When looking at the downloaded content we fount that the file frames/game-frame.js is downloaded. It contains 248 311 characters as the following:

```
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+
(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+
[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])
[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+
(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[]
<SNIP>
```

This is JSfuck. We use an online decoder to decode it. The output is some clear JavaScript.

```
parent.postMessage(window.location.toString(),"*");var originalAlert=window.
alert;window.alert=function(t){parent.postMessage("success","*"),
flag=atob("ZmxhZ3t4NTVfaTVOdF83aEE3X2JBRF9SMUdoNz99"),setTimeout(function()
{originalAlert("Congratulations, you executed an alert:\n\n"+t+"\n\nhere is the flag: "+flag)},50)};
```

We where probably supposed to do some XSS to get the flag but we got it either way.

```
$ echo -ne 'ZmxhZ3t4NTVfaTVOdF83aEE3X2JBRF9SMUdoNz99' | base64 -d
flag{x55_i5Nt_7hA7_bAD_R1Gh7?}[
```