Windows Analysis Report
http://www.mynylgbs.com

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: http://www.mynylgbs.com

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate script for the Boomerang performance monitoring service. It sets up the necessary configuration and initializes the Boomerang library. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with a performance monitoring tool and does not exhibit any high-risk indicators. The script is likely benign, with some minor outdated practices that pose a low risk."
}

!function(a){var e="https://s.go-mpulse.net/boomerang/",t="addEventListener";if("True"=="True")a.BOOMR_config=a.BOOMR_config||{},a.BOOMR_config.PageParams=a.BOOMR_config.PageParams||{},a.BOOMR_config.PageParams.pci=!0,e="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="259HB-23ACQ-K5LRV-AJYKV-5VUWF",function(){function n(e){a.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!a.BOOMR||!a.BOOMR.version&&!a.BOOMR.snippetExecuted){a.BOOMR=a.BOOMR||{},a.BOOMR.snippetExecuted=!0;var i,_,o,r=document.createElement("iframe");if(a[t])a[t]("load",n,!1);else if(a.attachEvent)a.attachEvent("onload",n);r.src="javascript:void(0)",r.title="",r.role="presentation",(r.frameElement||r).style.cssText="width:0;height:0;border:0;display:none;",o=document.getElementsByTagName("script")[0],o.parentNode.insertBefore(r,o);try{_=r.contentWindow.document}catch(O){i=document.domain,r.src="javascript:var d=document.open();d.domain='"+i+"';void(0);",_=r.contentWindow.document}_.open()._l=function(){var a=this.createElement("script");if(i)this.domain=i;a.id="boomr-if-as",a.src=e+"259HB-23ACQ-K5LRV-AJYKV-5VUWF",BOOMR_lstart=(new Date).getTime(),this.body.appendChild(a)},_.write("<bo"+'dy onload="document._l();">'),_.close()}}(),"".length>0)if(a&&"performance"in a&&a.performance&&"function"==typeof a.performance.setResourceTimingBufferSize)a.performance.setResourceTimingBufferSize();!function(){if(BOOMR=a.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var e=""=="true"?1:0,t="",n="baxhxpiccrce6z3cxsqa-f-302d7ff62-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,_={"ak.v":"39","ak.cp":"1192893","ak.ai":parseInt("712878",10),"ak.ol":"0","ak.cr":91,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"d0f97399","ak.r":49982,"ak.a2":e,"ak.m":"a","ak.n":"essl","ak.bpcip":"8.46.123.0","ak.cport":11826,"ak.gh":"2.17.216.143","ak.quicv":"","ak.tlsv":"tls1.3","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1734524064","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==GeqNNOTALdE0sbn8aYi9W86U6z2v0vnPeCn9cYlhObo42lzzaW/xp6ncveu4D2NBzUAyqJafjOsXwN7HlKxShO6C7iMV1Qg8rKkCL2BDwfUPfS08CUISWJkO8U3CtdG6vWg+UgJeyc9ecv6cgIN7DU9gTR9syLIiGByQxliA9j2TabcG7P9BUMBcsSC42MSbUyHGiLsK2DKdNyNLomqWgNiO4PRONcxKOWbHLTzYt3KC0UVdm+zf372rA3iyYYUkCGaWa1c+iO2v7PXbNYyvdUW7SnvJI0werUJaMyhZyYDxRYd/BCjK4iFfUXi1V2QdmG4xvtVR3qLiFQ4LRZw1VVezQbNvUnjSyJC+8Eplh9jOtMW20ae2/OJBgF8IwAAkFzI/omTOk3PxMS2OMTOlKkfOOSJBySY1guUisC8VLaY=","ak.pv":"27","ak.dpoabenc":"","ak.tf":i};if(""!==t)_["ak.ruds"]=t;var o={i:!1,av:function(e){var t="http.initiator";if(e&&(!e[t]||"spa_hard"===e[t]))_["ak.feo"]=void 0!==a.aFeoApplied?1:0,BOOMR.addVar(_)},rv:function(){var a=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(a)}};BOOMR.plugins.AK={akVars:_,akDNSPreFetchDomain:n,init:function(){if(!o.i){var a=BOOMR.subscribe;a("before_beacon",o.av,null,null),a("onbeacon",o.rv,null,null),o.i=!0}return this},is_complete:function(){return!0}}}}()}(window);

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a data layer object used for analytics or tracking purposes. It contains common page information like the page name, URL, and channel, which is typical for web analytics implementations. There are no high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script seems to be a legitimate implementation of a data layer, which is a common practice for web analytics and tag management."
}

    	nylDataLayer = {
        "pageInfo": {
			"pageName": 'gbs:signin',
            "siteSection": 'registration',
            "pageUrl": window.location.href,
            "category": '',
            "pageProductType": '',
            "pageTemplate": '',
            "channel": 'gbs-prelogin',
            "language": "en",
            "clientId":"NA",
            "role":"POLICYOWNER",
        }
    };
	

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of a web analytics or performance monitoring library. While it contains some legacy practices and external data transmission, the overall behavior is likely benign and aligned with typical analytics functionality. The script does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. Some contextual adjustments have been made to account for the legitimate analytics purpose, resulting in a low-risk score."
}

;/* Version 97655c10e7b91050c0196f6fd1b25fa5 v:20.8.0.3230, c:692d4851d7887364796526ff8188edb96177eaf3, b:20.8.0.3230 */(function(){new function(){if(!window.ADRUM&&!0!==window["adrum-disable"]){var k=window.ADRUM={},y=window.console,A=y&&"function"==typeof y.log?y:{log:function(){}};window["adrum-start-time"]=window["adrum-start-time"]||(new Date).getTime();var u=this&&this.Bc||function(){var a=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(a,l){a.__proto__=l}||function(a,l){for(var e in l)l.hasOwnProperty(e)&&(a[e]=l[e])};return function(b,l){function e(){this.constructor=b}a(b,l);b.prototype=null===l?Object.create(l):
(e.prototype=l.prototype,new e)}}();(function(a){(function(a){a.setUpMonitors=function(){for(var a=[],b=0;b<arguments.length;b++)a[b]=arguments[b];for(b=0;b<a.length;b++){var c=a[b];c&&c.setUp()}}})(a.monitor||(a.monitor={}))})(k||(k={}));(function(a){(function(b){function l(a){return b.refs.slice.apply(a,b.refs.slice.call(arguments,1))}function e(a,m){return c(b.refs.setTimeout.apply)?b.refs.setTimeout.apply(window,arguments):b.refs.setTimeout(a,m)}function c(a){return"undefined"!==typeof a&&null!==
a}function f(a){return"object"==typeof a&&!b.isArray(a)&&null!==a}function g(a){return"function"==typeof a||!1}function n(a){return"string"==typeof a}function m(a){return"number"==typeof a}function p(a,c){for(var m in c){var g=c[m];if(s(c,m)){var n=a[m];f(g)&&f(n)?p(n,g):b.isArray(n)&&b.isArray(g)?a[m]=n.concat(g):a[m]=g}}return a}function s(a,b){return Object.prototype.hasOwnProperty.call(a,b)&&c(a[b])}function q(a){return n(a)?a.replace(/^\s*/,"").replace(/\s*$/,""):a}function r(){return b.refs.la&&
g(b.refs.la.now)}function k(){return r()?b.refs.round(b.refs.la.now()+x()):(new Date).getTime()}function x(){var a=b.refs.la,a=a&&a.timing&&m(a.timing.navigationStart)?a.timing.navigationStart:window["adrum-start-time"];c(a)||(a=k());return a}function t(a,b){var c=Array.prototype[a];return c?v(c):B(a,b)}function v(a){return function(c){return a.apply(c,b.refs.slice.call(arguments,1))}}function B(a,b){return function(m,f){if(!c(m))throw new TypeError(a+" called on null or undefined");if(!g(f))throw new TypeError(f+
" is not a function");return b.apply(null,arguments)}}function C(a,b,c){var m=Object(a),f=m.length>>>0,g=0;if(3>arguments.length){for(;g<f&&!(g in m);)g++;if(g>=f)throw new TypeError("Reduce of empty array with no initial value");c=m[g++]}for(;g<f;g++)g in m&&(c=b(c,m[g],g,m));return c}function z(a,c,m){return b.reduce(a,function(a,b,g,f){a[g]=c.call(m,b,g,f);return a},Array(a.length>>>0))}function D(a,c,m){return b.reduce(a,function(a,b,g,f){c.call(m,b,g,f)&&a.push(b);return a},[])}function E(a,
b,c){a=Object(a);for(var m=a.length>>>0,g=0;g<m;g++)if(g in a&&b.call(c,a[g],g,a))return!0;return!1}function F(a,c,m){return!b.some(a,function(a){return!c.call(m,a)})}function N(a,c,m){b.reduce(a,function(a,b,g,f){c.call(m,b,g,f)},void 0)}b.refs={isArray:Array.isArray,toString:Object.prototype.toString,slice:Array.prototype.slice,setTimeout:window.setTimeout,setInterval:window.setInterval,la:window.performance||window.mozPerformance||window.msPerformance||window.webkitPerformance,assign:Object.assign,
round:Math.round};b.xa=l;b.oSTO=e;b.isCORSSupported=function(){var a=window.JSON&&g(JSON.stringify);return c(window.XMLHttpRequest)&&"withCredentials"in new XMLHttpRequest&&a};b.isDefined=c;b.fl=function(a){return"number"===typeof a&&!window.isNaN(a)};b.isArray=g(b.refs.isArray)&&g(b.refs.isArray.bind)?b.refs.isArray.bind(Array):function(a){return b.refs.toString.call(a)===b.refs.toString.call([])};b.isObject=f;b.isFunction=g;b.isString=n;b.isNumber=m;b.isBoolean=function(a){return"boolean"==typeof a};
b.max=function(a,b){return Math.max(isNaN(a)?Number.NEGATIVE_INFINITY:a,isNaN(b)?Number.NEGATIVE_INFINITY:b)};b.hc=e;b.so=function(a,b){e(a,b||1E4)};b.addEventListener=function(b,c,m,g){function f(){try{return m.apply(this,l(arguments))}catch(g){a.exception(g,"M1",c,b,g)}}void 0===g&&(g=!1);a.isDebug&&a.log

{
    "risk_score": 2,
    "reasoning": "This script appears to be a legitimate Adobe Launch script used for analytics and data collection purposes. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or redirects to suspicious domains. The script primarily interacts with known, reputable domains and performs common analytics and tracking functions. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign with no clear intent to cause harm."
}

// For license information, see `https://assets.adobedtm.com/e7dc5c5ab342/24ce288a0743/launch-e5777f8ccf55.js`.
window._satellite=window._satellite||{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2021-08-09T17:57:12Z",environment:"production",turbineBuildDate:"2021-04-26T16:54:28Z",turbineVersion:"27.1.3"},dataElements:{cleanUrl:{modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"window.location.pathname"}},channel:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.channel"}},role:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.role"}},pageName:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.pageName"}},pageUrl:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"window.location.href"}},server:{modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"window.location.host"}},siteSection:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.siteSection"}},clientSessionId:{storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.clientSessionId"}},previousPage:{defaultValue:"",storageDuration:"pageview",modulePath:"core/src/lib/dataElements/javascriptVariable.js",settings:{path:"nylDataLayer.pageInfo.previousPage"}}},extensions:{core:{displayName:"Core",modules:{"core/src/lib/dataElements/javascriptVariable.js":{name:"javascript-variable",displayName:"JavaScript Variable",script:function(e,t,n){"use strict";var r=n("../helpers/getObjectProperty.js");e.exports=function(e){return r(window,e.path)}}},"core/src/lib/events/pageBottom.js":{name:"page-bottom",displayName:"Page Bottom",script:function(e,t,n){"use strict";var r=n("./helpers/pageLifecycleEvents");e.exports=function(e,t){r.registerPageBottomTrigger(t)}}},"core/src/lib/events/domReady.js":{name:"dom-ready",displayName:"DOM Ready",script:function(e,t,n){"use strict";var r=n("./helpers/pageLifecycleEvents");e.exports=function(e,t){r.registerDomReadyTrigger(t)}}},"core/src/lib/actions/customCode.js":{name:"custom-code",displayName:"Custom Code",script:function(e,t,n,i){"use strict";var a,r,o,s,c=n("@adobe/reactor-document"),u=n("@adobe/reactor-promise"),l=n("./helpers/decorateCode"),f=n("./helpers/loadCodeSequentially"),p=n("../../../node_modules/postscribe/dist/postscribe"),d=n("./helpers/unescapeHtmlCode"),g=(r=function(e){p(c.body,e,{beforeWriteToken:function(t){var e=t.tagName&&t.tagName.toLowerCase();return a&&"script"===e&&(t.attrs.nonce=a),"script"!==e&&"style"!==e||(Object.keys(t.attrs||{}).forEach(function(e){t.attrs[e]=d(t.attrs[e])}),t.src&&(t.src=d(t.src))),t},error:function(e){i.logger.error(e.msg)}})},o=[],s=function(){if(c.body)for(;o.length;)r(o.shift());else setTimeout(s,20)},function(e){o.push(e),s()}),h=function(){if(c.currentScript)return c.currentScript.async;for(var e=c.querySelectorAll("script"),t=0;t<e.length;t++){var n=e[t];if(/(launch|satelliteLib)-[^\/]+.js(\?.*)?$/.test(n.src))return n.async}return!0}();e.exports=function(e,t){var n;a=i.getExtensionSettings().cspNonce;var r={settings:e,event:t},o=r.settings.source;if(o)return r.settings.isExternal?f(o).then(function(e){return e?(n=l(r,e),g(n.code),n.promise):u.resolve()}):(n=l(r,o),h||"loading"!==c.readyState?g(n.code):c.write&&!1===i.propertySettings.ruleComponentSequencingEnabled?c.write(n.code):g(n.code),n.promise)}}},"core/src/lib/events/customEvent.js":{name:"custom-event",displayName:"Custom Event",script:function(e,t,n){"use strict";var r=n("./helpers/createBubbly")(),o=[];e.exports=function(e,t){var n=e.type;-1===o.indexOf(n)&&(o.push(n),window.addEventListener(n,r.evaluateEvent,!0)),r.addListener(e,function(e){e

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Adobe Analytics (formerly SiteCatalyst) library, which is a widely used web analytics solution. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The behaviors observed are mostly related to cookie handling, configuration, and utility functions, which are common in web analytics implementations. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a legitimate part of a web analytics solution and does not exhibit any suspicious or malicious behavior."
}

// For license information, see `https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.js`.
function AppMeasurement(f){var g=this;g.version="2.22.0";var p=window;p.s_c_in||(p.s_c_il=[],p.s_c_in=0),g._il=p.s_c_il,g._in=p.s_c_in,g._il[g._in]=g,p.s_c_in++,g._c="s_c";var d=p.AppMeasurement.ic;d||(d=null);var l,b,k,m=p;try{for(l=m.parent,b=m.location;l&&l.location&&b&&""+l.location!=""+b&&m.location&&""+l.location!=""+m.location&&l.location.host===b.host;)l=(m=l).parent}catch(e){}g.C=function(e){try{console.log(e)}catch(t){}},g.Ra=function(e){return""+parseInt(e)==""+e},g.replace=function(e,t,a){return!e||e.indexOf(t)<0?e:e.split(t).join(a)},g.escape=function(e){var t,a;if(!e)return e;for(e=encodeURIComponent(e),t=0;t<7;t++)a="+~!*()'".substring(t,t+1),0<=e.indexOf(a)&&(e=g.replace(e,a,"%"+a.charCodeAt(0).toString(16).toUpperCase()));return e},g.unescape=function(e){if(!e)return e;e=0<=e.indexOf("+")?g.replace(e,"+"," "):e;try{return decodeURIComponent(e)}catch(t){}return unescape(e)},g.Nb=function(){var e,t=p.location.hostname,a=g.fpCookieDomainPeriods;if(a||(a=g.cookieDomainPeriods),t&&!g.Ka&&!/^[0-9.]+$/.test(t)&&(a=2<(a=a?parseInt(a):2)?a:2,0<=(e=t.lastIndexOf(".")))){for(;0<=e&&1<a;)e=t.lastIndexOf(".",e-1),a--;g.Ka=0<e?t.substring(e):t}return g.Ka},g.c_r=g.cookieRead=function(e){e=g.escape(e);var t=" "+g.d.cookie,a=t.indexOf(" "+e+"="),n=a<0?a:t.indexOf(";",a);return"[[B]]"!=(e=a<0?"":g.unescape(t.substring(a+2+e.length,n<0?t.length:n)))?e:""},g.c_w=g.cookieWrite=function(e,t,a){var n,i=g.Nb(),r=g.cookieLifetime;return t=""+t,r=r?(""+r).toUpperCase():"",a&&"SESSION"!=r&&"NONE"!=r&&((n=""!=t?parseInt(r||0):-60)?(a=new Date).setTime(a.getTime()+1e3*n):1===a&&(n=(a=new Date).getYear(),a.setYear(n+2+(n<1900?1900:0)))),e&&"NONE"!=r?(g.d.cookie=g.escape(e)+"="+g.escape(""!=t?t:"[[B]]")+"; path=/;"+(a&&"SESSION"!=r?" expires="+a.toUTCString()+";":"")+(i?" domain="+i+";":"")+(g.writeSecureCookies?" secure;":""),g.cookieRead(e)==t):0},g.Kb=function(){var e=g.Util.getIeVersion();"number"==typeof e&&e<10&&(g.unsupportedBrowser=!0,g.xb(g,function(){}))},g.ya=function(){var e=navigator.userAgent;return"Microsoft Internet Explorer"===navigator.appName||0<=e.indexOf("MSIE ")||0<=e.indexOf("Trident/")&&0<=e.indexOf("Windows NT 6")},g.xb=function(e,t){for(var a in e)Object.prototype.hasOwnProperty.call(e,a)&&"function"==typeof e[a]&&(e[a]=t)},g.K=[],g.fa=function(e,t,a){if(g.La)return 0;g.maxDelay||(g.maxDelay=250);var n=0,i=(new Date).getTime()+g.maxDelay,r=g.d.visibilityState,o=["webkitvisibilitychange","visibilitychange"];if(r||(r=g.d.webkitVisibilityState),r&&"prerender"==r){if(!g.ga)for(g.ga=1,a=0;a<o.length;a++)g.d.addEventListener(o[a],function(){var e=g.d.visibilityState;e||(e=g.d.webkitVisibilityState),"visible"==e&&(g.ga=0,g.delayReady())});n=1,i=0}else a||g.u("_d")&&(n=1);return n&&(g.K.push({m:e,a:t,t:i}),g.ga||setTimeout(g.delayReady,g.maxDelay)),n},g.delayReady=function(){var e,t=(new Date).getTime(),a=0;for(g.u("_d")?a=1:g.Aa();0<g.K.length;){if(e=g.K.shift(),a&&!e.t&&e.t>t){g.K.unshift(e),setTimeout(g.delayReady,parseInt(g.maxDelay/2));break}g.La=1,g[e.m].apply(g,e.a),g.La=0}},g.setAccount=g.sa=function(e){var t,a;if(!g.fa("setAccount",arguments))if(g.account=e,g.allAccounts)for(t=g.allAccounts.concat(e.split(",")),g.allAccounts=[],t.sort(),a=0;a<t.length;a++)0!=a&&t[a-1]==t[a]||g.allAccounts.push(t[a]);else g.allAccounts=e.split(",")},g.foreachVar=function(e,t){var a,n,i,r,o="";for(i=n="",g.lightProfileID?(a=g.O,(o=g.lightTrackVars)&&(o=","+o+","+g.la.join(",")+",")):(a=g.g,(g.pe||g.linkType)&&(o=g.linkTrackVars,n=g.linkTrackEvents,g.pe&&(i=g.pe.substring(0,1).toUpperCase()+g.pe.substring(1),g[i]&&(o=g[i].ec,n=g[i].cc))),o&&(o=","+o+","+g.F.join(",")+","),n&&o&&(o+=",events,")),t&&(t=","+t+","),n=0;n<a.length;n++)i=a[n],(r=g[i])&&(!o||0<=o.indexOf(","+i+","))&&(!t||0<=t.indexOf(","+i+","))&&e(i,r)},g.o=function(e,t,a,n,i){var r,o,c,s,l="",u=0;if("contextData"==e&&(e="c"),t){for(r in t)if(!(Objec

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Adobe Analytics (formerly SiteCatalyst) library, which is a legitimate and widely-used web analytics tool. While the code contains some behaviors that could be considered risky, such as the use of the `XDomainRequest` API and aggressive DOM manipulation, these are likely part of the normal functionality of the analytics library and not indicative of malicious intent. Additionally, the script is hosted on a trusted Adobe domain, which further reduces the risk. Overall, this script is likely benign and used for legitimate analytics purposes, with some outdated practices that pose a low risk."
}

// For license information, see `https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.js`.
function AppMeasurement_Module_ActivityMap(o){function e(){var e=t.pageYOffset+(t.innerHeight||0);e&&+g<e&&(g=e)}function n(){if(f.scrollReachSelector){var t=o.d.querySelector&&o.d.querySelector(f.scrollReachSelector);t?(g=t.scrollTop||0,t.addEventListener("scroll",function(){var e;(e=t&&t.scrollTop+t.clientHeight||0)>g&&(g=e)})):0<i--&&setTimeout(n,1e3)}}function a(e,t){var n,r,i;if(e&&t&&(n=f.c[t]||(f.c[t]=t.split(","))))for(i=0;i<n.length&&(r=n[i++]);)if(-1<e.indexOf(r))return null;return e}function c(e,t,n,r,i){var a,c;if(e.dataset&&(c=e.dataset[t])?a=c:e.getAttribute&&((c=e.getAttribute("data-"+n))?a=c:(c=e.getAttribute(n))&&(a=c)),!a&&o.useForcedLinkTracking&&i){var l;if(e=e.onclick?""+e.onclick:"",varValue="",r&&e&&0<=(t=e.indexOf(r))){for(t+=r.length;t<e.length;)if(n=e.charAt(t++),0<="'\"".indexOf(n)){l=n;break}for(c=!1;t<e.length&&l&&(n=e.charAt(t),c||n!==l);)"\\"===n?c=!0:(varValue+=n,c=!1),t++}(l=varValue)&&(o.w[r]=l)}return a||i&&o.w[r]}function l(e,t,n){var r;return(r=f[t](e,n))&&a(u(r),f[t+"Exclusions"])}function s(e,t,n){var r;if(e&&!(1===(r=e.nodeType)&&(r=e.nodeName)&&(r=r.toUpperCase())&&p[r])&&(1===e.nodeType&&(r=e.nodeValue)&&(t[t.length]=r),n.a||n.t||n.s||!e.getAttribute||((r=e.getAttribute("alt"))?n.a=r:(r=e.getAttribute("title"))?n.t=r:"IMG"==(""+e.nodeName).toUpperCase()&&(r=e.getAttribute("src")||e.src)&&(n.s=r)),(r=e.childNodes)&&r.length))for(e=0;e<r.length;e++)s(r[e],t,n)}function u(e){if(null==e||null==e)return e;try{return e.replace(RegExp("^[\\s\\n\\f\\r\\t\t-\r \xa0\u1680\u180e\u2000-\u200a\u2028\u2029\u205f\u3000\ufeff]+","mg"),"").replace(RegExp("[\\s\\n\\f\\r\\t\t-\r \xa0\u1680\u180e\u2000-\u200a\u2028\u2029\u205f\u3000\ufeff]+$","mg"),"").replace(RegExp("[\\s\\n\\f\\r\\t\t-\r \xa0\u1680\u180e\u2000-\u200a\u2028\u2029\u205f\u3000\ufeff]{1,}","mg")," ").substring(0,254)}catch(t){}}var f=this;f.s=o;var t=window;t.s_c_in||(t.s_c_il=[],t.s_c_in=0),f._il=t.s_c_il,f._in=t.s_c_in,f._il[f._in]=f,t.s_c_in++,f._c="s_m";var r,g=0,i=60;f.c={};var p={SCRIPT:1,STYLE:1,LINK:1,CANVAS:1};f._g=function(){var e,t,n,r=o.contextData,i=o.linkObject;(e=o.pageName||o.pageURL)&&(t=l(i,"link",o.linkName))&&(n=l(i,"region"))&&(r["a.activitymap.page"]=e.substring(0,255),r["a.activitymap.link"]=128<t.length?t.substring(0,128):t,r["a.activitymap.region"]=127<n.length?n.substring(0,127):n,0<g&&(r["a.activitymap.xy"]=10*Math.floor(g/10)),r["a.activitymap.pageIDType"]=o.pageName?1:0)},f._d=function(){f.trackScrollReach&&!r&&(f.scrollReachSelector?n():(e(),t.addEventListener&&t.addEventListener("scroll",e,!1)),r=!0)},f.link=function(e,t){var n;if(t)n=a(u(t),f.linkExclusions);else if((n=e)&&!(n=c(e,"sObjectId","s-object-id","s_objectID",1))){var r,i;(i=a(u(e.innerText||e.textContent),f.linkExclusions))||(s(e,r=[],n={a:void 0,t:void 0,s:void 0}),(i=a(u(r.join(""))))||(i=a(u(n.a?n.a:n.t?n.t:n.s?n.s:void 0)))||!(r=(r=e.tagName)&&r.toUpperCase?r.toUpperCase():"")||("INPUT"==r||"SUBMIT"==r&&e.value?i=a(u(e.value)):"IMAGE"==r&&e.src&&(i=a(u(e.src))))),n=i}return n},f.region=function(e){for(var t,n=f.regionIDAttribute||"id";e&&(e=e.parentNode);){if(t=c(e,n,n,n))return t;if("BODY"==e.nodeName)return"BODY"}}}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a standard Webpack bootstrap code, which is commonly used in modern web development. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is responsible for managing the loading and execution of modules, which is a common practice in modular JavaScript applications. Overall, this script is likely benign and does not pose a significant security risk."
}

/******/ (function(modules) { // webpackBootstrap
/******/ 	// install a JSONP callback for chunk loading
/******/ 	function webpackJsonpCallback(data) {
/******/ 		var chunkIds = data[0];
/******/ 		var moreModules = data[1];
/******/ 		var executeModules = data[2];
/******/
/******/ 		// add "moreModules" to the modules object,
/******/ 		// then flag all "chunkIds" as loaded and fire callback
/******/ 		var moduleId, chunkId, i = 0, resolves = [];
/******/ 		for(;i < chunkIds.length; i++) {
/******/ 			chunkId = chunkIds[i];
/******/ 			if(Object.prototype.hasOwnProperty.call(installedChunks, chunkId) && installedChunks[chunkId]) {
/******/ 				resolves.push(installedChunks[chunkId][0]);
/******/ 			}
/******/ 			installedChunks[chunkId] = 0;
/******/ 		}
/******/ 		for(moduleId in moreModules) {
/******/ 			if(Object.prototype.hasOwnProperty.call(moreModules, moduleId)) {
/******/ 				modules[moduleId] = moreModules[moduleId];
/******/ 			}
/******/ 		}
/******/ 		if(parentJsonpFunction) parentJsonpFunction(data);
/******/
/******/ 		while(resolves.length) {
/******/ 			resolves.shift()();
/******/ 		}
/******/
/******/ 		// add entry modules from loaded chunk to deferred list
/******/ 		deferredModules.push.apply(deferredModules, executeModules || []);
/******/
/******/ 		// run deferred modules when all chunks ready
/******/ 		return checkDeferredModules();
/******/ 	};
/******/ 	function checkDeferredModules() {
/******/ 		var result;
/******/ 		for(var i = 0; i < deferredModules.length; i++) {
/******/ 			var deferredModule = deferredModules[i];
/******/ 			var fulfilled = true;
/******/ 			for(var j = 1; j < deferredModule.length; j++) {
/******/ 				var depId = deferredModule[j];
/******/ 				if(installedChunks[depId] !== 0) fulfilled = false;
/******/ 			}
/******/ 			if(fulfilled) {
/******/ 				deferredModules.splice(i--, 1);
/******/ 				result = __webpack_require__(__webpack_require__.s = deferredModule[0]);
/******/ 			}
/******/ 		}
/******/
/******/ 		return result;
/******/ 	}
/******/
/******/ 	// The module cache
/******/ 	var installedModules = {};
/******/
/******/ 	// object to store loaded and loading chunks
/******/ 	// undefined = chunk not loaded, null = chunk preloaded/prefetched
/******/ 	// Promise = chunk loading, 0 = chunk loaded
/******/ 	var installedChunks = {
/******/ 		"app": 0
/******/ 	};
/******/
/******/ 	var deferredModules = [];
/******/
/******/ 	// The require function
/******/ 	function __webpack_require__(moduleId) {
/******/
/******/ 		// Check if module is in cache
/******/ 		if(installedModules[moduleId]) {
/******/ 			return installedModules[moduleId].exports;
/******/ 		}
/******/ 		// Create a new module (and put it into the cache)
/******/ 		var module = installedModules[moduleId] = {
/******/ 			i: moduleId,
/******/ 			l: false,
/******/ 			exports: {}
/******/ 		};
/******/
/******/ 		// Execute the module function
/******/ 		modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ 		// Flag the module as loaded
/******/ 		module.l = true;
/******/
/******/ 		// Return the exports of the module
/******/ 		return module.exports;
/******/ 	}
/******/
/******/
/******/ 	// expose the modules object (__webpack_modules__)
/******/ 	__webpack_require__.m = modules;
/******/
/******/ 	// expose the module cache
/******/ 	__webpack_require__.c = installedModules;
/******/
/******/ 	// define getter function for harmony exports
/******/ 	__webpack_require__.d = function(exports, name, getter) {
/******/ 		if(!__webpack_require__.o(exports, name)) {
/******/ 			Object.defineProperty(exports, name, { enumerable: true, get: getter });
/******/ 		}
/******/ 	};
/******/
/******/ 	// define __esModule on exports
/******/ 	__webpack_require__.r = function(exports) {
/******/ 		if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
/******/ 			Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
/******/ 		}
/******/ 		Ob

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}

URL: https://www.mynylgbs.com

{
  "contains_trigger_text": true,
  "trigger_text": "File a claim or family medical leave",
  "prominent_button_name": "Employee Login",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

```json
{
    "risk_score": 2,
    "reasoning": "The script appears to be part of a legitimate performance monitoring tool (Boomerang) used by reputable companies like Akamai. It includes some legacy practices and aggressive DOM manipulation, but there are no high-risk indicators such as dynamic code execution or data exfiltration. The script's intent aligns with analytics/telemetry functionality, which reduces the risk score."
}

/*
 * Copyright (c) 2011, Yahoo! Inc.  All rights reserved.
 * Copyright (c) 2011-2012, Log-Normal, Inc.  All rights reserved.
 * Copyright (c) 2012-2017, SOASTA, Inc. All rights reserved.
 * Copyright (c) 2017, Akamai Technologies, Inc. All rights reserved.
 * Copyrights licensed under the BSD License. See the accompanying LICENSE.txt file for terms.
 */
/* Boomerang Version: 1.720.0 b17966bb92f8ac2ddcda4ac1d9c0aaea6d2eda7b */

BOOMR_start=(new Date).getTime();function BOOMR_check_doc_domain(e){if(window){if(!e){if(window.parent===window||!document.getElementById("boomr-if-as"))return;if(window.BOOMR&&BOOMR.boomerang_frame&&BOOMR.window)try{BOOMR.boomerang_frame.document.domain!==BOOMR.window.document.domain&&(BOOMR.boomerang_frame.document.domain=BOOMR.window.document.domain)}catch(t){BOOMR.isCrossOriginError(t)||BOOMR.addError(t,"BOOMR_check_doc_domain.domainFix")}e=document.domain}if(e&&-1!==e.indexOf(".")&&window.parent){try{window.parent.document;return}catch(t){try{document.domain=e}catch(n){return}}try{window.parent.document;return}catch(t){e=e.replace(/^[\w\-]+\./,"")}BOOMR_check_doc_domain(e)}}}BOOMR_check_doc_domain();!function(c){var d,t,l,o,s,e,a,n=c;c.parent!==c&&document.getElementById("boomr-if-as")&&"script"===document.getElementById("boomr-if-as").nodeName.toLowerCase()&&(c=c.parent);l=c.document;c.BOOMR||(c.BOOMR={});BOOMR=c.BOOMR;if(!BOOMR.version){BOOMR.version="1.720.0";BOOMR.window=c;BOOMR.boomerang_frame=n;BOOMR.plugins||(BOOMR.plugins={});!function(){try{new c.CustomEvent("CustomEvent")!==undefined&&(o=function(e,t){return new c.CustomEvent(e,t)})}catch(e){}try{!o&&l.createEvent&&l.createEvent("CustomEvent")&&(o=function(e,t){var n=l.createEvent("CustomEvent");t=t||{cancelable:!1,bubbles:!1};n.initCustomEvent(e,t.bubbles,t.cancelable,t.detail);return n})}catch(e){}!o&&l.createEventObject&&(o=function(e,t){var n=l.createEventObject();n.type=n.propertyName=e;n.detail=t.detail;return n});o=o||function(){return undefined}}();s=function(e,t,n){var r=o(e,{detail:t});r&&(n?BOOMR.setImmediate(i):i());function i(){try{l.dispatchEvent?l.dispatchEvent(r):l.fireEvent&&l.fireEvent("onpropertychange",r)}catch(e){}}};if("undefined"!=typeof l.hidden){e="visibilityState";a="visibilitychange"}else if("undefined"!=typeof l.mozHidden){e="mozVisibilityState";a="mozvisibilitychange"}else if("undefined"!=typeof l.msHidden){e="msVisibilityState";a="msvisibilitychange"}else if("undefined"!=typeof l.webkitHidden){e="webkitVisibilityState";a="webkitvisibilitychange"}d={beacon_url:"",beacon_url_force_https:!0,beacon_urls_allowed:["^//[a-z0-9]+\\.akstat\\.io/?$"],beacon_type:"AUTO",beacon_auth_key:"Authorization",beacon_auth_token:undefined,beacon_with_credentials:!1,beacon_disable_sendbeacon:!1,site_domain:c.location.hostname.replace(/.*?([^.]+\.[^.]+)\.?$/,"$1").toLowerCase(),user_ip:"",autorun:!0,hasSentPageLoadBeacon:!1,r:undefined,same_site_cookie:"Lax",secure_cookie:!1,forced_same_site_cookie_none:!1,events:{page_ready:[],page_unload:[],before_unload:[],dom_loaded:[],visibility_changed:[],prerender_to_visible:[],before_beacon:[],beacon:[],page_load_beacon:[],xhr_load:[],click:[],form_submit:[],config:[],xhr_init:[],spa_init:[],spa_navigation:[],spa_cancel:[],xhr_send:[],xhr_error:[],error:[],netinfo:[],rage_click:[],before_early_beacon:[]},public_events:{before_beacon:"onBeforeBoomerangBeacon",beacon:"onBoomerangBeacon",onboomerangloaded:"onBoomerangLoaded"},translate_events:{onbeacon:"beacon",onconfig:"config",onerror:"error",onxhrerror:"xhr_error"},unloadEventsCount:0,unloadEventCalled:0,listenerCallbacks:{},vars:{},singleBeaconVars:{},varPriority:{"-1":{},1:{}},errors:{},disabled_plugins:{},localStorageSupported:!1,LOCAL_STORAGE_PREFIX:"_boomr_",nativeOverwrites:[],xb_handler:function(n){return function(e){var t;(e=e||c.event).target?t=e.target:e.srcElement&&(t=e.srcElement);3===t.nodeType&&(t=t.parentNode);t&&t.nodeName&&"OBJECT"===t.nodeName.toUpperCase()&&"application/x-shockwave-flash"===t.type||d.fireEvent(n,t)}},clearEv

{
  "brands": [
    "New York Life"
  ]
}

{
    "risk_score": 4,
    "reasoning": "The script appears to be related to analytics and tracking functionality, which is a moderate-risk indicator. It sends data to the ContentSquare domain, which is a known analytics provider. However, the script also uses some obfuscation techniques, which raises the risk level. Overall, the script requires further review due to the combination of moderate-risk behaviors and potential obfuscation."
}

_satellite["_runScript1"](function(event, target, Promise) {
!function(){if(window._uxa=window._uxa||[],"undefined"==typeof CS_CONF){window._uxa.push(["setPath",window.location.pathname+window.location.hash.replace("#","?__")]);var a=document.createElement("script");a.type="text/javascript",a.async=!0,-1<window.location.href.indexOf("www.")?a.src="//t.contentsquare.net/uxa/ae271083-6516-4b08-b34e-985a911c3822.js":a.src="//t.contentsquare.net/uxa/dab2aa66-a5b7-44f2-bb19-11e81872c772.js",document.getElementsByTagName("head")[0].appendChild(a)}else window._uxa.push(["trackPageview",window.location.pathname+window.location.hash.replace("#","?__")])}();
});

{
    "risk_score": 6,
    "reasoning": "The script demonstrates several behaviors that raise moderate security concerns, including external data transmission, the use of legacy APIs, and potential cookie manipulation. While the script appears to have some legitimate functionality, such as analytics or telemetry, the lack of transparency and the potential for cookie-related activities warrant further review."
}

!function(){var i=["_cs_id","_cs_s","_cs_cvars","_cs_ex"];function c(e,n){return n+"___"+e}function s(e){window.parent.postMessage({error:e},"*")}function d(e){e=new RegExp("(^|;)[ ]*"+e+"=([^;]*)").exec(document.cookie);return e?decodeURIComponent(e[2]):null}function u(e,n,o,t,a,r,i){n=encodeURIComponent(n),o=o?";expires="+new Date(o).toUTCString():"",t=t||document.domain;document.cookie=e+"="+n+o+(";path="+(a||"/"))+(";domain="+t)+(r&&"X"!==r?";SameSite="+r:"")+(i?";Secure":"")}window.parent.postMessage(function(){var e=function(){var o={};location.search&&1<location.search.length&&location.search.substr(1).split("&").forEach(function(e){var e=e.split("="),n=e[0]&&decodeURIComponent(e[0]),e=e[1]&&decodeURIComponent(e[1]);o[n]=e});return o}();if(!e.pid)return s("bad query param:"+location.search),{};e=parseInt(e.pid,10);if(isNaN(e))return s("bad query param:"+location.search),{};return function(n){return i.map(function(e){return c(n,e)}).reduce(function(e,n){var o=d(n);return o&&(e[n.split("___")[0]]=o),e},{})}(e)}(),"*"),window.addEventListener("message",function(e){if(e.data){var n=e.data;if(function(e){return e&&!!(e.command&&e.pid&&e.cookies)&&!(!function(e){return e===parseInt(e,10)}(e.pid)||!Array.isArray(e.cookies))}(n))switch(n.command){case"set":!function(n,e,o){e.forEach(function(e){0<=i.indexOf(e.name)?u(c(n,e.name),e.value,e.expires,o,e.path,e.samesite,e.secure):s("bad cookie to set:"+e.name)})}(n.pid,n.cookies,n.domain);break;case"remove":!function(a,e,r){e.forEach(function(e){var n,o,t;0<=i.indexOf(e)?(o=c(a,e),t=r,d(o)&&(n=Date.now()-1,u(o,"",n,t),d(o))&&u(o,"",n,t,"/","None",!0)):s("bad cookie to remove:"+e)})}(n.pid,n.cookies,n.domain);break;default:return void s("bad command:"+n.command)}}},!1)}()

{
"contains_trigger_text": true,
"trigger_text": "File a claim or family medical leave",
"prominent_button_name": "Employee Login",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "New York Life Group Benefit Solutions"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Register your account online.",
  "prominent_button_name": "Register here",
  "text_input_field_labels": [
    "Username",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Can't access your account?",
  "prominent_button_name": "Log in",
  "text_input_field_labels": [
    "Username",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Log in",
"text_input_field_labels": [
"Username",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "New York Life"
  ]
}

{
  "brands": [
    "New York Life"
  ]
}

{
  "brands": [
    "New York Life"
  ]
}

```json{  "legit_domain": "newyorklife.com",  "classification": "wellknown",  "reasons": [    "The brand 'New York Life' is a well-known insurance company.",    "The legitimate domain for New York Life is 'newyorklife.com'.",    "The provided URL 'www.mynylgbs.com' does not match the legitimate domain.",    "The URL contains unusual elements and does not resemble the legitimate domain.",    "The presence of login fields (Username, Password) on a suspicious URL is a common phishing tactic."  ],  "riskscore": 9}
Google indexed: True

```json{  "legit_domain": "newyorklife.com",  "classification": "wellknown",  "reasons": [    "The brand 'New York Life' is a well-known insurance company.",    "The legitimate domain for New York Life is 'newyorklife.com'.",    "The provided URL 'www.mynylgbs.com' does not match the legitimate domain.",    "The URL contains unusual elements and does not clearly relate to the brand.",    "The presence of login fields (Username, Password) on a suspicious URL is a common phishing tactic."  ],  "riskscore": 9}
Google indexed: True