URL: https://pstmrk.it/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Learn more about Postmark",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://pstmrk.it Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://pstmrk.it |
URL: https://pstmrk.it/ Model: Joe Sandbox AI | {
"brands": [
"Postmark"
]
} |
|
URL: https://postmarkapp.com/... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be setting up a Rewardful tracking script, which is a legitimate affiliate marketing platform. However, it is loading the script from a third-party domain ('https://rwd.postmarkapp.com/rw.js') without any transparency or user consent, which poses a moderate risk. Further review may be needed to ensure the script is not engaging in any data exfiltration or other suspicious activities."
} |
(function(a,b){a._rwq=b;a[b]=a[b]||function(){(a[b].q=a[b].q||[]).push(arguments)}})(window,"rewardful");(function(){var a=document.createElement("script");a.setAttribute("src","https://rwd.postmarkapp.com/rw.js");a.setAttribute("data-rewardful","aa9db3");document.body.appendChild(a)})();
|
URL: https://td.doubleclick.net/td/rul/11333612966?rand... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet demonstrates several high-risk behaviors, including data exfiltration and the use of the `navigator.sendBeacon()` API to transmit potentially sensitive information to an external domain. While the script appears to be related to ad interest group management, the lack of transparency and the use of the `sendBeacon()` API to report errors raise concerns about potential data leakage or misuse."
} |
for(let i of ig_list.interestGroups){try{if(i.action==0){navigator.joinAdInterestGroup(i.interestGroupAttributes,i.expirationTimeInSeconds);}else if(i.action==1){navigator.leaveAdInterestGroup(i.interestGroupAttributes);}}catch(e){navigator.sendBeacon(`https://pagead2.googlesyndication.com/pagead/gen_204/?id=turtlex_join_ig&tx_jig=${encodeURIComponent(JSON.stringify(i))}&tx_jem=${e.message}&tx_jen=${e.name}`);}}
|
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWV... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits several moderate-risk behaviors, including dynamic code execution, data exfiltration, and external data transmission. While the script appears to be related to analytics and tracking, the use of the `eval` function and the potential for sending sensitive data to external domains raises concerns. Further review is recommended to ensure the script's legitimacy and the appropriate handling of user data."
} |
// Copyright 2012 Google Inc. All rights reserved.
(function(w,g){w[g]=w[g]||{};
w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');
(function(){
var data = {
"resource": {
"version":"35",
"macros":[{"function":"__v","vtp_setDefaultValue":false,"vtp_dataLayerVersion":2,"vtp_name":"siteType"},{"function":"__e"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"visitorIP"},{"function":"__c","vtp_value":"UA-507677-22"},{"function":"__gas","vtp_cookieDomain":"auto","vtp_doubleClick":false,"vtp_setTrackerName":false,"vtp_useDebugVersion":false,"vtp_fieldsToSet":["list",["map","fieldName","anonymizeIp","value","true"]],"vtp_useHashAutoLink":false,"vtp_decorateFormsAutoLink":false,"vtp_enableLinkId":false,"vtp_enableEcommerce":false,"vtp_trackingId":["macro",3],"vtp_enableRecaptchaOption":false,"vtp_enableUaRlsa":false,"vtp_enableUseInternalVersion":false,"vtp_enableGA4Schema":true},{"function":"__jsm","vtp_javascript":["template","(function(){return\"1\"==window.navigator.doNotTrack?\"enabled\":\"disabled\"})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_stripWww":true,"vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__smm","vtp_setDefaultValue":false,"vtp_input":["macro",8],"vtp_map":["list",["map","key","support.postmarkapp.com","value","support"],["map","key","dmarc.postmarkapp.com","value","dmarc"],["map","key","spamcheck.postmarkapp.com","value","spamcheck"],["map","key","developer.postmarkapp.com","value","developer"]]},{"function":"__c","vtp_value":"UA-507677-40"},{"function":"__gas","vtp_cookieDomain":"auto","vtp_doubleClick":false,"vtp_setTrackerName":false,"vtp_useDebugVersion":false,"vtp_fieldsToSet":["list",["map","fieldName","anonymizeIp","value","true"]],"vtp_useHashAutoLink":false,"vtp_decorateFormsAutoLink":false,"vtp_enableLinkId":false,"vtp_enableEcommerce":false,"vtp_trackingId":["macro",10],"vtp_enableRecaptchaOption":false,"vtp_enableUaRlsa":false,"vtp_enableUseInternalVersion":false,"vtp_enableGA4Schema":true},{"function":"__jsm","vtp_javascript":["template","(function(){var e=[\"name\",\"from\",\"email\"],a=",["escape",["macro",6],8,16],",b=document.createElement(\"a\");b.href=a;if(b.search){a=b.search.replace(\"?\",\"\\x26\");var c;for(c=0;c\u003Ce.length;c++){var d=e[c];d=new RegExp(\"\\x26\"+d+\"\\x3d[^\\x26]*(\\x26|$)\",\"gi\");a=a.replace(d,\"\\x26\")}\"\\x26\"===a[0]?a=a.slice(1):\"\";b.search=a}return b.href})();"]},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"cid"},{"function":"__v","vtp_name":"gtm.elementClasses","vtp_dataLayerVersion":1},{"function":"__c","vtp_value":"UA-507677-29"},{"function":"__gas","vtp_cookieDomain":"auto","vtp_doubleClick":false,"vtp_setTrackerName":false,"vtp_useDebugVersion":false,"vtp_fieldsToSet":["list",["map","fieldName","anonymizeIp","value","true"]],"vtp_useHashAutoLink":false,"vtp_decorateFormsAutoLink":false,"vtp_enableLinkId":false,"vtp_enableEcommerce":false,"vtp_trackingId":["macro",15],"vtp_enableRecaptchaOption":false,"vtp_enableUaRlsa":false,"vtp_enableUseInternalVersion":false,"vtp_enableGA4Schema":true},{"function":"__aev","vtp_varType":"TEXT"},{"function":"__v","vtp_name":"gtm.triggers","vtp_dataLayerVersion":2,"vtp_setDefaultValue":true,"vtp_defaultValue":""},{"function":"__u","vtp_component":"FRAGMENT","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__jsm","vtp_javascript":["template","(function(){var a=document.querySelector(\"#template_name\");return a?a.value:void 0})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__c","vtp_value":"UA-507677-23"},{"function":"__gas", |
URL: https://rwd.postmarkapp.com/rw.js... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "This script appears to be a web analytics or tracking script, with some moderate-risk indicators. It sends data to external domains, which could potentially include sensitive user information. However, the script does not exhibit any clear malicious behaviors like dynamic code execution or redirects to suspicious domains. Further review may be needed to determine the full extent of the data being transmitted and the legitimacy of the domains involved."
} |
/*! Build d95cc66548fb4fddb34e1efc309d80fc6a436d86:1734696520559 */
!function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="https://cdn.getrewardful.com/packs/",r(r.s=133)}({133:function(e,t,r){"use strict";r.r(t);var n=r(29),o=r.n(n);function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?a(Object(r),!0).forEach((function(t){c(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):a(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function c(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function u(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}var l=function(){function e(){!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e)}var t,r,n;return t=e,n=[{key:"set",value:function(e,t,r){var n="https:"===window.location.protocol?{sameSite:"None",secure:!0}:{sameSite:"Lax"};return r?(t.cookie=i({},r),r.expires&&(r.expires=new Date(r.expires),delete t.cookie.expires),o.a.set(e,JSON.stringify(t),i(i({},n),r))):o.a.set(e,JSON.stringify(t),n),this.get(e)}},{key:"get",value:function(e){try{return JSON.parse(o.a.get(e)||null)}catch(t){return console.warn("[Rewardful] Cookie '".concat(e,"' is not valid JSON.")),o.a.remove(e),null}}},{key:"delete",value:function(e){var t=this.get(e);return t&&t.cookie?o.a.remove(e,t.cookie):o.a.remove(e)}}],(r=null)&&u(t.prototype,r),n&&u(t,n),Object.defineProperty(t,"prototype",{writable:!1}),e}();function f(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function d(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?s(Object(r),!0).forEach((function(t){p(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):s(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function p(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}var y=function(){return l.get(w.storeKey)},h=function(){return l.delete(w.storeKey)};function v(e,t,r){var n=d(d({},L.metadata),r),o=new XMLHttpRequest;return o.open(e,t),o.setRequestHeader("Content-Type","application/json"),o.setRequestHeader("Accept","application/json"),o.responseType="json",o.onload=function(){var r;200!==o.status?(console.error("[Rewardful] R |
URL: https://www.googletagmanager.com/static/service_wo... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The script contains a mix of behaviors that require further review. While it appears to be related to service worker registration and messaging, it also exhibits some moderate-risk indicators such as external data transmission and the use of legacy APIs. Additional context is needed to fully assess the risk."
} |
'use strict';class m{constructor(a){this.j=a;this.g={};this.h={};this.i=0;this.id=String(Math.floor(Number.MAX_SAFE_INTEGER*Math.random()))}}function n(a){return a.performance&&a.performance.now()||Date.now()}
var p=function(a,b){class d{constructor(c,g,f){this.failureType=c;this.data=g;this.g=f;this.h=new m(n(f))}s(c,g){const f=c.clientId;if(c.type===0){c.isDead=!0;var e=this.h,h=n(this.g);e.g[f]==null&&(e.g[f]=0,e.h[f]=h,e.i++);e.g[f]++;c.stats={targetId:e.id,clientCount:e.i,totalLifeMs:Math.round(h-e.j),heartbeatCount:e.g[f],clientLifeMs:Math.round(h-e.h[f])}}c.failure={failureType:this.failureType,data:this.data};g(c)}}return new d(5,a,b)};/*
Copyright Google LLC
SPDX-License-Identifier: Apache-2.0
*/
let q=globalThis.trustedTypes,r;function t(){let a=null;if(!q)return a;try{const b=d=>d;a=q.createPolicy("goog#html",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};var u=class{constructor(a){this.g=a}toString(){return this.g+""}};function v(a){const b=a;var d;r===void 0&&(r=t());d=r;return new u(d?d.createScriptURL(b):b)}function w(a){if(a instanceof u)return a.g;throw Error("");};function x(a,...b){if(b.length===0)return v(a[0]);let d=a[0];for(let c=0;c<b.length;c++)d+=encodeURIComponent(b[c])+a[c+1];return v(d)}function y(a){var b=x`sw.js`,d=w(b).toString();const c=d.split(/[?#]/),g=/[?]/.test(d)?"?"+c[1]:"";return z(c[0],g,/[#]/.test(d)?"#"+(g?c[2]:c[1]):"",a)}
function z(a,b,d,c){function g(e,h){e!=null&&(Array.isArray(e)?e.forEach(l=>g(l,h)):(b+=f+encodeURIComponent(h)+"="+encodeURIComponent(e),f="&"))}let f=b.length?"&":"?";c.constructor===Object&&(c=Object.entries(c));Array.isArray(c)?c.forEach(e=>g(e[1],e[0])):c.forEach(g);return v(a+b+d)};const A=/Chrome\/(\d+)/;var C=function(a){const b=a.origin;if(b){var d=a.o?"swe.js":"sw.js",c=a.g?x`/static/service_worker/${a.g}/${d}?origin=${b}`:x`/gtm/static/${d}?origin=${b}`,g=new Map([["origin",b]]);a.h&&g.set("path",a.h);var f=a.l?y(g):c,e=()=>{const k=A.exec(a.window.navigator.userAgent);return k&&Number(k[1])<119},h=a.window.document.location.href;a.g&&(a.l?h=`${a.h}/_/service_worker`:e()||(h="/static/service_worker"));var l={scope:h};a.g&&(l.updateViaCache="all");a.window.navigator.serviceWorker.register(w(f),
l).then(()=>{a.window.navigator.serviceWorker.ready.then(k=>{a.i=k.active;B(a)})},k=>{a.j=p(k==null?void 0:k.toString(),a.window);B(a)});a.window.navigator.serviceWorker.addEventListener("message",k=>{a.window.parent.postMessage(k.data,a.origin)})}},B=function(a){const b=a.m.slice();a.m=[];for(const d of b)a.handleEvent(d)};
(function(a){if((f=>{try{return f!==f.top}catch(e){return!0}})(a.window)){var b=new URL(a.window.document.location.href),d=b.searchParams.get("origin");if(d){a.origin=d;a.l=!!b.searchParams.get("1p");a.o=!!b.searchParams.get("e");a.h=b.searchParams.get("path")||"";var c=b.pathname.match(RegExp(".*/service_worker/(\\w+)/"));c&&c.length&&(a.g=c[1]);var g=a.window.document.location.ancestorOrigins;g&&g[0]!==a.origin||(C(a),a.window.addEventListener("message",f=>{a.handleEvent(f)}))}}})(new class{constructor(a){this.window=
a;this.origin="";this.o=this.l=!1;this.h="";this.j=this.i=null;this.m=[];this.g=""}handleEvent(a){a.origin===this.origin&&(this.i?this.i.postMessage(a.data):this.j?this.j.s(a.data,b=>{this.window.parent.postMessage(b,this.origin)}):this.m.push(a))}}(window));
|
URL: https://www.redditstatic.com/ads/pixel.js... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This script appears to be a minified version of the CryptoJS library, which is a well-known and widely used cryptography library. While the script itself does not contain any obvious malicious behaviors, the use of obfuscation and the inclusion of a large external library could be considered a moderate risk. Further review of the script's purpose and the domains it interacts with would be necessary to determine the overall risk level."
} |
!function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){return o(e[i][1][r]||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}({1:[function(require,module,exports){},{}],2:[function(require,module,exports){(function(global){(function(){var root,factory;root=this,factory=function(){var CryptoJS=CryptoJS||function(Math,undefined){var crypto;if("undefined"!=typeof window&&window.crypto&&(crypto=window.crypto),"undefined"!=typeof self&&self.crypto&&(crypto=self.crypto),"undefined"!=typeof globalThis&&globalThis.crypto&&(crypto=globalThis.crypto),!crypto&&"undefined"!=typeof window&&window.msCrypto&&(crypto=window.msCrypto),!crypto&&void 0!==global&&global.crypto&&(crypto=global.crypto),!crypto&&"function"==typeof require)try{crypto=require("crypto")}catch(err){}var cryptoSecureRandomInt=function(){if(crypto){if("function"==typeof crypto.getRandomValues)try{return crypto.getRandomValues(new Uint32Array(1))[0]}catch(err){}if("function"==typeof crypto.randomBytes)try{return crypto.randomBytes(4).readInt32LE()}catch(err){}}throw new Error("Native crypto module could not be used to get secure random number.")},create=Object.create||function(){function F(){}return function(obj){var subtype;return F.prototype=obj,subtype=new F,F.prototype=null,subtype}}(),C={},C_lib=C.lib={},Base=C_lib.Base={extend:function(overrides){var subtype=create(this);return overrides&&subtype.mixIn(overrides),subtype.hasOwnProperty("init")&&this.init!==subtype.init||(subtype.init=function(){subtype.$super.init.apply(this,arguments)}),(subtype.init.prototype=subtype).$super=this,subtype},create:function(){var instance=this.extend();return instance.init.apply(instance,arguments),instance},init:function(){},mixIn:function(properties){for(var propertyName in properties)properties.hasOwnProperty(propertyName)&&(this[propertyName]=properties[propertyName]);properties.hasOwnProperty("toString")&&(this.toString=properties.toString)},clone:function(){return this.init.prototype.extend(this)}},WordArray=C_lib.WordArray=Base.extend({init:function(words,sigBytes){words=this.words=words||[],this.sigBytes=null!=sigBytes?sigBytes:4*words.length},toString:function(encoder){return(encoder||Hex).stringify(this)},concat:function(wordArray){var thisWords=this.words,thatWords=wordArray.words,thisSigBytes=this.sigBytes,thatSigBytes=wordArray.sigBytes;if(this.clamp(),thisSigBytes%4)for(var i=0;i<thatSigBytes;i++){var thatByte=thatWords[i>>>2]>>>24-i%4*8&255;thisWords[thisSigBytes+i>>>2]|=thatByte<<24-(thisSigBytes+i)%4*8}else for(var j=0;j<thatSigBytes;j+=4)thisWords[thisSigBytes+j>>>2]=thatWords[j>>>2];return this.sigBytes+=thatSigBytes,this},clamp:function(){var words=this.words,sigBytes=this.sigBytes;words[sigBytes>>>2]&=4294967295<<32-sigBytes%4*8,words.length=Math.ceil(sigBytes/4)},clone:function(){var clone=Base.clone.call(this);return clone.words=this.words.slice(0),clone},random:function(nBytes){for(var words=[],i=0;i<nBytes;i+=4)words.push(cryptoSecureRandomInt());return new WordArray.init(words,nBytes)}}),C_enc=C.enc={},Hex=C_enc.Hex={stringify:function(wordArray){for(var words=wordArray.words,sigBytes=wordArray.sigBytes,hexChars=[],i=0;i<sigBytes;i++){var bite=words[i>>>2]>>>24-i%4*8&255;hexChars.push((bite>>>4).toString(16)),hexChars.push((15&bite).toString(16))}return hexChars.join("")},parse:function(hexStr){for(var hexStrLength=hexStr.length,words=[],i=0;i<hexStrLength;i+=2)words[i>>>3]|=parseInt(hexStr.substr(i,2),16)<<24-i%8*4;return new WordArray.init(words,hexStrLength/2)}},Latin1=C_enc.Latin1={stringify:function(wordArray){for(var words=wordArray.words,sigBytes=wordArray.sigBytes,latin1Chars=[],i=0;i<sigBytes;i++){var bite=words[i>>>2]>>>24-i%4*8&255;latin1Chars.push(String |
URL: https://td.doubleclick.net/td/rul/11333612966?rand... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be related to ad-related functionality, such as interest group management and ad rendering. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, it does have some moderate-risk behaviors, such as external data transmission to third-party domains (e.g., `doubleclick.net`) and the use of fallback domains. Additionally, the script contains a significant amount of obfuscated or encoded data, which could potentially be used to hide malicious activities. Overall, the script requires further review due to its complex and opaque nature, but it does not appear to be overtly malicious based on the information provided."
} |
var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":46656000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s1175868328.1736187429","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s1175868328.1736187429\u0026ig_key=1sNHMxMTc1ODY4MzI4LjE3MzYxODc0Mjk!2sakQIJw!3sAAptDV7TxXRQ","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sjF1GAA!2sakQIJw!3sAAptDV7TxXRQ"],"userBiddingSignals":[["8470405048","8432091832","8432012612"],null,1736187431554888],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156214176698\u0026cr_id=681807913918\u0026cv_id=3\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["156214176698","681807913918","3","20739978442",null,null,null,null,null,null,"8470405048",null,null,null,null,null,null,null,1],"adRenderId":"y-8P36vLXDQ","buyerReportingId":"1j8470405048!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156214176698\u0026cr_id=681807934297\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["156214176698","681807934297",null,"20739978442",null,null,null,null,null,null,"8470405048",null,null,null,null,null,null,null,1],"adRenderId":"DJrekt9682Q","buyerReportingId":"1j8470405048!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156214176698\u0026cr_id=681807934303\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["156214176698","681807934303",null,"20739978442",null,null,null,null,null,null,"8470405048",null,null,null,null,null,null,null,1],"adRenderId":"t3pEisp6_us","buyerReportingId":"1j8470405048!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156214176698\u0026cr_id=703505344072\u0026cv_id=8\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["156214176698","703505344072","8","20739978442",null,null,null,null,null,null,"8470405048",null,null,null,null,null,null,null,1],"adRenderId":"UWKHbqOKuLo","buyerReportingId":"1j8470405048!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156214176698\u0026cr_id=703584693581\u0026cv_id=5\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["156214176698","703584693581","5","20739978442",null,null,null,null,null,null,"8470405048",null,null,null,null,null,null,null,1],"adRenderId":"6JH7qrnTrfg","buyerReportingId":"1j8470405048!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158287248939\u0026cr_id=703497610313\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8432091832!4s*2A","metadata":["158287248939","703497610313",null,"20964079407",null,null,null,null,null,null,"8432091832"],"adRenderId":"OwcwkA77wPQ","buyerReportingId":"1j8432091832!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158287248939\u0026cr_id=703497610313\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8432012612!4s*2A","metadata":["158287248939","703497610313",null,"20964079407",null,null,null,null,null,null,"8432012612"],"adRenderId":"J5je_k-w75I","buyerReportingId":"1j8432012612!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158287248939\u0026cr_id=703497610313\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8470405048!4s*2A","metadata":["158287248939","703497610313",null,"20964079407",null,null,null,null,null,null,"8470405048"],"adRenderId":"JeZYlYkEPzU","buyerReportingId":"1j8470405048!4s*2A"}],"executionMode":"group-by-origin","biddingWasmHelperUrl":"https://td. |
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=4012... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It collects sensitive user data, such as Google Analytics client ID and tracking ID, and sends it to an external server at '52.22.50.55/is'. Additionally, it uses obfuscated code and dynamic code execution techniques, which can be indicative of malicious intent. While the script may have a legitimate purpose, such as analytics or tracking, the lack of transparency and the use of suspicious techniques warrant further investigation."
} |
var dcm_cid,dcm_tid,dcm_gid;!function(){try{var d=document.cookie.split("_ga")[1].split(";")[0].split(".");dcm_cid=d[2]+"."+d[3],dcm_tid=ga.getAll()[0].b.data.values[":trackingId"];d=document.cookie.split("_gid")[1].split(";")[0].split(".");dcm_gid=d[2]+"."+d[3]}catch(d){}}();(function(){var mntnis,mntnise="N/A";(async()=>{const controller=new AbortController();const timeoutId=setTimeout(()=>controller.abort(),2000);try{var cb=new Date().getTime();const r=await fetch("https://52.22.50.55/is?cb="+cb,{signal:controller.signal});if(await r&&await r.ok){mntnis=await r.text();if(mntnis.length>50){mntnis="IS error : IP call possibly blocked";throw new Error(mntnis)}}else{if(await r&&await r.status!==200&&await r.status!==204)throw new Error("IS error : "+await r.status);throw new Error("IS error : unknown")}}catch(error){mntnis=error.message;mntnise=error.message}finally{clearTimeout(timeoutId)}})();var sha256=function a(b){function c(a,b){return a>>>b|a<<32-b}for(var d,e,f=Math.pow,g=f(2,32),h="length",i="",j=[],k=8*b[h],l=a.h=a.h||[],m=a.k=a.k||[],n=m[h],o={},p=2;64>n;p++)if(!o[p]){for(d=0;313>d;d+=p)o[d]=p;l[n]=f(p,.5)*g|0,m[n++]=f(p,1/3)*g|0}for(b+="";b[h]%64-56;)b+="\0";for(d=0;d<b[h];d++){if(e=b.charCodeAt(d),e>>8)return;j[d>>2]|=e<<(3-d)%4*8}for(j[j[h]]=k/g|0,j[j[h]]=k,e=0;e<j[h];){var q=j.slice(e,e+=16),r=l;for(l=l.slice(0,8),d=0;64>d;d++){var s=q[d-15],t=q[d-2],u=l[0],v=l[4],w=l[7]+(c(v,6)^c(v,11)^c(v,25))+(v&l[5]^~v&l[6])+m[d]+(q[d]=16>d?q[d]:q[d-16]+(c(s,7)^c(s,18)^s>>>3)+q[d-7]+(c(t,17)^c(t,19)^t>>>10)|0),x=(c(u,2)^c(u,13)^c(u,22))+(u&l[1]^u&l[2]^l[1]&l[2]);l=[w+x|0].concat(l),l[4]=l[4]+w|0}for(d=0;8>d;d++)l[d]=l[d]+r[d]|0}for(d=0;8>d;d++)for(e=3;e+1;e--){var y=l[d]>>8*e&255;i+=(16>y?0:"")+y.toString(16)}return i};var arbitraryJSCode=function(jsCode){try{return eval(jsCode)}catch(e){}return null},arbitraryJSCodeFunction=function(jsCode){try{var func="(function(){"+jsCode+"})()";return eval(func)}catch(e){}return null},replaceTextByRegex=function(text,regex,replacementValue){try{return text.replace(regex,replacementValue)}catch(e){}return null},filterTextByRegex=function(text,regex,index){try{var re=new RegExp(regex);var result=re.exec(text);if(result!=null&&index<result.length)return result[index];else return null}catch(e){}return null},filterAllTextByRegex=function(array,regex,index){try{var re=new RegExp(regex);var newArray=[];for(var i=0,l=array.length;i<l;i++){var result=re.exec(array[i]);if(result!=null&&index<result.length)newArray.push(result[index])}if(newArray.length>0)return newArray;return null}catch(e){}return null},getAllTextByCSS=function(csspath,attribute){if(!document.querySelector)return null;if(attribute=="textContent"&&typeof document.body.textContent=="undefined")attribute="innerHTML";else if(attribute=="innerHTML"&&typeof document.body.textContent!="undefined")attribute="textContent";var result=null;try{result=document.querySelectorAll(csspath)}catch(err){result=null}if(typeof result!="undefined"&&result!==null){var newResult=[];for(var i=0,l=result.length;i<l;i++)if(typeof result[i][attribute]!="undefined"&&result[i][attribute]!==null)if(result[i][attribute].trim)newResult.push(result[i][attribute].trim());else newResult.push(result[i][attribute]);else if(result[i].getAttribute&&(result[i].getAttribute(attribute)!="undefined"&&result[i].getAttribute(attribute)!==null))if(result[i].getAttribute(attribute).trim)newResult.push(result[i].getAttribute(attribute).trim());else newResult.push(result[i].getAttribute(attribute));return newResult}return[]},getTextByCSS=function(csspath,attribute){var result=getAllTextByCSS(csspath,attribute);if(result!=null&&result.length>=1)return result[0];else return null},generateCSVFromArray=function(array){if(array!=null)return array.join(",");return null},load=function(vars){var a,b=document.createElement("script"),c=null,d=document.getElementsByTagName("script"),e=Number(d.length)-1,f=document.getElementsByTagName("script")[e],dict={},paramsEligibleForCommaSeperatedList=[ |
URL: https://static.hotjar.com/c/hotjar-3527552.js?sv=7... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a configuration object for the Hotjar analytics and feedback platform. It contains settings related to site tracking, user anonymization, and a feedback poll. While the snippet includes some potentially sensitive information like the site ID, it does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or malicious redirects. The script seems to be part of a legitimate analytics and feedback implementation, with some outdated practices like the use of the `XDomainRequest` API. Overall, the risk level is low, and the script is likely benign with no clear malicious intent."
} |
window.hjSiteSettings = window.hjSiteSettings || {"site_id":3527552,"rec_value":0.0010485759994480759,"state_change_listen_mode":"automatic","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":true,"session_capture_console_consent":true,"anonymize_digits":true,"anonymize_emails":true,"suppress_all":false,"suppress_all_on_specific_pages":[],"suppress_text":false,"suppress_location":false,"user_attributes_enabled":false,"legal_name":null,"privacy_policy_url":null,"deferred_page_contents":[],"record_targeting_rules":[],"feedback_widgets":[],"heatmaps":[],"polls":[{"id":921663,"created_epoch_time":1689267306,"skin":"light","background":"#FFFFFF","effective_show_branding":true,"position":"right","content":{"version":2,"questions":[{"description":"Click to see what we're exploring in a new tab. We'll ask you some questions about it after. ","image_path":"survey-images/93ba768b650148e06aa9c39bad3d1c87_4e1b6b89a23d43a2a3e1f5e31bd64a19","image_thumbnail_path":"survey-images/62ba08f0ffeb71ab75ebd1bbec4b70cb_963f7a3c3a1f4e52b96cb6c0a592a301_t","next":"byOrder","required":true,"text":"We're planning to expand Postmark's batch sending features, and we'd love to hear what you think about it.","type":"title-and-description","uuid":"536f9d0d-14f2-40c4-8bd0-d96d5668be6c"},{"labels":[{"text":"Not at all likely"},{"text":"Extremely likely "}],"next":"byAnswer","nextByAnswer":["question:ac7cb741-8dcc-487b-bdbd-3f4fa09f5aa5","question:ac7cb741-8dcc-487b-bdbd-3f4fa09f5aa5","question:e3179c7d-9563-4607-9830-37ac154bc029"],"required":true,"scaleCount":5,"text":"If we make this change, how likely would you be to use this API for bulk email sending?","type":"rating-scale-5","uuid":"87665dc8-f16c-431e-aeb9-dce7a08b1056"},{"next":"question:748ecdc3-0b7f-4eea-84ea-797f784ad0bf","nextIfSkipped":"question:748ecdc3-0b7f-4eea-84ea-797f784ad0bf","required":false,"text":"Awesome! Tell us a little more about how this change would support your use case. ","type":"single-open-ended-multiple-line","uuid":"e3179c7d-9563-4607-9830-37ac154bc029"},{"next":"question:748ecdc3-0b7f-4eea-84ea-797f784ad0bf","nextIfSkipped":"question:748ecdc3-0b7f-4eea-84ea-797f784ad0bf","required":false,"text":"Can you tell us more about why this change wouldn't fit your use case?","type":"single-open-ended-multiple-line","uuid":"ac7cb741-8dcc-487b-bdbd-3f4fa09f5aa5"},{"answers":[{"comments":false,"text":"Yes, I already use Postmark's existing Batch API."},{"comments":false,"text":"No, I'm not sending batch emails via Postmark today. "},{"comments":false,"text":"No, before I saw this survey I had no idea you could even send batch emails with Postmark!"}],"next":"byOrder","pin_last_to_bottom":false,"randomize_answer_order":false,"required":true,"text":"Do you already use Postmark for batch email sending today?","type":"single-close-ended","uuid":"748ecdc3-0b7f-4eea-84ea-797f784ad0bf"},{"next":"thankYou","nextIfSkipped":"thankYou","required":false,"text":"Shall we let you know when this launches? If so, please leave your email address. ","type":"email","uuid":"3bde5193-8655-4587-a057-a053c302e8b7"}],"thankyou":"Thanks so much for helping us make Postmark better! We truly appreciate your feedback! "},"connect_visit_data":"always","ask_for_consent":false,"language":"en","display_condition":"delay","display_delay":30,"persist_condition":"response","targeting_percentage":100,"targeting":[{"component":"url","match_operation":"simple","negate":false,"pattern":"https://postmarkapp.com/developer/api/email-api","name":null,"rule_type":null},{"component":"device","match_operation":"exact","negate":false,"pattern":"desktop","name":null,"rule_type":null}],"uuid":"17391863-b331-45aa-aa5c-6b068781c95b","invite":{"title":"Your feedback is important to us!","description":"Tell us what you think about this page by taking our quick Survey.","button":"Yes, I will give feedback","close":"No thanks"},"invite_enabled":false,"display_type":"external_link","auto_screenshot":false,"show_legal |
URL: https://postmarkapp.com/... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The script appears to be setting up some analytics or tracking-related variables in the `window.mntn` object. While this is not inherently malicious, the use of dynamic code execution through the `innerText` or `textContent` properties raises some moderate concerns. Additionally, the script is being injected at the end of the document, which could indicate aggressive DOM manipulation. Overall, the script requires further review due to the potential for data exfiltration and the lack of transparency around its purpose."
} |
!function(){var e='(function(){try {window.mntn = {is_viewable_verified_visit:\'false\', is_cross_device:\'false\', creative_group_id:\'\', creative_group_name:\'\', impression_epoch_micros:\'\', visit_tracking:\'\'};} catch (e) {}})();',t=document.createElement('script');t.type='text/javascript',document.createElement('canvas').getContext?t.innerText?t.innerText=e:t.textContent=e:t.text=g,e=document.getElementsByTagName('script'),e=Number(e.length)-1,(e=document.getElementsByTagName('script')[e]).parentNode.insertBefore(t,e)}();
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Stop worrying if your emails made it to the inbox, and get back to focusing on what mattersbuilding great products.",
"prominent_button_name": "Start free trial",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://postmarkapp.com |
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Stop worrying if your emails made it to the inbox, and get back to focusing on what mattersbuilding great products.",
"prominent_button_name": "Start free trial",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"Postmark"
]
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "The email delivery service that people actually like",
"prominent_button_name": "Start free trial",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Stop worrying if your emails made it to the inbox, and get back to focusing on what mattersbuilding great products.",
"prominent_button_name": "Start free trial",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"Postmark"
]
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"Postmark"
]
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Stop worrying if your emails made it to the inbox, and get back to focusing on what mattersbuilding great products.",
"prominent_button_name": "Start free trial",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"Postmark"
]
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"Postmark",
"Sendgrid",
"Growform",
"Minecraft",
"1Password",
"Betterment",
"Webflow"
]
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
|
URL: https://postmarkapp.com/ Model: Joe Sandbox AI | {
"brands": [
"ActiveCampaign"
]
} |
|