Windows Analysis Report
https://beinghunted.co.uk//#mark.seymour@capstonelogistics.com

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://beinghunted.co.uk

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple assignment of the current timestamp to a global variable `_hst`. This behavior is common for analytics or logging purposes and does not demonstrate any high-risk indicators."
}

window._hst=Date.now();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a part of Google's infrastructure and does not contain any high-risk indicators. It seems to be related to Google's EXPI (Experimental Features) and other internal configurations, which are common in Google's web properties. There are no signs of dynamic code execution, data exfiltration, or other suspicious behaviors, so this script is likely benign and used for legitimate purposes."
}

(function(){google.kEXPI='0,808882,2891373,687,442,302126,146403,104243,64702,621668,44948,5214621,11287,8834817,1,21,7438150,45767197,12971,7433,98142,13356,37126,11916,25411,12438,188649,25591,1980,4380,19738,17140,1515,7433,960,2387,7074,4197,4626,1980,1542,9290,209,13509,845,1636,2508,5917,3465,883,1817,1625,6297,1541,1816,2096,1410,2325,1285,1549,2383,876,764,2221,109,605,694,140,37,1693,2132,1379,130,2949,1081,1289,270,135,233,400,641,359,34,16,652,883,1370,703,614,865,938,19,117,1,1631,638,8,577,1505,46,82,1497,558,1949,35,286,225,991,588,586,75,920,52,1848,20980545,407295,5290,1412,8023258';})();window._ = window._ || {};window._DumpException = _._DumpException = function(e){throw e;};window._s = window._s || {};_s._DumpException = _._DumpException;window._qs = window._qs || {};_qs._DumpException = _._DumpException;(function(){var t=[1394696,0,524288,0,0,0,0,0,1024,0,927006720,637534217,966720,194513420,12582944,545392706,1081344,184557570,46202884,329809935,138427395,503318018,45099412,604242224,21897281,66710600,310419456,17375376,100728837,88344680,268447296,401408,570478592,201336832,540708,4196160,42469472,869302272,536870916,1097728,282369,268632846,0,511705088,1968640,1447046,0,0,0,202393604,273682967,512,0,0,0,197764160,108];window._F_toggles = window._xjs_toggles = t;})();window._F_installCss = window._F_installCss || function(css){};(function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.hd.en_US.2Hk4LTYQnso.es5.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAIAAAIAAAAIAQiCAAAQAAAAwAIAACA4AAAAABAAAAABgEeZAiBABAAAAABAAAABpAAAAAABAAAABAAAAAAAQAEAAAAAgAAAAAAAIAAAAAECAAAAAAAAAACAAAAA9AAAAAAAAAAAAQEAAMPAAAQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQUBCAAAAAAAAAAAAAAAAAAAkSYubA/d\x3d1/ed\x3d1/dg\x3d3/br\x3d1/rs\x3dACT90oEysme6PXqSix9ZVu1Dv0SOTO5sDw/ee\x3dALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of Google's internal infrastructure and does not contain any high-risk indicators. It primarily consists of functions and variables related to Google's logging and error reporting mechanisms, as well as some utility functions for handling user interactions and loading external resources. While the code uses some legacy practices, such as the `XDomainRequest` API, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script demonstrates benign behavior and can be considered low-risk."
}

(function(){var _g={kEI:'Gm6GZ56ZD4eo9u8Puba3mAo',kEXPI:'31',kBL:'rWEm',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var g=this||self;function k(){return window.google&&window.google.kOPI||null};var l,m=[];function n(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||l}function p(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function q(a){/^http:/i.test(a)&&window.location.protocol==="https:"&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function r(a,b,d,c,h){var e="";b.search("&ei=")===-1&&(e="&ei="+n(c),b.search("&lei=")===-1&&(c=p(c))&&(e+="&lei="+c));var f=b.search("&cshid=")===-1&&a!=="slh";c="&zx="+Date.now().toString();g._cshid&&f&&(c+="&cshid="+g._cshid);(d=d())&&(c+="&opi="+d);return"/"+(h||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+c)};l=google.kEI;google.getEI=n;google.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x||(d.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1});var e;(e=google).sx||(e.sx=function(a){google.sy.push(a)});google.lm=[];var f;(f=google).plm||(f.plm=function(a){google.lm.push.apply(google.lm,a)});google.lq=[];var g;(g=google).load||(g.load=function(a,b,c){google.lq.push([[a],b,c])});var h;(h=google).loadAll||(h.loadAll=function(a,b){google.lq.push([a,b])});google.bx=!1;var k;(k=google).lx||(k.lx=function(){});var l=[],m;(m=google).fce||(m.fce=function(a,b,c,n){l.push([a,b,c,n])});google.qce=l;}).call(this);google.f={};

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a combination of Google's error reporting and analytics functionality. While it includes some behaviors that could be considered moderate-risk, such as external data transmission and aggressive DOM manipulation, the overall context suggests this is likely a legitimate script used for analytics and error reporting purposes. The script does not exhibit any clear high-risk indicators like dynamic code execution or data exfiltration to suspicious domains. Additionally, the interactions are with known, reputable domains like `google.com`, which reduces the overall risk. Therefore, this script is assessed as low to medium risk."
}

(function(){window.google.erd={jsr:1,bv:2150,sd:true,de:true,dpf:'-goZHMFN2GzwgO92R73Lr_WuZXwkmSZ2hzPzwWj8Cs4'};})();(function(){var sdo=false;var mei=10;var diel=0;
var g=this||self;var k,l=(k=g.mei)!=null?k:1,m,p=(m=g.diel)!=null?m:0,q,r=(q=g.sdo)!=null?q:!0,t=0,u,w=google.erd,x=w.jsr;google.ml=function(a,b,d,n,e){e=e===void 0?2:e;b&&(u=a&&a.message);d===void 0&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(x<0){window.console&&console.error(a,b);if(x===-2)throw a;b=!1}else b=!a||!a.message||a.message==="Error loading script"||t>=l&&!n?!1:!0;if(!b)return null;t++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(w.jsr)+
"&bver="+b(w.bv);w.dpf&&(c+="&dpf="+b(w.dpf));var f=a.lineNumber;f!==void 0&&(c+="&line="+f);var h=a.fileName;h&&(h.indexOf("-extension:/")>0&&(e=3),c+="&script="+b(h),f&&h===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&google.ple===1&&(e=2);c+="&jsel="+e;for(var v in d)c+="&",c+=b(v),c+="=",c+=b(d[v]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");c.length>=12288&&(c=c.substr(0,12288));a=c;n||google.log(0,"",a);return a};window.onerror=function(a,b,d,n,e){u!==a&&(a=e instanceof Error?e:Error(a),d===void 0||"lineNumber"in a||(a.lineNumber=d),b===void 0||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,a.name==="SyntaxError"||a.message.substring(0,11)==="SyntaxError"||a.message.indexOf("Script error")!==-1?3:p));u=null;r&&t>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.WSo7OLdFZck.2019.O","com","en","538",0,[4,2,"","","","714782935","0"],null,"Gm6GZ6KbEJyE1LsPg5Sj8Qw",null,0,"og.qtm.CEsjJf2wziM.L.W.O","AA2YrTu3OIbomB3nx1wiDyRkhdiMoOpjsA","AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,null,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0,""],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,null,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/d=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20241202.0_p2","en",null,0],[0.009999999776482582,"com","538",[["19037050","19037049","7",1,5,2592000,"","AN2NJM5BOAae-kyaekjZYI5JvmM_CCCHmg:1736863258268",0,1,2,"https://www.google.com/_/og/promos/",0],"n","",["","",""],1,2592000,null,null,"https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%253A%252F%252Fwww.google.com%252F%253Fptid%253D19027681%2526ptt%253D8%2526fpts%253D0\u0026source=hpp\u0026id=19037050\u0026ct=7\u0026usg=AOvVaw17nhtj2bG975y5iQrI1sgf",null,null,null,null,null,1,null,0,null,1,0,0,0,null,null,0,0,null,0,0,0,0,1],null,null,null,0],[1,null,null,40400,538,"USA","en","714782935.0",8,null,0,0,null,null,null,null,"3700942,3701384",null,null,null,"Gm6GZ6KbEJyE1LsPg5Sj8Qw",1,0,0,null,2,5,"en",3,0,0,0,0,1,89978449,0,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WSo7OLdFZck.2019.O/rt=j/m=qabr,q_d,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTu3OIbomB3nx1wiDyRkhdiMoOpjsA"],[null,null,null,"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"]],null,null,null,[[[null,null,[null,null,null,"https://ogs.google.com/widget/callout?prid=19037050\u0026pgid=19037049\u0026puid=9ceb59a7585b55bd\u0026eom=1\u0026cce=1\u0026dc=1"],0

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be related to Google's XJS (Extensible JavaScript) framework, which is commonly used for various Google services and products. While the code contains some obfuscated elements, it does not exhibit any clear signs of malicious behavior. The snippet seems to be loading base resources (CSS, JavaScript, and other assets) for the XJS framework, which is a legitimate use case. However, the use of obfuscated strings and the presence of some external data transmission (to Google's domains) warrant a closer review to ensure there are no hidden or unexpected behaviors."
}

(function(){google.xjs={basecomb:'/xjs/_/js/k\x3dxjs.hd.en_US.2Hk4LTYQnso.es5.O/ck\x3dxjs.hd._Xk0K7yy9D0.L.B1.O/am\x3dCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEHQnAACYAMAOAAIAAAIAAAAIAQiCAAAQgAAIwEIAACA4ACAAABwACAABgEeZAitABBCQAQBKABJB_gAACggBgAAABAABBhoCUQGEAgABgAAAAAAAIgAAAEMChAAAHQABYACIAgAg9EAAAAAAAEEAAU0EAMPAAAQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQUBCAAAAAAAAAAAAAAAAAAAkSYubA/d\x3d1/ed\x3d1/dg\x3d0/br\x3d1/ujg\x3d1/rs\x3dACT90oGtDltK1rDXkzOaOSu-vPXd53O-mA',basecss:'/xjs/_/ss/k\x3dxjs.hd._Xk0K7yy9D0.L.B1.O/am\x3dCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEGAnAAAYAMAOAAIAAAIAAAAAAAiAAAAAgAAIgEIAAAAgACAAABwACAAAAAAAAisAABCQAQBKABJAfgAACggAgAAABAABBhoCUQGEAgABAAAAAAAAAgAAAEMAhAAAHQABYACIAgAg9EAAAAAAAEEAAEwEAMPAAAQAAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAAAAAAAAQ/br\x3d1/rs\x3dACT90oGDjzpJbvCdxOxOOGp5y9uGIto8Kw',basejs:'/xjs/_/js/k\x3dxjs.hd.en_US.2Hk4LTYQnso.es5.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAIAAAIAAAAIAQCCAAAQAAAAwAIAACA4AAAAABAAAAABgEeZAiBABAAAAABAAAABpAAAAAABAAAABAAAAAAAQAEAAAAAgAAAAAAAIAAAAAECAAAAAAAAAACAAAAA9AAAAAAAAAAAAQEAAMPAAAQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQEBCAAAAAAAAAAAAAAAAAAAkSYubA/dg\x3d0/br\x3d1/rs\x3dACT90oGPU_3rKKsKJOJ16E0-r4wgxky1Cw',excm:[]};})();

{
    "risk_score": 7,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, the level of obfuscation and the presence of suspicious domains make it a high-risk script that requires further investigation."
}

(function(){var p={astyp:'hpba',cee:'kvZGKe',ck:'_Gm6GZ56ZD4eo9u8Puba3mAo_8Gm6GZ56ZD4eo9u8Puba3mAo',cp:'x',id:'_Gm6GZ56ZD4eo9u8Puba3mAo_8',m:1,url:'/async/hpba?yv\x3d3\x26cs\x3d0\x26ei\x3dGm6GZ56ZD4eo9u8Puba3mAo\x26async\x3d_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.2Hk4LTYQnso.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAIAAAIAAAAIAQCCAAAQAAAAwAIAACA4AAAAABAAAAABgEeZAiBABAAAAABAAAABpAAAAAABAAAABAAAAAAAQAEAAAAAgAAAAAAAIAAAAAECAAAAAAAAAACAAAAA9AAAAAAAAAAAAQEAAMPAAAQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQEBCAAAAAAAAAAAAAAAAAAAkSYubA/dg%3D0/br%3D1/rs%3DACT90oGPU_3rKKsKJOJ16E0-r4wgxky1Cw,_basecss:/xjs/_/ss/k%3Dxjs.hd._Xk0K7yy9D0.L.B1.O/am%3DCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEGAnAAAYAMAOAAIAAAIAAAAAAAiAAAAAgAAIgEIAAAAgACAAABwACAAAAAAAAisAABCQAQBKABJAfgAACggAgAAABAABBhoCUQGEAgABAAAAAAAAAgAAAEMAhAAAHQABYACIAgAg9EAAAAAAAEEAAEwEAMPAAAQAAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAAAAAAAAQ/br%3D1/rs%3DACT90oGDjzpJbvCdxOxOOGp5y9uGIto8Kw,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.2Hk4LTYQnso.es5.O/ck%3Dxjs.hd._Xk0K7yy9D0.L.B1.O/am%3DCEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEHQnAACYAMAOAAIAAAIAAAAIAQiCAAAQgAAIwEIAACA4ACAAABwACAABgEeZAitABBCQAQBKABJB_gAACggBgAAABAABBhoCUQGEAgABgAAAAAAAIgAAAEMChAAAHQABYACIAgAg9EAAAAAAAEEAAU0EAMPAAAQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQUBCAAAAAAAAAAAAAAAAAAAkSYubA/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oGtDltK1rDXkzOaOSu-vPXd53O-mA,_fmt:prog,_id:_Gm6GZ56ZD4eo9u8Puba3mAo_8\x26sp_imghp\x3dfalse\x26sp_hpep\x3d2\x26sp_hpte\x3d0',wfpe:false,wfve:false};var h={};'use strict';p.h=h;google.ia.q(p);})();

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors, some of which raise moderate concerns. While it does not contain any clear indicators of malicious intent, it engages in several practices that warrant further review. The script utilizes external data transmission, aggressive DOM manipulation, and some legacy practices, which collectively contribute to a medium-risk assessment. However, the script's overall purpose appears to be related to analytics and telemetry, which helps mitigate the risk. Additional context or a more detailed understanding of the script's functionality would be required to provide a more definitive assessment."
}

(function(){'use strict';var h={push:a=>void a()};var k=function(a){if(Array.isArray(a.g.cbvi))for(const b of a.g.cbvi)b();a.g.cbvi=h},l=function(a){k(a);var b,c;let d;const e=((b=google.stvsc)==null?void 0:b.ns)||((c=window.performance)==null?void 0:(d=c.timing)==null?void 0:d.navigationStart);e&&(a.i.ns=e);b=a.g.t.getAttribute("eid");c=[];for(var f of Object.keys(a.i))c.push(`${f}.${a.i[f]-a.L}`);for(const g of Object.keys(a.j))c.push(`${g}.${a.j[g]-a.L}`);f=`/gen_204?s=async&astyp=${a.g.astyp}&atyp=csi&ei=${b}&rt=${c.join(",")}`;e&&(f+=`&ns=${e}`);a.v&&(f+=`&twt=${a.v}&mwt=${a.D}`);a.C&&(f+=`&lvhr=${a.C}`);a.A&&(f+=`&${"imn"}=${a.A}`);a.B&&(f+=`&${"ima"}=${a.B}`);google.log("","",f)},m=function(a){a.A!==a.H||a.I||(a.i.art=Date.now(),l(a))},n=function(a){a.B===a.M&&k(a)},p=function(a,b,c){var d=a.g.t.querySelectorAll("[data-subtree]");for(const f of d){var e=f.dataset.subtree;e&&(d=`${"saft"}-${e}`,e=`${"sart"}-${e}`,f.contains(b)||b.contains(f))&&(a.j[d]=c,a.j[e]=c)}},q=function(a,b,c){var d=google.cv(b,!1,!0,a.g.t);d&1?(d=Date.now(),c&&(a.C=
c),a.i.aaft=d,a.i.aafct=d,p(a,b,d)):d&4&&(a.N=!0,n(a))},r=function(a,b,c,d=!1){b.getAttribute("data-deferred")==="1"?google.rll(b,!0,()=>{r(a,b,c,d)}):d||(b.getAttribute("data-deferred")==="2"&&b.setAttribute("data-deferred","3"),d=!0,t(a,b,c))},u=function(a,b,c){q(a,b,c);b=b.getElementsByTagName("img");for(c=0;c<b.length;c++){const d=b[c];++a.A;const e=d.complete&&!d.getAttribute("data-deferred"),f=d.hasAttribute("data-noaft");if(e||f){++a.H;continue}const g=!!(google.cv(d,!1,!0,a.g.t)&1);g&&++a.B;google.rll(d,!0,()=>{r(a,d,g)});a.i.irfi||(a.i.irfi=Date.now());a.i.irli=Date.now()}},t=function(a,b,c){const d=Date.now();a.i.irfie||(a.i.irfie=d);++a.H;c&&(++a.M,a.i.aaft=d,a.i.aafit=d,p(a,b,d));a.N&&n(a);a.S&&m(a)},v=function(a,b,c){var d=a.g.t.querySelectorAll("[data-subtree]");for(const f of d){var e=f.dataset.subtree;if(!e)continue;d=`${"sirt"}-${e}`;const g=`${"sart"}-${e}`;e=`${"scrt"}-${e}`;b.contains(f)?(a.j[d]||(a.j[d]=c),a.j[g]=c,a.j[e]=c):f.contains(b)&&(a.j[g]=c,a.j[e]=c)}},w=class{constructor(a){this.g=
a;this.L=Date.now();this.j={};this.i={};this.M=this.B=this.v=this.H=this.A=this.G=this.D=this.C=0}};
function x(a){a.req=new XMLHttpRequest;a.cbfd=[];a.cbvi=[]}function y(a){x(a);const b=new z(a);google.ia.was(a,()=>{b.g.req.addEventListener("readystatechange",b.J);b.g.req.open("GET",b.g.url);for(const c of Object.keys(b.g.h))b.g.req.setRequestHeader(c,b.g.h[c]);b.i.ipf=Date.now();b.g.req.send()})}
var A=function(a){a.s===0&&a.R&&google.drty&&google.drty()},B=function(a){if(!a.O){a.O=!0;if(Array.isArray(a.g.cbfd))for(const b of a.g.cbfd)b();a.g.cbfd=h}},D=function(a,b){a.I=!0;a.i.ft=Date.now();a.v=0;a.g.req.removeEventListener("readystatechange",a.J);a.g.req.abort();l(a);google.fce(a.g.t,a.g.cee,b);B(a)},K=function(a,b,c){const d=b[0];b=b[1];if(!a.T&&d===2&&b==null)return E(a,c),a.T=!0,a.g.t;switch(d){case 1:D(a,Error(c));break;case 2:return F(a,b,c);case 6:return G(a,b,c);case 3:H(a,b,c,!0);break;case 4:a.s++;google.ia.dq.push({astyp:a.g.astyp,cb:()=>{I(c);a.s--;A(a)}});break;case 7:J(a,c);break;case 5:google.ia.dq.push({astyp:a.g.astyp,md:c})}},E=function(a,b){const c=Date.now();a.i.st=c;a.g.t.innerHTML=b;v(a,a.g.t,c);L(a.g.t);a.g.t.setAttribute("eid",a.K[0]);u(a,a.g.t,++a.l)},F=function(a,b,c){b=document.getElementById(b);b.innerHTML=c;a.l++;for(const d of b.children)q(a,d,a.l);v(a,b,Date.now());L(b);return b},G=function(a,b,c){const d=a.g.t.querySelector(`[data-async-ph="${b}"]`);if(d)return M(a,d,c);a.s++;google.ia.dq.push({astyp:a.g.astyp,cb:()=>{M(a,a.g.t.querySelector(`[data-async-ph="${b}"]`),c);a.s--;A(a)}})},H=function(a,b,c,d){let e;const f=(e=document.getElementById(b))!=null?e:a.g.t.querySelector(`img[data-iid="${b}"]`);!f&&d?a.g.cbfd.push(()=>{google.ia.dq.push({astyp:a.g.astyp,cb:()=>{H(a,b,c,!1)}})}):(f.setAttribute("data-deferred","2"),f.src=c)},I=function(a){const b=document.createElement("script");b.textContent=a;document.body.appendChild(b)},J=function(a,b){con

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate part of the Google search functionality. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling various user interactions and analytics-related tasks, which are common practices for web applications. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and does not demonstrate any suspicious or malicious behavior."
}

(function(){google.caft=function(a){if(google.aftq===null)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};var c=google.c.dstc;function d(a,b){google.c.e("load",a,String(b))};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a,"SearchBodyEnd");d("imn",document.getElementsByTagName("img").length);c&&(d("dtc",document.getElementsByTagName("div").length),d("stc",document.getElementsByTagName("span").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")});google.c.u("prt")})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&window.google.ishk.length===0&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dI\x27m+Feeling+Curious\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3drestaurants+nearby\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3droll+a+die\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/search?q\x3ddvd+screensaver\\u0026csf\x3db\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/url?url\x3dhttps://www.google.com/search?q%3Dreflection%2Bnebula%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/search?q\x3dgoogle+doodles\\u0026csf\x3db\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/partner/hong-kong-heritage-museum\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3drSkA9I8_rCrjl-P57zT6\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dfriends+chandler\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22FJ3SV3hIA2whxSOoW84NgIGBtjU\x22},\x22sf\x22:{},\x22sonic\x22:{},\x22spch\x22:{\x22ae\x22:\x22Please check your microphone.  \\u003Ca href\x3d\\\x22https://support.google.com/chrome/?p\x3dui_voice_search\\\x22 target\x3d\\\x22_blank\\\x22\\u003ELearn more\\u003C/a\\u003E\x22,\x22ak\x22:\x22\x22,\x22cd\x22:0,\x22fp\x22:true,\x22hl\x22:\x22en-US\x22,\x22im\x22:\x22Click \\u003Cb\\u003EAllow\\u003C/b\\u003E to start voice search\x22,\x22iw\x22:\x22Waiting...\x22,\x22lm\x22:\x22Listening...\x22,\x22lu\x22:\x22%1$s voice search not available\x22,\x22mb\x22:false,\x22ne\x22:\x22No Internet connection\x22,\x22nt\x22:\x22Didn\x27t get that. \\u003Cspan\\u003ETry again\\u003C/span\\u003E\x22,\x22nv\x22:\x22Please check your microphone and audio levels.  \\u003Ca href\x3d\\\x22https://support.google.com/chrome/?p\x3dui_voice_search\\\x22 target\x3d\\\x22_blank\\\x22\\u003ELearn more\\u003C/a\\u003E\x22,\x22pe\x22:\x22Voice search has been tu

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility function for dynamically loading external resources (e.g., scripts, stylesheets) with a retry mechanism. While it uses some legacy practices like `dataset` and `setTimeout`, the overall behavior is not inherently malicious and seems to be a legitimate implementation of a common web development pattern. The script does not exhibit any high-risk indicators, and the contextual adjustments suggest this is likely a benign utility function."
}

(function(){var f="src href async nonce type charset crossorigin onload rel".split(" ");window._rtf=function(b,c){var a=document.createElement(b.tagName);f.forEach(function(e){a[e]=b[e]});a.onerror=function(){window._rtf(a,c)};var d=b.dataset.rtc===void 0?0:Number(b.dataset.rtc);d>=4?c&&c():(a.dataset.rtc=String(d+1),setTimeout(function(){document.body.appendChild(a)},50*Math.pow(2,d)+Math.random()*50))};}).call(this);

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of Google's internal analytics and tracking infrastructure. While it contains some behaviors that could be considered risky, such as the use of legacy APIs and data transmission to external domains, the overall context suggests this is likely legitimate functionality rather than malicious intent. The script seems to be focused on performance tracking and analytics, which are common practices for large web platforms. Therefore, the risk score is assessed as low, with a score of 3."
}

(function(){var _g={kEI:'Gm6GZ56ZD4eo9u8Puba3mAo',kEXPI:'31',kBL:'rWEm',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var g=this||self;function k(){return window.google&&window.google.kOPI||null};var l,m=[];function n(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||l}function p(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function q(a){/^http:/i.test(a)&&window.location.protocol==="https:"&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function r(a,b,d,c,h){var e="";b.search("&ei=")===-1&&(e="&ei="+n(c),b.search("&lei=")===-1&&(c=p(c))&&(e+="&lei="+c));var f=b.search("&cshid=")===-1&&a!=="slh";c="&zx="+Date.now().toString();g._cshid&&f&&(c+="&cshid="+g._cshid);(d=d())&&(c+="&opi="+d);return"/"+(h||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+c)};l=google.kEI;google.getEI=n;google.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x||(d.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1});var e;(e=google).sx||(e.sx=function(a){google.sy.push(a)});google.lm=[];var f;(f=google).plm||(f.plm=function(a){google.lm.push.apply(google.lm,a)});google.lq=[];var g;(g=google).load||(g.load=function(a,b,c){google.lq.push([[a],b,c])});var h;(h=google).loadAll||(h.loadAll=function(a,b){google.lq.push([a,b])});google.bx=!1;var k;(k=google).lx||(k.lx=function(){});var l=[],m;(m=google).fce||(m.fce=function(a,b,c,n){l.push([a,b,c,n])});google.qce=l;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a=c==="1"||c==="q"&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cli:true,csp:false,cwh:false,dclt:false,doiu:1,dstc:false,fla:false,fli:false,gl:true,lhc:false,mcc:false,pci:true,raf:false,taf:true,timl:false,tprc:false,vis:true};})();(function(){
var p=this||self;window.google=window.google||{};var q=window.performance&&window.performance.timing&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,r=q?aa||window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno||0)}var ba=google.stvsc&&google.stvsc.rs,v=q?ba||window.performance.timing.responseStart:void 0;function ca(a,b,c,d,e){if(!a||!b&&da(a))return 0;if(!a.getBoundingClientRect)return 1;var l=function(g){return g.getBoundingClientRect()};return!b&&ea(a,d,l)||!b&&e&&fa(a,l)?0:ha(a,b,c,d,l)}function fa(a,b){a=b(a);return a.height<=0||a.width<=0?!0:!1}
function ea(a,b,c){a:{for(var d=a;d&&d!==b;d=d.parentElement)if(d.style.overflow==="hidden"||d.tagName==="G-EXPANDABLE-CONTENT"&&getComputedStyle(d).getPropertyValue("overflow")==="hidden"){b=d;break a}b=null}if(!b)return!1;a=c(a);c=c(b);return a.bottom<c.top||a.top>=c.bottom||a.right<c.left||a.left>=c.right}
function da(a){return a.style.display==="none"?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=document.defaultView.getComputedStyle(a),!!a&&(a.visibility==="hidden"||a.height==="0px"&&a.width==="0px")):!1}
function ha(a,b,c,d

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.google.com

{
  "brands": [
    "Google"
  ]
}

{
  "brands": [
    "Google"
  ]
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://google.com

{
  "brands": "unknown"
}