Windows Analysis Report
Message.eml

{
    "explanation": [
        "The email is from a legitimate construction industry newsletter (AZBEX)",
        "Contains standard newsletter formatting and unsubscribe options",
        "Links and content are consistent with a professional business publication"
    ],
    "phishing": false,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Tue, 14 Jan 2025 06:01:17 -0600", 
    "subject": "AZBEX 01-14-2025 - Back to Industrial for 6-Acre Tempe Site", 
    "communications": [
        "CAUTION: This email originated from outside Carollo Engineers. Do not open attachments or click links unless you recognize the sender.\n\nCheck out the latest issue of AZBEX!\n                                                                                                                              \n[https://content.app-us1.com/cdn-cgi/image/onerror=redirect,width=650,dpr=2,fit=scale-down,format=auto/4GpbJ/2021/06/01/0bcd0bc2c9fb46e30d3143942715988e610ed0f4.jpeg?r=682257016]\nAZBEX FEATURED ARTICLE\nBack to Industrial for 6-Acre Tempe Site\nAZBEX 01-14-2025\nVolume: 15 Issue: 92\nSTART READING HERE <https://azbex.acemlna.com/lt.php?x=3DZy~GDMJnDL65OuzQ5NhOKh1aIji_f3wuY3X5M7JXWZE5z~yUy.0OFz13FziNfujfYxbHHFKXSa>\nUPCOMING BEX EVENTS\n[https://content.app-us1.com/cdn-cgi/image/onerror=redirect,width=650,dpr=2,fit=scale-down,format=auto/4GpbJ/2024/12/12/ca6ae514-2a15-4db0-b253-22738be6dcfe.jpeg?r=755188278]<https://azbex.acemlna.com/lt.php?x=3DZy~GDMJnDL65OuzQ5NhOKh1aIji_f3wuY3X5M7JXWZE5z~yUy.0OFz13FziNfujfYxbHHFKXOh>\n 2024 Arizona Builder's Exchange, LLC. All Rights Reserved. Forwarding, distributing or disseminating the downloaded copy, or any portion thereof, or of the content, is a violation of copyright and is expressly prohibited.\nCopyright violations will be prosecuted.\n\n\n\nSent to: bhuey@carollo.com\n\nUnsubscribe<https://azbex.acemlna.com/proc.php?nl=2&c=1835&m=1900&s=950b57e5c8e2f1f3099e1802f450e081&act=unsub>\n\nArizona Builder's Exchange, P.O. Box 12196, Tempe, AZ 85284, United States\n\n"
    ], 
    "from": "AZBEX <bex@azbex.com>", 
    "to": "B Huey <bhuey@carollo.com>", 
    "attachements": []
}

{
  "risk_score": 1,
  "reasoning": [
    "All authentication checks (SPF, DKIM, DMARC) passed successfully",
    "Email sent through legitimate ActiveCampaign email service (x-mailer header)",
    "Proper feedback-id and list-unsubscribe headers indicating legitimate bulk email service",
    "Microsoft's SCL (Spam Confidence Level) is -1, indicating trusted sender",
    "Proper DKIM signature present and verified",
    "Consistent routing through ActiveCampaign's infrastructure (acems1.com, acemsa3.com)",
    "IP address (52.128.40.27) is properly authorized in SPF record",
    "Return-path and bounce handling properly configured for bulk email service",
    "Low BCL (Bulk Complaint Level) of 3 indicating legitimate bulk sender"
  ]
}

Date: Tue, 14 Jan 2025 06:01:17 -0600
Key: mime-version
Value: 1.0
Key: return-path
Value: bounce-793876-1835-74-bhuey=carollo.com@em-793876.azbex.com
Key: x-microsoft-antispam-message-info
Value: 	OEIjWVvGCrnGspXsEPBaJfLOM1oc4lqC1jS35mHGQdpzl4XEmqyzd3qmjYdFiw3gqTZ4pA8LrG+nNOvSLiexLq8WSAKqZBmS2yTVuwHNFuG69cVfwnuSM/RYw8nWicPx1NuOrqG6NzxnWIHuczLF/qiQUORKP9r6hfv5ZsojaB3LCVMShrEnJRxioM8q0m7GiYFOl9DtSVLRAHw3djgVekz/rQFTge0aPxkGxGze3b1H+FYa5yo3RZibs0Xh5mMrWDCZyLrXI6MhmN5HUCvBsF8Th1HRtt93UmVXFQr39lZQfsO8QJsuKPpBlnGKbR5dhs/jmjAL2NXi4GKg/6qvA7+1v1FCkcULMPgWM5jI4QhH9oq+jEVwiHecBft9fa5cxbguyBYjzmBjGmJPEocpN4OZuu/MNUQmbn0G74yrBDwokFeoLs+yAckKml1BssAlKMY1ThkScVIO/ltKVmDIJEBrWVQjBuc83Eqx7VwCxvgsZ0ifhHktyY7OOWtQ2Fyoc/jqzbjgbtIfZioibK1awvsAcYZcT9dvY+JFw8cBJc05T3PZMAcf0y29VdGHmo5aZAsWRkuCSuwH8nMxdNjKptLDzYAkeqIheccExMSX28tSzzY5O9Rhd6WgNUfWmghYT2jj90tukB2gkSCbQ6xUr5oQQBJpkinqHOyvGs4+i5dqAIuv+uQruV5pLlxltR8HfNM8ulyNq6HaoMDnFCEVXVHXTBX4DvG1cIRxh2dX/pWd4+SS9E5UvtTT/C2SSCA+VkW/6MwGjtWEGYeUCZVNo0eDKAiM02l66sYNAmZOud90s/K/fp69bFSFZuAXNH/ZNDrP58+x+9qgpecS7HoAwcnKOSUmg5I7NE4D+DzqSgUquZlCOXNYREWPlkD+Ye4oyz8takikbMX0gU5aJfklWe30TN9Tj61xtLQ7PcCOiWH8YSd2PgphlYnk8lGw6mSc+PMxae9B3xdskFtjwLuWvFzCy+f7KNfjru6MnGdCvW28uwojYOM5ykxsW94/J/r4qyUXsARgPjtCVgiAhFUSKcBBm9d/TLXBOs4tVK9t+LCidWwgsReJHwyqrbYprZBjaqu07lT2TF9eqIkbnv6EUJRkySTwriojKVxvuO54BSW99UL0Pa5FxsAEursTA3t7ZUqxk7F2YwtzgQzqRORNOjAF2PVENiI0j3JYkLpdRvFDsrFfnZV+hUHJpmEpCrx29N9mUD7dZIuxG7uPgT4Ei8iZnKWvQDpiDXdO0AE/bAnj4IQolN8R4/1Zd6JenzJsoxhk1pEWcVGFSAgrH84yGvy4YYtALzu9C6ZsFLKN3dQ+khuGKVjVfkb12AKj7XM7pWqoL0gJ77H3khdOFDQF90I8GDaYIwq6clS9U1GGWv2XiE/lae3+bQz/+XYt0oJ++Z2XBLoEN9YDc/6YNJlUILhINnUkjfwylJtWSilkJpPTt0ko32UvWPYKAEgq1e2wGyh7AnKnTH8mHiX/KTnZsP0pc4W+nWZont326k2EqkDW7NuzLY6/2EYeqlK4OZ1ieENOEP1mjTAzToe/ORkAygu1i0zReQGBf271hAEaeNs6PtfqJenATQ4vXxbkMFh42nwOYZstHX1tObrIRA1JW7PmCgST0CSFHRNVrWz5t1Pc8aUL8sZumYmgeuDPv2W23vpSnSQo2FGNhoTJzVKRQWopMs198iW2PnZoTfGecBqwJWh0ii3uVNrnPFRRV0hBpwZWQYO0OrS6a+weSq89YbIpVloUYAs3oMpjaZAKxu0dpNksjJ7WT54thE/ni/Ef41/tK/D5MtevE4ifgdMgKVdYne+X56VW7bSps29O/I/W2p+AY/G8/BW4cp7Wy46bd5WiJEMLyZ70IOYb5KTSiHfyosDYSMiVQ9WDrEMMgPr/o9lnyB0/zDHyRDlLTZ5gD1g2WS1CX+RwOjwoKzZBwoZ3c7weimCghZySfIZAOyM2ijT2FeEu3bJgd1Ef42LJh4Xo1sGYOFhCgYoYVO5HOpo8ghco1MmsrRuB3xhCqJKEZFZkGutBN4ULJTZ3X2NrqIfuD3oAnusJR1/cPQWL64K1YhZQxV/Wis5mtiyuErebexN7EPqsGotOXVGCw7eCVgcYS19mLYhVVYl9vmVQ5WhwlWGoIVfxO/yUYlJDm+INxgz4o1pvL4t4ahKTJf60ouwnP8Jsvr7IfklD/3mAtFVpvHB53uLqmuuYxxFLmAZS07qBLXDkTj21iB1wIAFtCDBJk81l0nHed82XZlOulEW5nkw26t8xv0mbv0vFj8IZ7ngrwUXbIxNJFrABY1YTw37UA/Ydx97hE670G3CeFAV21Pu24bgEyGCj0VPifrCv6nXGb5VwwJ4RuNPnQNxb/fuV0MK2WTeWos8Ra3GkiYsylKuFk7u675iqJX3ADMWfsJFbLaJL13htKMn4HESa
Key: x-mailer
Value: ActiveCampaign Mailer
Key: received-spf
Value: Pass (protection.outlook.com: domain of em-793876.azbex.com designates 52.128.40.27 as permitted sender) receiver=protection.outlook.com; client-ip=52.128.40.27; helo=s4.csa2.acemsa3.com; pr=C
Key: message-id
Value: <0.1.5.5B0.1DB667C04AE8D00.0@s4.csa1.acemsd5.com>
Key: authentication-results
Value: spf=pass (sender IP is 52.128.40.27) smtp.mailfrom=em-793876.azbex.com; dkim=pass (signature was verified) header.d=azbex.com;dmarc=pass action=none header.from=azbex.com;compauth=pass reason=100
Key: received
Value: by acems1.com id hgp90q395q8m for <bhuey@carollo.com>; Tue, 14 Jan 2025 12:01:17 +0000 (envelope-from <bounce-793876-1835-74-bhuey=carollo.com@em-793876.azbex.com>)
Key: feedback-id
Value: 793876:793876.1835:s4.csa2.acemsa1.com:activecampaign
Key: x-ms-exchange-crosstenant-authas
Value: Anonymous
Key: x-ms-exchange-crosstenant-originalarrivaltime
Value: 14 Jan 2025 12:01:20.3285 (UTC)
Key: content-transfer-encoding
Value: 7bit
Key: content-type
Value: multipart/alternative; boundary="_=_swift-11966694706786520d7bf421.52066470_=_"
Key: dkim-signature
Value: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dk; d=acems5.com; h=To:From:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding: List-Unsubscribe:List-Unsubscribe-Post:Message-ID:From:To:Subject:Date; x=1736942477; bh=oHF4X7zv+C/h4iMmEjR+fLi7JNMjcSGznBrAh9eyKsM=; b=SxLfexBYctH7eLNCJf+YW4TyF8Cet+qluNjD79A2YDHsIExBlopuaiCOebAvCBiVQWl9bZiiHtsK   Ep1c29iTXILxkq20vBL5rxurqSfj9PuUy0QhMTkK6kgQyLFRqmrIJF0jlDXZWKcoRRlWdWTH34sS   IUICUNKKzk0xQDrB1uQ=
Key: x-forefront-antispam-report
Value: CIP:52.128.40.27;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKA;H:s4.csa2.acemsa3.com;PTR:s4.csa2.acemsa3.com;CAT:NONE;SFS:(13230040)(12012899012)(4022899009)(3072899012)(2092899012)(69100299015)(1032899013)(7053199007)(5133199007)(4076899003)(2066899003)(8096899003);DIR:INB;
Key: x-ms-exchange-organization-scl
Value: -1
Key: x-microsoft-antispam
Value: BCL:3;ARA:13230040|12012899012|4022899009|3072899012|2092899012|69100299015|1032899013|7053199007|5133199007|4076899003|2066899003|8096899003;

{
  "contains_trigger_text": true,
  "trigger_text": "Back to Industrial for 6-Acre Tempe Site",
  "prominent_button_name": "START READING HERE",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "AZBEX"
  ]
}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a relatively benign script with some low-risk indicators. It primarily handles theme-based CSS loading and a close button functionality. While it uses some legacy practices like parsing query parameters manually, the overall behavior does not indicate any high-risk activities or malicious intent."
}

window.onload = function OnLoadHandler(){
	if (window.history.length <= 1) {
		document.getElementById("close").style.display = "none";
	}
}

var theme = null;
try {
  (function (URLSearchParams, str) {
    if (!new URLSearchParams(window.location.search).get(str)){
		throw URLSearchParams;
	}
		var urlParams = new URLSearchParams(window.location.search);
		if (urlParams.has(str)){
			theme = String(urlParams.get(str));
		}
  }(URLSearchParams, "theme"));
} catch(URLSearchParams){
	var params = {}
	var parts = window.location.search.substring(1).split('&');
	for (var i = 0; i < parts.length; i++) {
		var val = parts[i].split('=');
		if (!val[0]) continue;
		params[val[0]] = val[1] || true;
	}
	theme = params["theme"];	
}

// Load theme specific css
if (theme === "dark"){
	AddCSS("Safelinksv2-dark.css");
}
else if (theme === "contrast"){
	AddCSS("Safelinksv2-highcontrast.css")
}

// Add CSS based on theme
function AddCSS(fileName){
	 var ss = document.createElement("link");
     ss.type = "text/css";
     ss.rel = "stylesheet";
     ss.href = "./Content/Scripts/" + fileName;
	 document.getElementsByTagName("head")[0].appendChild(ss);
}


function CloseHover(hoverIn) {
    var closeLink = document.getElementById("closeLink");

    if (hoverIn) {	
        closeLink.style.textDecoration = "underline";
    } else {
        closeLink.style.textDecoration = "none";
    }
}

function GoBack() {
    if (window.history.length > 1) {
		window.history.back();
	}
	else {
		window.location.href="about:blank";
	}
}

{
  "contains_trigger_text": true,
  "trigger_text": "This website is classified as malicious.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Carollo"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": true,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://nam10.safelinks.protection.outlook.com

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a placeholder initialization function, which is a common practice for loading media assets on web pages. While the function uses some parameters that could potentially be abused, the overall behavior does not indicate any high-risk activities. The risk score is low due to the placeholder pattern and lack of any clear malicious intent."
}

placeholderInit(document,  false ,  true , "https://i.vimeocdn.com/video/1765545840-36276e8f2e462e662acf471b726926ffe2493e72e049a8eb0dd919a2c40a544d-d?mw=80\u0026q=85",  1920 ,  1080 );

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential attack vector."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'901eef45db2d0c90',t:'MTczNjg3MTQzMS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 4,
    "reasoning": "The script demonstrates some moderate-risk behaviors, such as sending user data to a third-party domain (Vimeo) via the `sendBeacon` API or a fallback image request. However, the script appears to be primarily focused on generating a unique user identifier (VUID) and storing it in a cookie, which is a common practice for analytics and tracking purposes. While the script uses some outdated APIs and techniques, it does not exhibit any clear signs of malicious intent. Further review may be necessary to determine the full context and purpose of the script."
}

(function(t){var e=false,n,o,i,r=typeof t.navigator.sendBeacon==="function",u="https://vimeo.com/ablincoln/vuid",a;function f(){return 2147483647}function c(t,e){if(arguments.length===0){e=0;t=f()}return Math.floor(Math.random()*(t-e+1))+e}function d(t){var e=(new Date).getTime()/1e3,n=parseInt(e,10);return t?e:Math.round((e-n)*1e3)/1e3+" "+n}function v(t,e,n){var o,i,r,u;e|=0;o=Math.pow(10,e);t*=o;u=t>0|-(t<0);r=t%1===.5*u;i=Math.floor(t);if(r){t=i+(u>0)}return(r?t:Math.round(t))/o}function h(t){var e=t+"",n=e.charCodeAt(0),o,i;if(55296<=n&&n<=56319){o=n;if(e.length===1){return n}i=e.charCodeAt(1);return(o-55296)*1024+(i-56320)+65536}if(56320<=n&&n<=57343){return n}return n}function g(){return v(c()/f()*2147483647)}function l(t){var e=t.toString(),n=1,o,i,r;if(typeof e!=="undefined"&&e!==""){n=0;o=e.length-1;for(o;o>=0;o--){i=h(e.charAt(o));n=(n<<6&268435455)+i+(i<<14);r=n&266338304;if(r){n^=r>>21}}}return n}function s(t,e,n,o,i,r,u){var a,f;if(arguments.length>1){if(n){a=new Date;a.setDate(a.getDate()+n)}document.cookie=t+"="+encodeURIComponent(e)+(a?"; expires="+a.toGMTString():"")+(o?"; path="+o:"")+(i?"; domain="+i:"")+(r?"; secure":"")+(u?"; samesite="+u:"");return true}return decodeURIComponent((("; "+document.cookie).split("; "+t+"=")[1]||"").split(";")[0])}n={cookie:s("vuid")};if(!n.cookie){n.cookie="pl"+((g()^l(d()))&2147483647).toString()+"."+((g()^l(t.navigator.userAgent)).toString()&2147483647);e=true}o=t.location.hostname.split(".");if(o.length>2){o.shift()}s("vuid",n.cookie,365*2,"/","."+o.join("."),true,"None");if(e&&s("vuid")){if(typeof t._vuid==="object"&&t._vuid.length){for(a=0;a<t._vuid.length;a++){if(typeof t._vuid[a]==="object"&&t._vuid[a].length){u+=(a===0?"?":"&")+t._vuid[a][0]+(t._vuid[a][1]?"="+t._vuid[a][1]:"")}}}if(r){t.navigator.sendBeacon(u)}else{i=new Image;i.src=u}}})(window);
//# sourceMappingURL= 

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Vimeo Player library, which is a legitimate and widely-used video player. While the code contains some behaviors that could be considered moderate risks, such as external data transmission and the use of legacy APIs, these are likely part of the player's normal functionality and not indicative of malicious intent. The overall risk score is in the medium range, as further review may be necessary to ensure the script is being used in a secure and transparent manner."
}

/* VimeoPlayer - v4.39.52 - 2025-01-13 - https://player.vimeo.com/NOTICE.txt */
const e={MANIFEST:"manifest",SEGMENT:"segment"},t={method:"GET",async:!0,retry:0,throwHttpErrors:!0,headers:{},hooks:{beforeRequest:[],beforeRetry:[],afterResponse:[]},validateStatus:function(e){return e>=200&&e<300},retryStatus:function(e){return[408,413,429].includes(e)||e>=500&&e<600}};function n(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++)r[n]=e[n];return r}function r(e,t,n){if("function"==typeof e?e===t:e.has(t))return arguments.length<3?t:n;throw new TypeError("Private element is not present on this object")}function i(e,t){if(t.has(e))throw new TypeError("Cannot initialize the same private elements twice on an object")}function o(e,t){return e.get(r(e,t))}function s(e,t,n){i(e,t),t.set(e,n)}function a(e,t,n){return e.set(r(e,t),n),n}function u(e,t){i(e,t),t.add(e)}function c(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,S(r.key),r)}}function l(e,t,n){return t&&c(e.prototype,t),n&&c(e,n),Object.defineProperty(e,"prototype",{writable:!1}),e}function h(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(n)return(n=n.call(e)).next.bind(n);if(Array.isArray(e)||(n=b(e))||t&&e&&"number"==typeof e.length){n&&(e=n);var r=0;return function(){return r>=e.length?{done:!0}:{done:!1,value:e[r++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function d(e,t,n){return(t=S(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function f(e){return f=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},f(e)}function p(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,E(e,t)}function _(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){})))}catch(e){}return(_=function(){return!!e})()}function m(e){if(null==e)throw new TypeError("Cannot destructure "+e)}function v(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function g(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?v(Object(n),!0).forEach((function(t){d(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):v(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function y(e,t){if(null==e)return{};var n,r,i=function(e,t){if(null==e)return{};var n={};for(var r in e)if({}.hasOwnProperty.call(e,r)){if(t.includes(r))continue;n[r]=e[r]}return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r<o.length;r++)n=o[r],t.includes(n)||{}.propertyIsEnumerable.call(e,n)&&(i[n]=e[n])}return i}function E(e,t){return E=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},E(e,t)}function T(e){return function(e){if(Array.isArray(e))return n(e)}(e)||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||b(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function S(e){var t=function(e){if("object"!=typeof e||!e)return e;var t=e[Symbol.toPrimitive];if(void 0!==t){var n=t.call(e,"string");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(e);return"symbol"==typeof t?t:t+""}function b(e,t){if(e){if("string"==typeof e)return n(e,t);var r={}.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate Vimeo player library with no obvious malicious behaviors. It includes standard player functionality and does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code uses some legacy APIs like `XDomainRequest`, which pose minor risks, but the overall behavior is consistent with a typical video player implementation."
}

/* VimeoPlayer - v4.39.52 - 2025-01-13 - https://player.vimeo.com/NOTICE.txt */
import{_ as e,d as t,a as n,i,s as o,C as r,c as a,b as s,e as l,u as c,L as d,g as u,f as _,x as p,h as v,j as m,t as f,k as h,l as g,V as E,m as b,n as C,o as y,r as T,p as L,q as A,P as I,T as S,v as P,w as O,E as w,y as R,z as N,G as k,A as D,B as M,F as B,D as V,Q as x,S as U,H,I as F,J as G,R as W,K as Y,M as $,N as q,O as K,U as z,W as j,X,Y as Z,Z as Q,$ as J,a0 as ee,a1 as te,a2 as ne,a3 as ie,a4 as oe,a5 as re,a6 as ae,a7 as se,a8 as le,a9 as ce,aa as de,ab as ue,ac as _e,ad as pe,ae as ve,af as me,ag as fe,ah as he,ai as ge,aj as Ee,ak as be,al as Ce,am as ye,an as Te,ao as Le,ap as Ae,aq as Ie,ar as Se,as as Pe,at as Oe,au as we,av as Re,aw as Ne,ax as ke,ay as De,az as Me,aA as Be,aB as Ve,aC as xe,aD as Ue,aE as He,aF as Fe,aG as Ge,aH as We,aI as Ye,aJ as $e,aK as qe,aL as Ke,aM as ze,aN as je,aO as Xe,aP as Ze,aQ as Qe,aR as Je,aS as et,aT as tt,aU as nt,aV as it,aW as ot,aX as rt,aY as at,aZ as st,a_ as lt}from"./vendor.module.js";export{aa as BigScreen,a_ as requestModule}from"./vendor.module.js";"classList"in SVGElement.prototype||Object.defineProperty(SVGElement.prototype,"classList",{get:function(){var e=this;return{contains:function(t){return-1!==e.className.baseVal.split(" ").indexOf(t)},add:function(t){var n=(e.getAttribute("class")+" "+t).trim();return e.setAttribute("class",n)},remove:function(t){var n=e.getAttribute("class")||"",i=new RegExp("(?:^|\\s)"+t+"(?!\\S)","g");n=n.replace(i,"").trim(),e.setAttribute("class",n)},toggle:function(e){this.contains(e)?this.remove(e):this.add(e)}}}});let ct={};function dt(e="",t={}){var n;if(null!=(n=ct.en)&&n[e]&&(e=ct.en[e]),Object.keys(t).forEach((n=>{e=e.replace(new RegExp(`{${n}}`,"g"),t[n])})),e.match(/\{\w+}/))throw new Error("Missing token definition.");return e}function ut(e){let t,n,i;return e=parseFloat(e),isNaN(e)||e<0?"0":e<1e3?e.toString():e>=1e3&&e<1e6?(i=Math.floor(e/1e3),t=Math.round(e%1e3/100),i+"."+t+"K"):(n=Math.floor(e/1e6),t=Math.round(e%1e6/1e5),n+"."+t+"M")}function _t(e){return!isNaN(e)&&parseInt(Number(e),10)==e&&!isNaN(parseInt(e,10))}function pt(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,((e,t)=>String.fromCharCode("0x"+t)))}const vt=function(t){const n=i=>i.length>=t.length?t.apply(this,i):(...t)=>n([].concat(e(i),t));return n([])}(((e,t)=>Object.keys(e).every((n=>e[n]===t[n])))),mt=(e=[])=>({get:t=>t?e.find(vt(t)):e,insert:t=>(e=e.concat(t)).slice(-1).pop(),getOrInsert(e){return this.get(e)||this.insert(e)},remove:t=>e.splice(e.findIndex(vt(t)),1).pop()});function ft(e,t,n=document.styleSheets[0]){try{n.insertRule?n.insertRule(e+"{"+t+"}",(n.cssRules||n.rules).length):n.addRule(e,t)}catch(ke){}}function ht(e){let t=e.getBoundingClientRect();return document.msFullscreenElement&&window.parent!==window&&e.offsetWidth<e.clientWidth&&(t={bottom:100*t.bottom,left:100*t.left,top:100*t.top,right:100*t.right,width:100*t.width,height:100*t.height}),t}function gt(e){try{return new URL(e).origin}catch(ke){}const t=document.createElement("a");return t.href=e,t.origin?t.origin:`${t.protocol.replace(":","")}://${t.host}`}function Et({width:e,height:t,elementWidth:n,elementHeight:i,threshold:o=10}){let r=1;const a=e/t,s=n-i*a,l=i-n/a;if(s>0&&s<o||l>0&&l<o){const e=n/(n-s),t=i/(i-l);r=At(Math.max(e,t),3)}return{extraWidth:s,extraHeight:l,scaleFactor:r}}function bt(e,t,n){return e>n?n:t>e?t:e}function Ct(e,t,{width:n,height:i,scrollbars:o="yes",resizable:r="yes",toolbar:a="no"}){let s=(window.screenY||window.screenTop||0)+window.outerHeight/2-i/2,l=(window.screenX||window.screenLeft||0)+window.outerWidth/2-n/2;window.chrome&&-1!==window.navigator.userAgent.toLowerCase().indexOf("mac os x")&&(i+=27),window.safari&&(i+=47);let c=`scrollbars=${o},resizable=${r},toolbar=${a}`;return window.open(e,t,`width=${n},height=${i},left=${l},top=${s},${c}`)}function yt(e){return function(e){return/^(https?:)?\/\/(.+)\.(((vimeo(ws)?|vimeo-(enterprise|work))\.(com|dev|work))|(v

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility script that checks for browser compatibility and loads additional resources like CSS and JavaScript files. While it contains some legacy practices like using the `XDomainRequest` API, the overall behavior is focused on providing a fallback experience for incompatible browsers and loading necessary assets. There are no clear indicators of malicious intent or high-risk activities, so the risk score is relatively low."
}

const fullscreenSupported="exitFullscreen"in document||"webkitExitFullscreen"in document||"webkitCancelFullScreen"in document||"mozCancelFullScreen"in document||"msExitFullscreen"in document||"webkitEnterFullScreen"in document.createElement("video");var isIE=checkIE(window.navigator.userAgent),incompatibleBrowser=!fullscreenSupported||isIE;window.noModuleLoading=!1,window.dynamicImportSupported=!1,window.isInIFrame=function(){try{return window.self!==window.top}catch(e){return!0}}(),!window.isInIFrame&&/twitter/i.test(navigator.userAgent)&&window.playerConfig.video.url&&(window.location=window.playerConfig.video.url),window.playerConfig.request.lang&&document.documentElement.setAttribute("lang",window.playerConfig.request.lang),window.loadScript=function(e){var n=document.getElementsByTagName("script")[0];n&&n.parentNode?n.parentNode.insertBefore(e,n):document.head.appendChild(e)},window.loadVUID=function(){if(!window.playerConfig.request.flags.dnt&&!window.playerConfig.embed.dnt){window._vuid=[["pid",window.playerConfig.request.session]];var e=document.createElement("script");e.async=!0,e.src=window.playerConfig.request.urls.vuid_js,window.loadScript(e)}},window.loadCSS=function(e,n){var i={cssDone:!1,startTime:new Date().getTime(),link:e.createElement("link")};return i.link.rel="stylesheet",i.link.href=n,e.getElementsByTagName("head")[0].appendChild(i.link),i.link.onload=function(){i.cssDone=!0},i},window.loadLegacyJS=function(e,n){if(incompatibleBrowser){var i=e.querySelector(".vp-placeholder");i&&i.parentNode&&i.parentNode.removeChild(i);let o=`/video/${window.playerConfig.video.id}/fallback`;window.playerConfig.request.referrer&&(o+=`?referrer=${window.playerConfig.request.referrer}`),n.innerHTML

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a utility script that checks for browser compatibility and loads necessary resources for a video player. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on feature detection, browser compatibility checks, and loading CSS and JavaScript files from trusted domains. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a legitimate part of a video player implementation and does not raise significant security concerns."
}

const fullscreenSupported="exitFullscreen"in document||"webkitExitFullscreen"in document||"webkitCancelFullScreen"in document||"mozCancelFullScreen"in document||"msExitFullscreen"in document||"webkitEnterFullScreen"in document.createElement("video");var isIE=checkIE(window.navigator.userAgent),incompatibleBrowser=!fullscreenSupported||isIE;window.noModuleLoading=!1,window.dynamicImportSupported=!1,window.isInIFrame=function(){try{return window.self!==window.top}catch(e){return!0}}(),!window.isInIFrame&&/twitter/i.test(navigator.userAgent)&&window.playerConfig.video.url&&(window.location=window.playerConfig.video.url),window.playerConfig.request.lang&&document.documentElement.setAttribute("lang",window.playerConfig.request.lang),window.loadScript=function(e){var n=document.getElementsByTagName("script")[0];n&&n.parentNode?n.parentNode.insertBefore(e,n):document.head.appendChild(e)},window.loadVUID=function(){if(!window.playerConfig.request.flags.dnt&&!window.playerConfig.embed.dnt){window._vuid=[["pid",window.playerConfig.request.session]];var e=document.createElement("script");e.async=!0,e.src=window.playerConfig.request.urls.vuid_js,window.loadScript(e)}},window.loadCSS=function(e,n){var i={cssDone:!1,startTime:new Date().getTime(),link:e.createElement("link")};return i.link.rel="stylesheet",i.link.href=n,e.getElementsByTagName("head")[0].appendChild(i.link),i.link.onload=function(){i.cssDone=!0},i},window.loadLegacyJS=function(e,n){if(incompatibleBrowser){var i=e.querySelector(".vp-placeholder");i&&i.parentNode&&i.parentNode.removeChild(i);let o=`/video/${window.playerConfig.video.id}/fallback`;window.playerConfig.request.referrer&&(o+=`?referrer=${window.playerConfig.request.referrer}`),n.innerHTML=`<div class="fallback"><iframe title="unsupported message" src="${o}" frameborder="0"></iframe></div>`}else{n.className="player loading";var t=window.loadCSS(e,window.playerConfig.request.urls.css),r=e.createElement("script"),a=!1;r.src=window.playerConfig.request.urls.js,window.loadScript(r),r["onreadystatechange"in r?"onreadystatechange":"onload"]=function(){!a&&(!this.readyState||this.readyState==="loaded"||this.readyState==="complete")&&(a=!0,playerObject=new VimeoPlayer(n,window.playerConfig,t.cssDone||{link:t.link,startTime:t.startTime}))},window.loadVUID()}};function checkIE(e){e=e&&e.toLowerCase?e.toLowerCase():"";function n(r){return r=r.toLowerCase(),new RegExp(r).test(e);return browserRegEx}var i=n("msie")?parseFloat(e.replace(/^.*msie (\d+).*$/,"$1")):!1,t=n("trident")?parseFloat(e.replace(/^.*trident\/(\d+)\.(\d+).*$/,"$1.$2"))+4:!1;return i||t}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a Vimeo player. It contains information about the CDN URLs, Vimeo API URL, and various video stream details. There are no indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script seems to be focused on providing the necessary configuration for a legitimate Vimeo video player, which is a common and expected behavior. Therefore, the risk score is assessed as 1 (Low Risk)."
}

window.playerConfig = {"cdn_url":"https://f.vimeocdn.com","vimeo_api_url":"api.vimeo.com","request":{"files":{"dash":{"cdns":{"akfire_interconnect_quic":{"avc_url":"https://vod-adaptive-ak.vimeocdn.com/exp=1736875032~acl=%2Fb98ae430-73ca-4a7f-adab-8cdb9e58124c%2F%2A~hmac=be1c0f2044e8c5d2afa6ccb9ca58e02c01f06fe2aadf58b463c4daabb5c9d7b2/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/prot/cXNyPTE/playlist.json?omit=av1-hevc\u0026pathsig=8c953e4f~Ze4UucV6Er_7Rvu-YuEDEQrB8c-W-aYcHvtsb9Rh8oM\u0026qsr=1\u0026rh=1LvSIl","origin":"gcs","url":"https://vod-adaptive-ak.vimeocdn.com/exp=1736875032~acl=%2Fb98ae430-73ca-4a7f-adab-8cdb9e58124c%2F%2A~hmac=be1c0f2044e8c5d2afa6ccb9ca58e02c01f06fe2aadf58b463c4daabb5c9d7b2/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/prot/cXNyPTE/playlist.json?pathsig=8c953e4f~Ze4UucV6Er_7Rvu-YuEDEQrB8c-W-aYcHvtsb9Rh8oM\u0026qsr=1\u0026rh=1LvSIl"},"fastly_skyfire":{"avc_url":"https://skyfire.vimeocdn.com/1736875032-0x8447ea2e439bddbf501cc5e6350313bb8afbbcd3/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/prot/cXNyPTE/playlist.json?omit=av1-hevc\u0026pathsig=8c953e4f~Ze4UucV6Er_7Rvu-YuEDEQrB8c-W-aYcHvtsb9Rh8oM\u0026qsr=1\u0026rh=1LvSIl","origin":"gcs","url":"https://skyfire.vimeocdn.com/1736875032-0x8447ea2e439bddbf501cc5e6350313bb8afbbcd3/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/prot/cXNyPTE/playlist.json?pathsig=8c953e4f~Ze4UucV6Er_7Rvu-YuEDEQrB8c-W-aYcHvtsb9Rh8oM\u0026qsr=1\u0026rh=1LvSIl"}},"default_cdn":"akfire_interconnect_quic","separate_av":true,"streams":[{"profile":"5ff7441f-4973-4241-8c2e-976ef4a572b0","id":"622be979-0241-47c2-b508-d5da94257fb9","fps":29.98,"quality":"1080p"},{"profile":"f3f6f5f0-2e6b-4e90-994e-842d1feeabc0","id":"e0956802-1b4d-46c3-9240-34a60271f522","fps":29.98,"quality":"720p"},{"profile":"d0b41bac-2bf2-4310-8113-df764d486192","id":"6980055e-88df-487c-9ca7-fcfae8e37a23","fps":29.98,"quality":"240p"},{"profile":"c3347cdf-6c91-4ab3-8d56-737128e7a65f","id":"4ef3a107-e4d2-436d-ab39-b0637234cc98","fps":29.98,"quality":"360p"},{"profile":"f9e4a5d7-8043-4af3-b231-641ca735a130","id":"1cfafe8f-ccac-48c6-8f8e-2dbc0afcf1e2","fps":29.98,"quality":"540p"}],"streams_avc":[{"profile":"d0b41bac-2bf2-4310-8113-df764d486192","id":"6980055e-88df-487c-9ca7-fcfae8e37a23","fps":29.98,"quality":"240p"},{"profile":"c3347cdf-6c91-4ab3-8d56-737128e7a65f","id":"4ef3a107-e4d2-436d-ab39-b0637234cc98","fps":29.98,"quality":"360p"},{"profile":"f9e4a5d7-8043-4af3-b231-641ca735a130","id":"1cfafe8f-ccac-48c6-8f8e-2dbc0afcf1e2","fps":29.98,"quality":"540p"},{"profile":"5ff7441f-4973-4241-8c2e-976ef4a572b0","id":"622be979-0241-47c2-b508-d5da94257fb9","fps":29.98,"quality":"1080p"},{"profile":"f3f6f5f0-2e6b-4e90-994e-842d1feeabc0","id":"e0956802-1b4d-46c3-9240-34a60271f522","fps":29.98,"quality":"720p"}]},"hls":{"captions":"https://vod-adaptive-ak.vimeocdn.com/exp=1736875032~acl=%2Fb98ae430-73ca-4a7f-adab-8cdb9e58124c%2F%2A~hmac=be1c0f2044e8c5d2afa6ccb9ca58e02c01f06fe2aadf58b463c4daabb5c9d7b2/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/sub/123151658-c-en-x-autogen/prot/cXNyPTE/playlist.m3u8?ext-subs=1\u0026locale=en\u0026omit=av1-hevc-opus\u0026pathsig=8c953e4f~sq_rjr1v-XOn1f7vZnz2zQiZZCa31aJTFXgX19FOdGc\u0026qsr=1\u0026rh=1LvSIl\u0026sf=ts","cdns":{"akfire_interconnect_quic":{"avc_url":"https://vod-adaptive-ak.vimeocdn.com/exp=1736875032~acl=%2Fb98ae430-73ca-4a7f-adab-8cdb9e58124c%2F%2A~hmac=be1c0f2044e8c5d2afa6ccb9ca58e02c01f06fe2aadf58b463c4daabb5c9d7b2/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/av/primary/sub/123151658-c-en-x-autogen/prot/cXNyPTE/playlist.m3u8?ext-subs=1\u0026locale=en\u0026omit=av1-hevc-opus\u0026pathsig=8c953e4f~sq_rjr1v-XOn1f7vZnz2zQiZZCa31aJTFXgX19FOdGc\u0026qsr=1\u0026rh=1LvSIl\u0026sf=ts","captions":"https://vod-adaptive-ak.vimeocdn.com/exp=1736875032~acl=%2Fb98ae430-73ca-4a7f-adab-8cdb9e58124c%2F%2A~hmac=be1c0f2044e8c5d2afa6ccb9ca58e02c01f06fe2aadf58b463c4daabb5c9d7b2/b98ae430-73ca-4a7f-adab-8cdb9e58124c/v2/playlist/a

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a utility function for generating a UUID (Universally Unique Identifier). It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code uses standard JavaScript practices and interacts with trusted domains (e.g., `crypto.getRandomValues`). While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and can be considered low risk."
}

!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arguments[n])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},r.apply(this,arguments)};t.__esModule=!0;var i=n(699),o=n(752),a=n(104),c=n(508);!function(){function e(e){var t="";if(t=window.location.origin?window.location.origin:"".concat(window.location.protocol,"://").concat(window.location.host),e&&"string"==typeof e)if(0===e.indexOf("/"))t+=e;else try{var n=new URL(e);return"".concat(n.protocol,"://").concat(n.host).concat(n.pathname)}catch(e){}else{var r=window.location.pathname;r&&r.length>0&&(t+=r)}return t}function t(e,t){for(var n in e){var r=e[n];void 0!==t&&("number"!=typeof r&&"string"!=typeof r||(t[n]=r))}}!function(){var n,u,s=window.performance||window.webkitPerformance||window.msPerformance||window.mozPerformance,f="data-cf-beacon",d=document.currentScript||("function"==typeof document.querySelector?document.querySelector("script[".concat(f,"]")):void 0),l=c(),v=[],p=window.__cfBeacon?window.__cfBeacon:{};if(!p||"single"!==p.load){if(d){var m=d.getAttribute(f);if(m)try{p=r(r({},p),JSON.parse(m))}catch(e){}else{var g=d.getAttribute("src");if(g&&"function"==typeof URLSearchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventListener("visibilitychange",(function(){if("hidden"===document.visibilityState){if(L&&A()){var t=e();(null==w?void 0:w.url)==t&&(null==w?void 0:w.triggered)||P(),_(t)}!b&&w&&(b=!0,B())}else"visible"===document.visibilityState&&(new Date).getTime()}));var E={};"function"==typeof PerformanceObserver&&((0,a.onLCP)(x),(0,a.onFID)(x),(0,a.onFCP)(x),(0,a.onINP)(x),(0,a.onTTFB)(x),PerformanceObserver.supportedEntryTypes&&PerformanceObserver.supportedEntryTypes.includes("layout-shift")&&(0,a.onCLS)(x));var L=p&&(void 0===p.spa||!0===p.spa),C=p.send&&p.send.to?p.send.to:void 0===p.version?"https://cloudflareinsights.com/cdn-cgi/rum":null,P=function(r){var a=function(r){var o,a,c=s.timing,u=s.memory,f=r||e(),d={memory:{},timings:{},resources:[],referrer:(o=document.referrer||"",a=v[v.length-1],L&&w&&a?a.url:o),eventType:i.EventType.Load,firstPaint:0,firstContentfulPaint:0,startTime:F(),versions:{fl:p?p.version:"",js:"2024.6.1",timings:1},pageloadId:l,location:f,nt:S,serverTimings:I()};if(null==n){if("function"==typeof s.getEntriesByType){var m=s.getEntriesByType("navigation");m&&Array.isArray(m)&&m.length>0&&(d.timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.icTag&&(d.icTag=p

{
  "contains_trigger_text": true,
  "trigger_text": "We see the bigger picture",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "We see the bigger picture",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Carollo"
  ]
}

{
  "brands": [
    "Carollo"
  ]
}

```json
{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://carollo.com