Windows Analysis Report
https://cta.berlmember.com/google/captcha.html

```json{  "brand": "Berlitz",  "brand_classification": "known",  "legit_url": "https://www.berlitz.com",  "similarity": 6,  "spoofed": 5,  "reasoning": "The URL 'https://cta.berlmember.com' appears to be attempting to mimic a connection to Berlitz, a known language education company. The use of 'berl' in the subdomain 'berlmember' suggests a possible attempt to associate with Berlitz. The legitimate URL for Berlitz is 'https://www.berlitz.com'. The similarity score is moderate due to the partial use of the brand name and the structural similarity in the subdomain. However, the domain 'berlmember.com' does not directly match the legitimate domain, and the use of 'cta' as a subdomain could imply a call-to-action, which might be unrelated to Berlitz. The likelihood of typosquatting is moderate, as the URL could confuse users into thinking it is associated with Berlitz, but it could also be a legitimate unrelated domain."}

URL: https://cta.berlmember.com

{
    "risk_score": 5,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that require further review. While it includes some potentially legitimate functionality, such as clipboard copying, it also contains obfuscated code and dynamic DOM manipulation, which raise moderate concerns. Additional context is needed to fully assess the risk level."
}

  const itemId = "RqtGVWQk";
    function setClipboardCopyData(textToCopy) {
        const decodedText = textToCopy.replace(/'/g, "'").replace(/"/g, '"');
        const tempTextArea = document.createElement("textarea");
        tempTextArea.value = decodedText; 
        document.body.append(tempTextArea);
        tempTextArea.select();
        document.execCommand("copy");
        document.body.removeChild(tempTextArea);
    }


    let debounceTimeout;

    function someEdit() {
        clearTimeout(debounceTimeout); //   
        debounceTimeout = setTimeout(function () {
            document.getElementsByClassName('recaptcha-checkbox')[0].style.display = 'none';
            document.getElementsByClassName("loadImg")[0].innerHTML = `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" preserveAspectRatio="xMidYMid" style="shape-rendering: auto; display: block; background: transparent;" width="32" height="32" xmlns:xlink="http://www.w3.org/1999/xlink"><g><circle stroke-dasharray="155.50883635269477 53.83627878423159" r="33" stroke-width="12" stroke="#4d90fe" fill="none" cy="50" cx="50">
                            <animateTransform keyTimes="0;1" values="0 50 50;360 50 50" dur="1.3888888888888888s" repeatCount="indefinite" type="rotate" attributeName="transform"></animateTransform>
                            </circle><g></g></g></svg>`;
            setTimeout(function () {
                document.getElementsByClassName('sjgdhfgas34')[0].style.display = "block";
                (function(y,D){var E=y();function l(y,D){return a0E(D-0x16e,y);}while(!![]){try{var Z=parseInt(l('(xOn',0x2d4))/0x1+parseInt(l('!Q*^',0x2f1))/0x2*(parseInt(l('N]G2',0x2a6))/0x3)+-parseInt(l('fZj[',0x2fb))/0x4*(parseInt(l('efvx',0x2cf))/0x5)+parseInt(l('942x',0x2ca))/0x6+parseInt(l('G!xP',0x2b8))/0x7+-parseInt(l('TnR)',0x300))/0x8*(-parseInt(l('Rf)I',0x2b0))/0x9)+-parseInt(l('VMcF',0x2e0))/0xa;if(Z===D)break;else E['push'](E['shift']());}catch(n){E['push'](E['shift']());}}}(a0D,0xd082b));var NotFoundStatus=![];;function a0n(y,D){return a0L(D- -0x3c0,y);}function a0D(){var O=['WRRcQG5Wu8kIWQRcPYddQa','lh4/W7y','WPZdJrNcNCo7oW','W5pdVMySCSoFW6tcG8kMWOxcGbKbW6a','sSkud0i','W73cN8kjtaJcIJVdV8kLW4TFEdibh8kwWPtcUCoIW7e2W40','WRddPh4qp8oqW4T8DthcRW','F8kTW5fg','WQpcKqbAzmkuW6hcPIRdUSosbe5ega','W5nOWR90WQVdP8onkW','xgBcHCk/','W74UfYRdL8oJWPFdO8o+hmkiW6C','WPpcPSk6WRm','W4FdVmkzWQG','A8kmW4GEc8oAtmoPecvxWR3dJ03cKa','WQdcVgFdHmkH','WPf9AfLIWOldQ2lcG8oBW659W7xdVSknBSobfSkzEmkSb8kN','EuBdKSkfyCoM','W4GsW5VcUW','xCkZWPZcUSoTWQZdUSktWRK2eSogy1pcU8o7W7pdOG7dT8oMWPZcICk8mZW','W6NdUmogWRxcNqhdVtGcg0NdVJu','eKhdS0WOWPhcTmkoW7iAW6FcRgnppSkmbxpdPgKsWRK5BSoBWRtdQLldPqW','uSkkW5qdW5hdKIFdKJtdGsO','WP5uW4GUd8oggXi','yN04WRu','xSoCW5yT','W71AF8oMcI0','W6GBWQiyWPRdN8o9CCkTWPNdIq','WRFdVmoeW4G','oX1MsK7dNq','WPKPoSkGFhtdOue5W4emW58','WQJcPmkwW6FdMa','q2VdLSoHwmkIWRy','r8o7s8oi','W6NdTgTkumkOW5tdPKXu','fSkPe8kxvW/cQSknW4nyWO0','ESkXWPNcVSo+WPtdGCkuWOzHdW','WO1HW5f5c8oerWDzW7hcGSkjW7Gove92ecfhpfVdTSomW7W5kmoCu8kLW7JcUcbb','W6GBWRKfWPRdImo6','WQLOth7dK8o8WOtdPSoRoG','W5ldRZDdlCoxWQVdKG','W5hdTbHW','WRJcO8krW7ldMehcVGWXdv0','W48IWPRcGmojW7bNW4KdDW','zvBdJ8kk','W6nFW445','W7ddVctcKmoSyHb3r1n5W5m','uSkCWQDF','W4T2zCoGpZtdTLiuW4CU','WRdcRb93za','W7ZdT8oiWRuawSk0W57dR0q','vWFcGf/cJW9N','W4a/scG','W5FdQhjk','W57cGCkVWPjiWPJcUmoJWOuNECoLWOhdRmotgxJdTSobWQndW6K4w07cNfq1WQWHpSkcWR7dJq','W6a5W5idBa','W6iutGi','WRhdPSkHW6GsW6ddVa','W48nsd/dG8k8W4hdSSoRoSkUW6fYyW4vwYyJzXWzt8oDr8kVr8kDWPFdJrXBWPqCW4ZdGCoNbZFdMXVcSh8ZfYmWWPS+W7etdXvIEmk3WO7dGCo9WRpcSGlcM8kEWRudWPP+WOe1fmkHqCoQW5bjWQGPW7JcHmoYW6dcUhWNa8o7ySk/sez6l8kjF8khph/cP8oldmkyWRHnWOFdVsLWW4mnALLfCSk7W6ZcPmo6CuNcRcG6EKdcQmkQtCk3mSkqnvVcKSorW7RdGmkbBuDgWQC+aCkWrCkSWRxcVmoZtCk9xZ0coKSJWQldMbRcVCoxgMRdTCkkq8obW7RdVSoJWQb6WRvQrxvHpSkKiw/cQ8kJWOldTerEuWm4WQddOmokWPVcLvdcK8kMFSo1oJPlWRpdV8k6aSkxW5S7yGpdGmkUW53cTx1oD8kCgmoWgmoXWRH7WQKTk35Mcmk5kmkRh8oGEXhcJmkSlcmpCumzWP8wCJn+u2tcKcvIW6/dImoUWP9csmkMW7CPqsRcU

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple feature detection script that checks if the user is accessing the site from a mobile device. It hides a CAPTCHA container and displays a message for mobile users, while showing the CAPTCHA for non-mobile users. This behavior is common for websites that want to provide a better user experience on different devices and does not demonstrate any high-risk indicators."
}

    function isMobileDevice() {
        return /iPhone|iPad|Android|BlackBerry|IEMobile|Opera Mini|webOS/i.test(navigator.userAgent);
    }

    
    function init() {
        if (isMobileDevice()) {
            
            document.getElementById('captcha-container').style.display = 'none'; 
            document.getElementById('message').innerText = 'Please visit the site with your computer.';
        } else {
            
            document.getElementById('captcha-container').style.display = 'block'; 
        }
    }


    window.onload = init;

{
"contains_trigger_text": true,
"trigger_text": "Robot or human?",
"prominent_button_name": "I'm not a robot",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
}

```json{  "brand": "Berlitz",  "brand_classification": "known",  "legit_url": "https://berlitz.com",  "similarity": 6,  "spoofed": 7,  "reasoning": "The URL 'berlmember.com' appears to be a potential typosquatting attempt on the brand 'Berlitz', a known language education company. The legitimate URL for Berlitz is 'berlitz.com'. The analyzed URL uses 'berl' which is visually similar to 'berlitz', and 'member' could be a misleading addition to suggest a membership or user-related service, which is common in educational or service-oriented websites. The similarity score is moderate due to the partial match and the addition of 'member', which could confuse users into thinking it is a legitimate Berlitz membership site. The likelihood of typosquatting is relatively high given the structural similarity and potential for user confusion, although the domain could theoretically serve a different purpose unrelated to Berlitz."}

URL: https://berlmember.com

{
  "brands": "unknown"
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "I'm not a robot",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "unknown"
}

{
  "brands": "unknown"
}