Windows Analysis Report
https://app.powerbi.com/view?r=eyJrIjoiMDA2ZDU1NjAtYWIzNS00NWI5LThmZjQtZGNkNzUzYjk3YWJhIiwidCI6IjE1MWMxNjZlLWM3ZWEtNGI1ZC1hMjQ3LTNkMTAyNTEzY2IwMyJ9

```json{  "brand": "Power BI",  "brand_classification": "known",  "legit_url": "https://powerbi.microsoft.com",  "similarity": 7,  "spoofed": 2,  "reasoning": "The URL 'https://app.powerbi.com' uses a subdomain 'app' which is a common practice for web applications and does not inherently suggest typosquatting. The domain 'powerbi.com' closely resembles the legitimate brand 'Power BI', which is a known product by Microsoft. However, the legitimate URL for Power BI is typically 'https://powerbi.microsoft.com'. The use of 'powerbi.com' could be legitimate if owned by Microsoft or an authorized entity, but without further verification, it is unclear. The similarity score is moderate due to the use of the brand name in the domain, but the likelihood of typosquatting is low given the plausible legitimate use of the subdomain 'app'."}

URL: https://app.powerbi.com

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple object assignment and does not exhibit any high-risk behaviors. It is likely part of a performance or timing-related functionality, which is a common practice in web development."
}

this.parseTimeMarkers = this.parseTimeMarkers || {}; this.parseTimeMarkers['jquery.globalize/globalize.min.js'] = { nominalStart: Date.now(), start: Date.now(), initial: true }; 

{
    "risk_score": 4,
    "reasoning": "The script demonstrates some moderate-risk behaviors, such as sending user data (session source, status code, duration) to an external domain via a cookie. However, the intent appears to be related to CDN fallback handling, which is a common practice. The script also uses a timeout to trigger the fallback mechanism, which is a legitimate use case. Overall, the script has some potentially concerning behaviors but seems to be implementing a standard CDN fallback functionality."
}

 function cdnFallback(event) {var date = new Date(); var failedRequestUrl = 'unknown'; var sessionSource = 'unknown'; var statusCode = 'unknown'; var durationMs = 'unknown'; var maxAgeInSeconds = 8 * 60 * 60;if (event && event.currentTarget && event.currentTarget.src) {failedRequestUrl = event.currentTarget.src;}if (failedRequestUrl && typeof this.performance.getEntriesByName === 'function' && this.performance.getEntriesByName(failedRequestUrl)[0]) {statusCode = this.performance.getEntriesByName(failedRequestUrl)[0].responseStatus;durationMs = this.performance.getEntriesByName(failedRequestUrl)[0].duration;}sessionSource = false ? '' : window.sessionSource;try { document.cookie = 'disablecdn=cdnRequestFailureTimestamp:' + date.toUTCString() +'-cdnRequestFailureUrl:' + failedRequestUrl + '-sessionSource:' + sessionSource + '-statusCode:' + statusCode + '-durationMs:' + durationMs + '-loadType:eager' + '-errorType:' + (event && event.type) + '-documentHidden:' + document.hidden + '; max-age=' + maxAgeInSeconds + '; secure; partitioned; samesite=none';} catch (err) {} var newUrl = new URL(window.location.href); newUrl.searchParams.set('disablecdnExpiration', String(Math.round(new Date() / 1000 + maxAgeInSeconds)));window.location.href = newUrl.href;}function eagerLoadTimeoutHandler(scriptName, scriptSrc) {if(this.parseTimeMarkers[scriptName].initial) {setTimeout(function() {if (!this.parseTimeMarkers[scriptName].end) {cdnFallback({currentTarget: {src: scriptSrc}, type: 'timeout'});}}, 60000)}}

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet contains a mix of behaviors that warrant a medium risk score. While there are no clear indicators of malicious intent, the script exhibits some potentially concerning practices, such as the use of hardcoded access tokens and the handling of sensitive data like report IDs and URLs. Additionally, the script appears to be part of a larger application, which may introduce additional risks depending on the overall context. Further review and analysis would be necessary to determine the full scope and potential impact of this script."
}

        var viewLoadingStarted = Date.now();



        var skipCheckPowerBIAccessToken = true;
        var powerBIAccessToken = 'any';
        var reportId = 'any';
        var getExplorationUrl = '/public/';
        var getConceptualSchemaUrl = '/public/reports/conceptualschema';
        var queryDataUrl = '/public/reports/querydata';
        var resourceLoaderUrl = '/public/reports/resourcePackage/';
        var routingUrl = '/public/routing/cluster/';
        var resourceLoaderIncludePackageId = true;
        var isLoadReportMessagePending = false;
        var isReportControllerInitialized = false;
        var isAnonymousEmbed = true;
        var accessToken;
        var oDataFilter;
        var resourceKey;
        var resolveClusterError;
        var modelsAndExplorationPromise;
        var modelsAndExplorationResponse;
        var frontLoadStatus;
        var frontLoadError;
        var conceptualSchemaPromise;
        var conceptualSchemaResponse;
        var loadingState = "#Loading#";
        var errorState = "#Error#";
        var isConceptualSchemaCached;
        var isModelsAndExplorationCached;
        var conceptualSchemaDuration;
        var clusterResolutionFrontLoadStartTime = null;
        var clusterResolutionFrontLoadEndTime = null;
        var modelsAndExplorationFrontLoadStartTime = null;
        var modelsAndExplorationFrontLoadEndTime = null;
        var conceptualSchemaFrontLoadStartTime = null;
        var conceptualSchemaFrontLoadEndTime = null;
        var reportThumbnailPromise;
        var reportThumbnailResponse;
        var reportThumbnailFrontLoadStartTime;
        var reportThumbnailFrontLoadEndTime;
        var reportThumbnailDuration;
        var reportThumbnailRequestId;
        var reportThumbnailResponseRequestId;
        var responseRequestId;
        var conceptualSchemaRequestId;
        var conceptualSchemaResponseRequestId;
        var modelsAndExplorationRequestId;
        var certifiedTelemetryEmbed = true;
        var isOptimizePublishToWebEnabled = '' === "true";
        var reportThumbnailPrefix = "ReportThumbnail";
        var modelsAndExplorationPrefix = "ModelsAndExploration";
        var conceptualSchemaPrefix = "conceptualSchema";
        var globalUseNativePromise = 'false';
        var feUrl = 'https://app.powerbi.com';


        var clusterAssignmentRecord = {"FixedClusterUri":"https://wabi-australia-east-b-primary-redirect.analysis.windows.net/","TTLSeconds":300,"RuleDescription":"","Clients":[{"Name":"trident-web","AppInsightsConnectionString":"InstrumentationKey=908b209d-fc49-47a0-af63-286195034afe","AppInsightsId":"908b209d-fc49-47a0-af63-286195034afe"}],"ClientServicesMetadata":null};
        var resolvedClusterUri = 'https://wabi-australia-east-b-primary-redirect.analysis.windows.net/';
        var cleanUpAppInsightsEvents = true;

        //register for messages from parent window
        window.addEventListener("message", receiveMessage, false);

        //handle message from parent window
        function receiveMessage(event) {
            if (event.data) {
                try {
                    var messageData;
                    try {
                        messageData = JSON.parse(event.data);
                    } catch (e) {
                        messageData = event.data;
                    }
                    if (messageData.action === 'setPage') {
                        if (!messageData.pageName) {
                            return;
                        }

                        var pageName = messageData.pageName;
                        if (isReportControllerInitialized) {
                            setPage(pageName);
                        }
                    }
                }
                catch (e) {
                    var embedReportLoadMessage = {
                        event: 'error',
                        error: 'Invalid message data:' + e.message,
                    };
                    window.parent.postMessage(JSO

{
    "risk_score": 1,
    "reasoning": "The provided code snippet appears to be a simple assignment operation, updating a property of an object. This behavior is common in web development and does not demonstrate any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscation. The code seems to be part of a legitimate functionality, likely related to performance tracking or timing analysis."
}

this.parseTimeMarkers['hash-manifest.js'].end = Date.now();

{
    "risk_score": 2,
    "reasoning": "The provided code snippet appears to be a simple time tracking operation, likely part of a larger analytics or performance monitoring system. While the use of dynamic property access is not considered a best practice, there are no clear indicators of malicious intent or high-risk behaviors in this isolated snippet."
}

this.parseTimeMarkers['reportembed.externals.bundle.min.js'].end = Date.now();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be setting up a time marker for a script named 'jquery.globalize/globalize.culture.en-US.js'. This is likely part of a performance monitoring or debugging mechanism, which is a common and benign practice. There are no high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code, present in the snippet."
}

this.parseTimeMarkers = this.parseTimeMarkers || {}; this.parseTimeMarkers['jquery.globalize/globalize.culture.en-US.js'] = { nominalStart: Date.now(), start: Date.now(), initial: true }; 

{
    "risk_score": 1,
    "reasoning": "The provided code snippet appears to be a simple time tracking operation, likely part of a performance monitoring or analytics system. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The code is accessing a property of an object, which is a common programming practice. Overall, this code snippet poses a low risk and is likely part of a legitimate application."
}

this.parseTimeMarkers['jquery.globalize/globalize.min.js'].end = Date.now();

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple time-tracking mechanism for a script named 'reportembed.externals.bundle.min.js'. It sets up an object property to store timing information, which is a common practice for performance monitoring and debugging purposes. This behavior does not indicate any high-risk activities, and the code seems benign."
}

this.parseTimeMarkers = this.parseTimeMarkers || {}; this.parseTimeMarkers['reportembed.externals.bundle.min.js'] = { nominalStart: Date.now(), start: Date.now(), initial: true }; 

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple initialization of an object property, which is a common practice for managing application state or configuration. There are no high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code. The behavior is consistent with typical application initialization and does not raise any immediate security concerns."
}

this.parseTimeMarkers = this.parseTimeMarkers || {}; this.parseTimeMarkers['hash-manifest.js'] = { nominalStart: Date.now(), start: Date.now(), initial: true }; 

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple time tracking operation, likely part of a larger analytics or performance monitoring system. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The code is straightforward and does not interact with any suspicious domains. Therefore, this script is considered low risk."
}

this.parseTimeMarkers['jquery.globalize/globalize.culture.en-US.js'].end = Date.now();

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "Click Here To View | Download Documents",
  "prominent_button_name": "Click Here To View | Download Documents",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "file hosting"
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
  "brands": [
    "Cloudflare"
  ]
}

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 2,  "spoofed": 1,  "reasoning": "The URL 'https://proposals.storagedocumentapp.com' does not closely resemble any well-known brand or legitimate URL. The domain 'storagedocumentapp.com' appears to be a generic name that could be used for a legitimate service related to document storage or management. The subdomain 'proposals' suggests a specific section or feature of the service, which is a common practice in web development. There are no obvious character substitutions or visual similarities to a known brand. The structure of the URL does not indicate an attempt to confuse users into thinking they are interacting with a different, more recognized brand. Overall, the URL does not exhibit characteristics typical of typosquatting."}

URL: https://proposals.storagedocumentapp.com

{
  "brands": [
    "Cloudflare"
  ]
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "unknown"
}

{
"contains_trigger_text": true,
"trigger_text": "You've received a secure file",
"prominent_button_name": "Next",
"text_input_field_labels": "Enter email",
"pdf_icon_visible": true,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false,
"page_classification": "file hosting"
}
Google indexed: False

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Microsoft",
    "OneDrive"
  ]
}
Google indexed: False

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'proposals.storagedocumentapp.com' does not match the legitimate domain 'microsoft.com'.",    "The domain 'storagedocumentapp.com' is not commonly associated with Microsoft.",    "The use of a generic domain name with a subdomain 'proposals' is suspicious and could be indicative of phishing.",    "The presence of an input field asking for an email address is a common tactic used in phishing sites to collect user credentials."  ],  "riskscore": 9}
Google indexed: False

{
  "contains_trigger_text": true,
  "trigger_text": "To receive and download this PDF file, please enter specific professional email credentials that this document was sent to.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "spam-reports@csiro.au"
  ],
  "pdf_icon_visible": true,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false,
  "page_classification": "file hosting"
}

{
  "brands": [
    "Microsoft"
  ]
}