Windows Analysis Report
https://atpscan.global.hornetsecurity.com?d=CSvj-8b3fpwAumC6AbFMfEVmIT5ENJWTqrZHusAeFnU&f=Mzo1PUwZQd3evqHstuwR_5FCozrkJ9Jd1jGDrnrvcdluTk54zR-Gop3tgMHHrGpX90Gv7ZppU4ALGygldB7J0A&i=&k=bz9r&m=KuGpJb7F8ZjkKBdLnbtsoBlIPcr_V2YvhrjDwSG7wjDkh9t68btueC3me_khplS04Y1vkmcz2DALFAdsCPnXV9Y0e_KkoBmquE5hQxvQRCkIOVA

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false,
    "reasoning": "This is a legitimate domain for Hornetsecurity, a known cybersecurity company. The subdomain structure is normal, and .com is a standard TLD. The domain follows expected naming conventions for a corporate service."
}

URL: https://atpscan.global.hornetsecurity.com

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It includes external data transmission, the use of fallback domains, and aggressive DOM manipulation, which collectively warrant a medium risk score. While the script does not appear to contain any high-risk indicators like dynamic code execution or obvious data exfiltration, the overall behavior and lack of transparency around the data being transmitted warrant further investigation."
}

"use strict";(self.webpackChunktoc=self.webpackChunktoc||[]).push([[895],{6895:(ut,k,d)=>{d.r(k),d.d(k,{V3Module:()=>v});var w=d(177),Y=d(9417),_=d(9888),O=d(8797);const h="function"==typeof Buffer,C="function"==typeof TextDecoder?new TextDecoder:void 0,p=("function"==typeof TextEncoder&&new TextEncoder,Array.prototype.slice.call("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=")),g=(e=>{let s={};return e.forEach((i,r)=>s[i]=r),s})(p),H=/^(?:[A-Za-z\d+\/]{4})*?(?:[A-Za-z\d+\/]{2}(?:==)?|[A-Za-z\d+\/]{3}=?)?$/,a=String.fromCharCode.bind(String),F="function"==typeof Uint8Array.from?Uint8Array.from.bind(Uint8Array):e=>new Uint8Array(Array.prototype.slice.call(e,0)),j=e=>e.replace(/[^A-Za-z0-9\+\/]/g,""),B=e=>{let s,i,r,n,o="";const l=e.length%3;for(let b=0;b<e.length;){if((i=e.charCodeAt(b++))>255||(r=e.charCodeAt(b++))>255||(n=e.charCodeAt(b++))>255)throw new TypeError("invalid character found");s=i<<16|r<<8|n,o+=p[s>>18&63]+p[s>>12&63]+p[s>>6&63]+p[63&s]}return l?o.slice(0,l-3)+"===".substring(l):o},Z=/[\xC0-\xDF][\x80-\xBF]|[\xE0-\xEF][\x80-\xBF]{2}|[\xF0-\xF7][\x80-\xBF]{3}/g,K=e=>{switch(e.length){case 4:var i=((7&e.charCodeAt(0))<<18|(63&e.charCodeAt(1))<<12|(63&e.charCodeAt(2))<<6|63&e.charCodeAt(3))-65536;return a(55296+(i>>>10))+a(56320+(1023&i));case 3:return a((15&e.charCodeAt(0))<<12|(63&e.charCodeAt(1))<<6|63&e.charCodeAt(2));default:return a((31&e.charCodeAt(0))<<6|63&e.charCodeAt(1))}},P=e=>e.replace(Z,K),S=e=>{if(e=e.replace(/\s+/g,""),!H.test(e))throw new TypeError("malformed base64.");e+="==".slice(2-(3&e.length));let s,r,n,i="";for(let o=0;o<e.length;)s=g[e.charAt(o++)]<<18|g[e.charAt(o++)]<<12|(r=g[e.charAt(o++)])<<6|(n=g[e.charAt(o++)]),i+=64===r?a(s>>16&255):64===n?a(s>>16&255,s>>8&255):a(s>>16&255,s>>8&255,255&s);return i},I="function"==typeof atob?e=>atob(j(e)):h?e=>Buffer.from(e,"base64").toString("binary"):S,U=h?e=>F(Buffer.from(e,"base64")):e=>F(I(e).split("").map(s=>s.charCodeAt(0))),tt=h?e=>Buffer.from(e,"base64").toString("utf8"):C?e=>C.decode(U(e)):e=>P(I(e)),N=e=>j(e.replace(/[-_]/g,s=>"-"==s?"+":"/")),x=e=>tt(N(e)),st_decode=x;var t=d(4438),it=d(1626);class f{constructor(s){this.http=s}redirect(s,i){return this.http.post(`${s}redirect`,i)}analyse(s,i){return this.http.post(`${s}analyse`,i)}static#t=this.\u0275fac=function(i){return new(i||f)(t.KVO(it.Qq))};static#e=this.\u0275prov=t.jDH({token:f,factory:f.\u0275fac})}var J=d(5694);const X=e=>({disabled:e});function rt(e,s){if(1&e){const i=t.RV6();t.j41(0,"div",26),t.bIt("click",function(){t.eBV(i);const n=t.XpG(2);return t.Njj(n.navToLeft())})("keyup",function(){t.eBV(i);const n=t.XpG(2);return t.Njj(n.navToLeft())}),t.k0s()}if(2&e){const i=t.XpG(2);t.Y8G("ngClass",t.eq3(1,X,i.leftNavDisabled))}}function nt(e,s){if(1&e){const i=t.RV6();t.j41(0,"div",27),t.bIt("click",function(){t.eBV(i);const n=t.XpG(2);return t.Njj(n.navToRight())})("keyup",function(){t.eBV(i);const n=t.XpG(2);return t.Njj(n.navToRight())}),t.k0s()}if(2&e){const i=t.XpG(2);t.Y8G("ngClass",t.eq3(1,X,i.rightNavDisabled))}}function ot(e,s){if(1&e&&(t.j41(0,"div",28)(1,"div",17)(2,"div",18)(3,"div",19),t.nrm(4,"img",29),t.j41(5,"h2"),t.EFF(6),t.nI1(7,"translate"),t.k0s()(),t.j41(8,"strong"),t.EFF(9),t.nI1(10,"translate"),t.k0s(),t.j41(11,"p"),t.EFF(12),t.nI1(13,"translate"),t.k0s()(),t.j41(14,"div",22),t.nrm(15,"img",30),t.k0s(),t.nrm(16,"div",5),t.k0s()()),2&e){const i=t.XpG(2);t.R7$(6),t.JRh(t.bMT(7,3,"urlscan.scanning.title")),t.R7$(3),t.JRh(t.bMT(10,5,"urlscan.scanning.notify")),t.R7$(3),t.JRh(t.bMT(13,7,i.securityQuote))}}function at(e,s){if(1&e&&(t.j41(0,"div",31)(1,"div",17)(2,"div",18)(3,"div",19),t.nrm(4,"img",32),t.j41(5,"h2"),t.EFF(6),t.nI1(7,"translate"),t.k0s()(),t.j41(8,"strong"),t.EFF(9),t.nI1(10,"translate"),t.k0s(),t.j41(11,"p"),t.EFF(12),t.nI1(13,"translate"),t.k0s(),t.j41(14,"p"),t.EFF(15),t.nI1(16,"translate"),t.k0s()(),t.j41(17,"div",22),t.nrm(18,"img",33),t.k0s(),t.nrm(19,"div",5),t.k0s()()),2&e){const i=t.XpG(2);t.R7$(6),t.JRh(t.bMT(7,6,"urlscan.v

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses dynamic code execution through the `r.l()` function, which can potentially load and execute external scripts. Additionally, it sends data to external domains, including `analytics.example.com`, which could be used for data exfiltration. While the script may have a legitimate purpose, such as analytics or telemetry, the use of legacy APIs like `XDomainRequest` and the potential for inconsistent behavior warrant further review."
}

(()=>{"use strict";var e,v={},m={};function r(e){var i=m[e];if(void 0!==i)return i.exports;var t=m[e]={exports:{}};return v[e](t,t.exports,r),t.exports}r.m=v,e=[],r.O=(i,t,o,u)=>{if(!t){var a=1/0;for(n=0;n<e.length;n++){for(var[t,o,u]=e[n],c=!0,f=0;f<t.length;f++)(!1&u||a>=u)&&Object.keys(r.O).every(b=>r.O[b](t[f]))?t.splice(f--,1):(c=!1,u<a&&(a=u));if(c){e.splice(n--,1);var d=o();void 0!==d&&(i=d)}}return i}u=u||0;for(var n=e.length;n>0&&e[n-1][2]>u;n--)e[n]=e[n-1];e[n]=[t,o,u]},r.d=(e,i)=>{for(var t in i)r.o(i,t)&&!r.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:i[t]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce((i,t)=>(r.f[t](e,i),i),[])),r.u=e=>e+"."+{218:"0809266569f41ece",895:"be1bd3f1e3cf97bf"}[e]+".js",r.miniCssF=e=>{},r.o=(e,i)=>Object.prototype.hasOwnProperty.call(e,i),(()=>{var e={},i="toc:";r.l=(t,o,u,n)=>{if(e[t])e[t].push(o);else{var a,c;if(void 0!==u)for(var f=document.getElementsByTagName("script"),d=0;d<f.length;d++){var l=f[d];if(l.getAttribute("src")==t||l.getAttribute("data-webpack")==i+u){a=l;break}}a||(c=!0,(a=document.createElement("script")).type="module",a.charset="utf-8",a.timeout=120,r.nc&&a.setAttribute("nonce",r.nc),a.setAttribute("data-webpack",i+u),a.src=r.tu(t)),e[t]=[o];var s=(g,b)=>{a.onerror=a.onload=null,clearTimeout(p);var h=e[t];if(delete e[t],a.parentNode&&a.parentNode.removeChild(a),h&&h.forEach(y=>y(b)),g)return g(b)},p=setTimeout(s.bind(null,void 0,{type:"timeout",target:a}),12e4);a.onerror=s.bind(null,a.onerror),a.onload=s.bind(null,a.onload),c&&document.head.appendChild(a)}}})(),r.r=e=>{typeof Symbol<"u"&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},(()=>{var e;r.tt=()=>(void 0===e&&(e={createScriptURL:i=>i},typeof trustedTypes<"u"&&trustedTypes.createPolicy&&(e=trustedTypes.createPolicy("angular#bundler",e))),e)})(),r.tu=e=>r.tt().createScriptURL(e),r.p="",(()=>{var e={121:0};r.f.j=(o,u)=>{var n=r.o(e,o)?e[o]:void 0;if(0!==n)if(n)u.push(n[2]);else if(121!=o){var a=new Promise((l,s)=>n=e[o]=[l,s]);u.push(n[2]=a);var c=r.p+r.u(o),f=new Error;r.l(c,l=>{if(r.o(e,o)&&(0!==(n=e[o])&&(e[o]=void 0),n)){var s=l&&("load"===l.type?"missing":l.type),p=l&&l.target&&l.target.src;f.message="Loading chunk "+o+" failed.\n("+s+": "+p+")",f.name="ChunkLoadError",f.type=s,f.request=p,n[1](f)}},"chunk-"+o,o)}else e[o]=0},r.O.j=o=>0===e[o];var i=(o,u)=>{var f,d,[n,a,c]=u,l=0;if(n.some(p=>0!==e[p])){for(f in a)r.o(a,f)&&(r.m[f]=a[f]);if(c)var s=c(r)}for(o&&o(u);l<n.length;l++)d=n[l],r.o(e,d)&&e[d]&&e[d][0](),e[d]=0;return r.O(s)},t=self.webpackChunktoc=self.webpackChunktoc||[];t.forEach(i.bind(null,0)),t.push=i.bind(null,t.push.bind(t))})()})();

{
"contains_trigger_text": true,
"trigger_text": "The target URL is not valid. Your request cannot be processed.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Hornetsecurity"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false,
    "reasoning": "This appears to be a legitimate-looking domain using a standard .net TLD. The domain name is descriptive of its likely purpose (cloud security) and doesn't contain any suspicious elements."
}

URL: https://cloud-security.net