(id, ev, input) {
                            if (!ev) ev = window.event;
                            if (ev.keyCode == 13) {
                                var but = input.parentNode.parentNode.parentNode.getElementsByTagName("button")[0];
                                if (but) {
                                    if (but.click) {
                                        but.click();
                                    }
                                    else if (but.onclick) {
                                        but.focus();
                                        var click = but.onclick;
                                        but.onclick = null;
                                        if (click) click.call(but);
                                    }
                                }
                                return false;
                            }
                            else return true;
                        }
                    

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of Telerik's RadAjaxManager, RadAjaxLoadingPanel, and RadNavigation components. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily responsible for managing AJAX-based UI updates and navigation functionality, which is a common practice in web applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical web application functionality and does not raise significant security concerns."
}

//<![CDATA[
window.__TsmHiddenField = $get('ctl03_TSM');Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadAjaxManager, {"_updatePanels":"","ajaxSettings":[{InitControlID : "ctl00_gItemMessages",UpdatedControls : [{ControlID:"ctl00_gItemMessages",PanelID:""},{ControlID:"divNewMessage",PanelID:""}]},{InitControlID : "ctl00_bSend",UpdatedControls : [{ControlID:"ctl00_bSend",PanelID:"RadAjaxLoadingPanel4"},{ControlID:"ctl00_gItemMessages",PanelID:""}]},{InitControlID : "",UpdatedControls : [{ControlID:"",PanelID:"RadAjaxLoadingPanel4"}]},{InitControlID : "ctl00_contentBody_bLogin",UpdatedControls : [{ControlID:"ctl00_contentBody_bLogin",PanelID:"RadAjaxLoadingPanel4"},{ControlID:"contentBody_Label1",PanelID:""}]},{InitControlID : "ctl00_contentBody_bRequestAccount",UpdatedControls : [{ControlID:"ctl00_contentBody_bRequestAccount",PanelID:"RadAjaxLoadingPanel4"}]}],"clientEvents":{OnRequestStart:"ajaxReponseStart",OnResponseEnd:"ajaxReponseEnd"},"defaultLoadingPanelID":"","enableAJAX":true,"enableHistory":false,"links":[],"styles":[],"uniqueID":"ctl00$RadAjaxManager1","updatePanelsRenderMode":1}, null, null, $get("ctl00_RadAjaxManager1"));
});
Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadAjaxLoadingPanel, {"initialDelayTime":0,"isSticky":false,"minDisplayTime":0,"skin":"Metro","transparency":75,"uniqueID":"ctl00$RadAjaxLoadingPanel4","zIndex":90000}, null, null, $get("RadAjaxLoadingPanel4"));
});
Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadNavigation, {"_renderMode":2,"_skin":"MetroTouch","clientStateFieldID":"ctl00_MainNavigation_ClientState","nodesData":[{"text":"Messages","navigateUrl":"~/rma/messages"},{"text":"Specials","visible":false,"navigateUrl":"~/rma/remnants/available"},{"text":"Invoices","nodes":[{"text":"View / Pay Open Invoices","navigateUrl":"~/rma/invoices/open"},{"text":"View Paid Invoices","navigateUrl":"~/rma/invoices/paid"}]},{"text":"Orders","visible":false,"nodes":[{"text":"Print Ads","visible":false,"navigateUrl":"~/rma/orders/print"},{"text":"Online Ads","visible":false,"navigateUrl":"~/rma/orders/digital"},{"text":"Exhibition Orders","visible":false,"navigateUrl":"~/rma/orders/exhibition"}]},{"text":"Proposals","nodes":[{"text":"Proposals Awaiting Signature","navigateUrl":"~/rma/proposals"},{"text":"Signed Contracts","navigateUrl":"~/rma/contracts"}]},{"text":"Materials","visible":false,"nodes":[{"text":"Assign Materials to Orders","visible":false,"navigateUrl":"~/rma/materials/pending"},{"text":"All Materials","visible":false,"navigateUrl":"~/rma/material"},{"text":"Print Materials","visible":false,"navigateUrl":"~/rma/material/print"},{"text":"Digital Materials","visible":false,"navigateUrl":"~/rma/material/digital"}]},{"text":"Settings","nodes":[{"text":"Account Settings","navigateUrl":"~/rma/account/settings"}]}]}, null, null, $get("ctl00_MainNavigation"));
});

var callBackFrameUrl='/Portal/Client/RMA/WebResource.axd?d=beToSAE3vdsL1QUQUxjWdaiYTseQSbfMEdKWOvJMCJUKVXFtO_ukEhPnVOt7PStlgvIIF6arCVx8J2pchJd5lQ2&t=638628063619783110';
WebForm_InitCallback();Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadComboBox, {"_dropDownWidth":0,"_height":0,"_postBackReference":"__doPostBack(\u0027ctl00$dAdvertiser\u0027,\u0027arguments\u0027)","_renderMode":2,"_skin":"MetroTouch","_uniqueId":"ctl00$dAdvertiser","clientStateFieldID":"ctl00_dAdvertiser_ClientState","collapseAnimation":"{\"duration\":450}","emptyMessage":"All Advertisers","expandAnimation":"{\"duration\":450}","itemData":[],"localization":"{\"AllItemsCheckedString\":\"All items checked\",\"ItemsCheckedString\":\"items checked\",\"CheckAllString\":\"Check All\"}"}, null, null, $get("ctl00_dAdvertiser"));
});
Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadTextBox, {"_displayText":"","_focused":false,"_initialValueAsText":"","_postBackEventReferenceScript":"setTimeout(\"__doPostBack(\\\u0027ctl00$contentBody$tAdvertiserWebUserName\\\u0027,\\\u0027\\\u0027)\

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Login",
  "text_input_field_labels": [
    "Username / Email Address",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://rma.navigahub.com

{
  "brands": [
    "Informa"
  ]
}

```json{  "legit_domain": "informa.com",  "classification": "known",  "reasons": [    "The brand 'Informa' is a known brand, typically associated with the domain 'informa.com'.",    "The URL 'rma.navigahub.com' does not match the legitimate domain 'informa.com'.",    "The domain 'navigahub.com' does not have a known association with the brand 'Informa'.",    "The presence of input fields for 'Username / Email Address' and 'Password' on a non-matching domain is suspicious.",    "The use of a subdomain 'rma' could be an attempt to mimic a legitimate service or portal, increasing the phishing risk."  ],  "riskscore": 8}
Google indexed: False

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Login",
  "text_input_field_labels": [
    "Username / Email Address",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Informa"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Password Reset",
  "prominent_button_name": "Reset My Password",
  "text_input_field_labels": [
    "Please enter your Username / Email Address"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Informa"
  ]
}

```json{  "legit_domain": "informa.com",  "classification": "wellknown",  "reasons": [    "The brand 'Informa' is a well-known publishing and events company.",    "The URL 'navigahub.com' does not match the legitimate domain 'informa.com'.",    "The subdomain 'rma' could be legitimate if 'navigahub.com' is a service provider for Informa, but this is not clear.",    "The domain 'navigahub.com' does not have an obvious association with 'Informa'.",    "The presence of input fields asking for 'Username / Email Address' could be a phishing attempt if the domain is not verified."  ],  "riskscore": 7}
Google indexed: False

{
  "contains_trigger_text": true,
  "trigger_text": "Password Reset",
  "prominent_button_name": "Reset My Password",
  "text_input_field_labels": [
    "Username / Email Address"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Informa"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://navigahub.com