Windows Analysis Report
https://donorbox.org/events/730855

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 0,  "spoofed": 0,  "reasoning": "The URL 'https://donorbox.org' does not appear to be a typosquatting attempt. There are no obvious visual character substitutions or structural changes that suggest it is mimicking a well-known brand. The domain 'donorbox.org' seems to be a legitimate and standalone entity, likely related to donation or fundraising activities, as suggested by the name 'donorbox'. There is no indication of a subdomain or domain extension misuse that would imply an attempt to confuse users into thinking they are interacting with a different, more recognized brand."}

URL: https://donorbox.org

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript code appears to be a legitimate implementation of a header scroll event handler and a language selector functionality. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code. The code uses standard DOM manipulation techniques and event listeners, which are common practices in web development. While the code could be improved in terms of performance (e.g., using `requestAnimationFrame` instead of `setTimeout`), it does not exhibit any suspicious or malicious behavior."
}

var scrollEventDebounce = null

function headerScrollEvent () {
    clearTimeout(scrollEventDebounce);

    debounce = setTimeout(function() {
        var docBody = document.body; //IE 'quirks'
        var docElem = document.documentElement; //IE with doctype
        docElem = (docElem.clientHeight) ? docElem : docBody;

        if (docElem.scrollTop === 0) {
            app_header.classList.remove('header_active');
        } else {
            app_header.classList.add('header_active');
        }
    },10);
}

function createLanguageSelector () {
    var list   = document.getElementById("footer_language_selector").querySelectorAll('ul li a');
    var select = document.createElement('select');
    var lang   = document.querySelector('html').getAttribute('lang');

    Array.from(list).forEach( function(item) {
        var option = document.createElement('option');
        option.innerHTML = item.innerHTML;
        option.value     = item.getAttribute('href');

        if(option.value === '/' + lang)
            option.setAttribute('selected', 'selected');

        select.appendChild(option);
    });

    select.addEventListener('change', function(e) {
        window.location.href = select[select.selectedIndex].value;
    })

    footer_language_selector.appendChild(select);

    footer_language_selector.querySelector('ul').remove();
}

document.addEventListener("DOMContentLoaded", function() {

    window.addEventListener("scroll", headerScrollEvent, {passive: true});

    if (document.getElementById("footer_language_selector"))
        createLanguageSelector();
});

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility function for generating a UUID (Universally Unique Identifier). It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The script uses standard JavaScript practices and interacts with trusted domains (e.g., `crypto.getRandomValues`). While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign utility with no clear signs of malicious intent."
}

!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arguments[n])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},r.apply(this,arguments)};t.__esModule=!0;var i=n(699),o=n(752),a=n(104),c=n(508);!function(){function e(e){var t="";if(t=window.location.origin?window.location.origin:"".concat(window.location.protocol,"://").concat(window.location.host),e&&"string"==typeof e)if(0===e.indexOf("/"))t+=e;else try{var n=new URL(e);return"".concat(n.protocol,"://").concat(n.host).concat(n.pathname)}catch(e){}else{var r=window.location.pathname;r&&r.length>0&&(t+=r)}return t}function t(e,t){for(var n in e){var r=e[n];void 0!==t&&("number"!=typeof r&&"string"!=typeof r||(t[n]=r))}}!function(){var n,u,s=window.performance||window.webkitPerformance||window.msPerformance||window.mozPerformance,f="data-cf-beacon",d=document.currentScript||("function"==typeof document.querySelector?document.querySelector("script[".concat(f,"]")):void 0),l=c(),v=[],p=window.__cfBeacon?window.__cfBeacon:{};if(!p||"single"!==p.load){if(d){var m=d.getAttribute(f);if(m)try{p=r(r({},p),JSON.parse(m))}catch(e){}else{var g=d.getAttribute("src");if(g&&"function"==typeof URLSearchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventListener("visibilitychange",(function(){if("hidden"===document.visibilityState){if(L&&A()){var t=e();(null==w?void 0:w.url)==t&&(null==w?void 0:w.triggered)||P(),_(t)}!b&&w&&(b=!0,B())}else"visible"===document.visibilityState&&(new Date).getTime()}));var E={};"function"==typeof PerformanceObserver&&((0,a.onLCP)(x),(0,a.onFID)(x),(0,a.onFCP)(x),(0,a.onINP)(x),(0,a.onTTFB)(x),PerformanceObserver.supportedEntryTypes&&PerformanceObserver.supportedEntryTypes.includes("layout-shift")&&(0,a.onCLS)(x));var L=p&&(void 0===p.spa||!0===p.spa),C=p.send&&p.send.to?p.send.to:void 0===p.version?"https://cloudflareinsights.com/cdn-cgi/rum":null,P=function(r){var a=function(r){var o,a,c=s.timing,u=s.memory,f=r||e(),d={memory:{},timings:{},resources:[],referrer:(o=document.referrer||"",a=v[v.length-1],L&&w&&a?a.url:o),eventType:i.EventType.Load,firstPaint:0,firstContentfulPaint:0,startTime:F(),versions:{fl:p?p.version:"",js:"2024.6.1",timings:1},pageloadId:l,location:f,nt:S,serverTimings:I()};if(null==n){if("function"==typeof s.getEntriesByType){var m=s.getEntriesByType("navigation");m&&Array.isArray(m)&&m.length>0&&(d.timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.icTag&&(d.icTag=p

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Org Login",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Org Login",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
}

{
  "brands": [
    "Donorbox"
  ]
}

{
  "brands": [
    "Donorbox"
  ]
}