| URL: http://cdn.optimizeyourmac.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true,
"reasoning": "The domain contains suspicious keywords 'optimize' which is commonly associated with potentially unwanted programs (PUPs) or scam software. The use of CDN subdomain suggests third-party hosting, and the domain itself is not a widely known legitimate service."
} |
URL: http://cdn.optimizeyourmac.com |
| URL: https://cdn.optimizeyourmac.com/mopt/prefs/wmoset_... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including the use of a fallback redirect domain and aggressive DOM manipulation. While the intent may be to collect user fingerprinting data, the use of a short timeout and the fallback redirect to an unknown domain raises concerns about potential malicious activity."
} |
var redirect_link = 'http://cdn.optimizeyourmac.com/mopt/prefs/wmoset_us.plist?';
// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reason
function fallbackRedirect() {
window.location.replace(redirect_link+'fp=-7');
}
try {
const rdrTimeout = setTimeout(fallbackRedirect, 300);
var fpPromise = FingerprintJS.load({monitoring: false});
fpPromise
.then(fp => fp.get())
.then(
result => {
var fprt = 'fp='+result.visitorId;
clearTimeout(rdrTimeout);
window.location.replace(redirect_link+fprt);
});
} catch(err) {
fallbackRedirect();
}
|
| URL: https://cdn.optimizeyourmac.com/js/fingerprint/iif... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of the FingerprintJS library, which is a legitimate browser fingerprinting tool used for user identification and fraud detection. While the code contains some behaviors that could be considered moderate-risk, such as external data transmission and aggressive DOM manipulation, the overall context suggests this is a legitimate use case. The code does not exhibit any high-risk indicators like dynamic code execution or data exfiltration. Additionally, the library is from a reputable source (FingerprintJS) and is commonly used for analytics and telemetry purposes. Therefore, the risk score is assessed as 3, indicating a low-risk script with some potentially aggressive practices but no clear malicious intent."
} |
/**
* FingerprintJS v3.4.0 - Copyright (c) FingerprintJS, Inc, 2023 (https://fingerprint.com)
* Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.
*
* This software contains code from open-source projects:
* MurmurHash3 by Karan Lyons (https://github.com/karanlyons/murmurHash3.js)
*/
var FingerprintJS=function(e){"use strict";var n=function(){return n=Object.assign||function(e){for(var n,t=1,r=arguments.length;t<r;t++)for(var o in n=arguments[t])Object.prototype.hasOwnProperty.call(n,o)&&(e[o]=n[o]);return e},n.apply(this,arguments)};function t(e,n,t,r){return new(t||(t=Promise))((function(o,a){function i(e){try{u(r.next(e))}catch(n){a(n)}}function c(e){try{u(r.throw(e))}catch(n){a(n)}}function u(e){var n;e.done?o(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(i,c)}u((r=r.apply(e,n||[])).next())}))}function r(e,n){var t,r,o,a,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return a={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(a[Symbol.iterator]=function(){return this}),a;function c(c){return function(u){return function(c){if(t)throw new TypeError("Generator is already executing.");for(;a&&(a=0,c[0]&&(i=0)),i;)try{if(t=1,r&&(o=2&c[0]?r.return:c[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,c[1])).done)return o;switch(r=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return i.label++,{value:c[1],done:!1};case 5:i.label++,r=c[1],c=[0];continue;case 7:c=i.ops.pop(),i.trys.pop();continue;default:if(!(o=i.trys,(o=o.length>0&&o[o.length-1])||6!==c[0]&&2!==c[0])){i=0;continue}if(3===c[0]&&(!o||c[1]>o[0]&&c[1]<o[3])){i.label=c[1];break}if(6===c[0]&&i.label<o[1]){i.label=o[1],o=c;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(c);break}o[2]&&i.ops.pop(),i.trys.pop();continue}c=n.call(e,i)}catch(u){c=[6,u],r=0}finally{t=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}([c,u])}}}function o(e,n,t){if(t||2===arguments.length)for(var r,o=0,a=n.length;o<a;o++)!r&&o in n||(r||(r=Array.prototype.slice.call(n,0,o)),r[o]=n[o]);return e.concat(r||Array.prototype.slice.call(n))}function a(e,n){return new Promise((function(t){return setTimeout(t,e,n)}))}function i(e){return!!e&&"function"==typeof e.then}function c(e,n){try{var t=e();i(t)?t.then((function(e){return n(!0,e)}),(function(e){return n(!1,e)})):n(!0,t)}catch(r){n(!1,r)}}function u(e,n,o){return void 0===o&&(o=16),t(this,void 0,void 0,(function(){var t,i,c;return r(this,(function(r){switch(r.label){case 0:t=Date.now(),i=0,r.label=1;case 1:return i<e.length?(n(e[i],i),(c=Date.now())>=t+o?(t=c,[4,a(0)]):[3,3]):[3,4];case 2:r.sent(),r.label=3;case 3:return++i,[3,1];case 4:return[2]}}))}))}function l(e){e.then(void 0,(function(){}))}function s(e,n){e=[e[0]>>>16,65535&e[0],e[1]>>>16,65535&e[1]],n=[n[0]>>>16,65535&n[0],n[1]>>>16,65535&n[1]];var t=[0,0,0,0];return t[3]+=e[3]+n[3],t[2]+=t[3]>>>16,t[3]&=65535,t[2]+=e[2]+n[2],t[1]+=t[2]>>>16,t[2]&=65535,t[1]+=e[1]+n[1],t[0]+=t[1]>>>16,t[1]&=65535,t[0]+=e[0]+n[0],t[0]&=65535,[t[0]<<16|t[1],t[2]<<16|t[3]]}function d(e,n){e=[e[0]>>>16,65535&e[0],e[1]>>>16,65535&e[1]],n=[n[0]>>>16,65535&n[0],n[1]>>>16,65535&n[1]];var t=[0,0,0,0];return t[3]+=e[3]*n[3],t[2]+=t[3]>>>16,t[3]&=65535,t[2]+=e[2]*n[3],t[1]+=t[2]>>>16,t[2]&=65535,t[2]+=e[3]*n[2],t[1]+=t[2]>>>16,t[2]&=65535,t[1]+=e[1]*n[3],t[0]+=t[1]>>>16,t[1]&=65535,t[1]+=e[2]*n[2],t[0]+=t[1]>>>16,t[1]&=65535,t[1]+=e[3]*n[1],t[0]+=t[1]>>>16,t[1]&=65535,t[0]+=e[0]*n[3]+e[1]*n[2]+e[2]*n[1]+e[3]*n[0],t[0]&=65535,[t[0]<<16|t[1],t[2]<<16|t[3]]}function m(e,n){return 32===(n%=64)?[e[1],e[0]]:n<32?[e[0]<<n|e[1]>>>32-n,e[1]<<n|e[0]>>>32-n]:(n-=32,[e[1]<<n|e[0]>>>32-n,e[0]<<n|e[1]>>>32-n])}function f(e,n){return 0===(n%=64)?e:n<32?[e[0]<<n|e[1]>>>32-n,e[1]<<n]:[e[1]<<n-32,0]}function v(e,n){return[e[0]^n[0],e[1]^n[1]]}function h(e){return e=v(e,[0,e[0]>>>1]),e=v(e=d(e,[4283543511,3981806797]),[0,e[0]>>>1]),e=v(e=d(e,[3301882366,444984403]),[0,e[0]>>>1])}function |
| URL: http://ww25.cdn.optimizeyourmac.com/bZebwJMds.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 5,
"reasoning": "The script includes moderate-risk indicators such as external data transmission via fetch to a third-party domain (click-use1.bodis.com) and obfuscated data encoding with a custom prefix. These behaviors suggest potential tracking or data collection activities. However, there are no high-risk indicators like dynamic code execution or data exfiltration of sensitive information. The use of a known domain (bodis.com) does not provide enough context to adjust the score significantly, resulting in a medium risk score."
} |
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).version={})}(this,(function(exports){"use strict";function __awaiter(e,t,n,i){return new(n||(n=Promise))((function(s,a){function o(e){try{d(i.next(e))}catch(e){a(e)}}function r(e){try{d(i.throw(e))}catch(e){a(e)}}function d(e){var t;e.done?s(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(o,r)}d((i=i.apply(e,t||[])).next())}))}var Blocking;"function"==typeof SuppressedError&&SuppressedError,function(e){e.PENDING="pending",e.NONE="none",e.BLOCKED="blocked",e.ALLOWED="allowed"}(Blocking||(Blocking={}));class Adblock{constructor(e){this.state=Blocking.PENDING,this._mocked=!1,e?(this.state=e,this._mocked=!0):this.state=Blocking.ALLOWED}inject(){return __awaiter(this,void 0,void 0,(function*(){}))}hasAdblocker(){if(void 0===window.google)return!0;const e=document.querySelectorAll("style");return Array.from(e).some((e=>!!e.innerHTML.includes("adblockkey")))}handleAdblocked(){this.removeAdblockKey(),this.state=Blocking.BLOCKED}removeAdblockKey(){var e;null===(e=document.documentElement.dataset)||void 0===e||delete e.adblockkey}get isBlocked(){return this.state===Blocking.BLOCKED}get isAllowed(){return this.state===Blocking.ALLOWED}toContext(){return{user_has_ad_blocker:null,is_ad_blocked:null}}}const OBFUSCATING_BASE_64_PREFIX="UxFdVMwNFNwN0wzODEybV",encode=e=>OBFUSCATING_BASE_64_PREFIX+btoa(unescape(encodeURIComponent(JSON.stringify(e))));function decode$1(e){return JSON.parse(decodeURIComponent(escape(atob(e.replace(OBFUSCATING_BASE_64_PREFIX,"")))))}var version="0.5.5";const APP_ENV="production",TRACKING_DOMAIN="https://click-use1.bodis.com/",SALES_JS_URL="https://parking.bodiscdn.com/js/inquiry.js",GOOGLE_CAF_TIMEOUT_SCRIPTS="0",GOOGLE_CAF_TIMEOUT_CALLBACKS="0",GOOGLE_MV3_URL_PARAMS="abp=1&bodis=true",APP_VERSION=version,COOKIE_CONSENT_JS_URL="",isLocal=(e=!0)=>"production"!==APP_ENV;function log(...e){}const FIND_DOMAIN_URL="_fd",getFindDomain=(e="",t=!1)=>{const n=`${e}/${FIND_DOMAIN_URL}${window.location.search}`,i=e?"include":"same-origin",s=Object.assign({Accept:"application/json","Content-Type":"application/json"},t?{"X-HOST":window.location.host}:{});return fetch(n,{method:"POST",headers:s,credentials:i}).then((e=>e.text())).then(decode$1)};var ZeroClickReasons;!function(e){e.CAF_TIMEDOUT="caf_timedout",e.CAF_ADLOAD_FAIL_RS="caf_adloadfail_rs",e.CAF_ADLOAD_FAIL_ADS="caf_adloadfail_ads",e.DISABLED_GB="disabled_gb",e.DISABLED_AB="disabled_ab",e.DISABLED_DS="disabled_ds",e.AD_BLOCKED="ad_blocked",e.PREFERRED="preferred"}(ZeroClickReasons||(ZeroClickReasons={}));const getZeroClick=e=>__awaiter(void 0,void 0,void 0,(function*(){const t=Object.assign(Object.assign({},e),{type:"zc_fetch"});return fetch("/_zc",{method:"POST",body:JSON.stringify({signature:encode(t)}),headers:{Accept:"application/json","Content-Type":"application/json"}}).then((e=>__awaiter(void 0,void 0,void 0,(function*(){try{return decode$1(yield e.text())}catch(e){return{}}}))))})),waiter=(e,t)=>new Promise((n=>{t(e),e<=0&&n();let i=e;const s=()=>{i>0?(i-=1,t(i),setTimeout(s,1e3)):n()};s()})),decode=()=>JSON.parse(atob(window.park||""));var PAGE_STYLES='* {\n font-smoothing: antialiased;\n -webkit-font-smoothing: antialiased;\n -moz-osx-font-smoothing: grayscale;\n}\n\nhtml, body {\n width: 100%;\n margin: 0;\n}\n\nhtml {\n background-color: #2B2B2B;\n height: 100%;\n}\n\nbody {\n min-height: 90%;\n font-family: Arial, sans-serif;\n letter-spacing: 1.2px;\n color: #ccc;\n text-align: center;\n}\n\n/* App Target - This starts hidden until we apply a class to "activate" it */\n\n#target {\n opacity: 0;\n visibility: hidden;\n}\n\n/* Status Messages - These are displayed when we are not rendering ad blocks or Related Search */\n\n#pk-status-message {\n height: 75vh;\n width: 100%;\n display: flex;\n flex-direction: column;\n align-items |
| URL: https://syndicatedsearch.goog/afs/ads?adtest=off&p... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be related to Google's AdSense for Search (AFS) functionality, which is a legitimate advertising service. While it uses some legacy practices like `XDomainRequest`, the overall behavior is consistent with typical analytics and advertising use cases. There are no clear indicators of malicious intent or high-risk activities, so the risk score is relatively low."
} |
window.AFS_AD_REQUEST_RETURN_TIME_ = Date.now();window.IS_GOOGLE_AFS_IFRAME_ = true;function populate(el) { var adBlock = document.getElementById("adBlock"); adBlock.innerHTML += el;}
var IS_GOOGLE_AFS_IFRAME_ = true;
var ad_json = {"caps":[{"n":"queryId","v":"IyyIZ538JPvijuwPoezEqQc"},{"n":"popstripeRs","v":"#1F8A70,#BEDB39,#FFE11A,#FD7400,#004358"}],"rs_attr":{"t":"Related Links","u":""},"gd":{"ff":{"fd":"swap","eiell":true,"pcsbs":"44","pcsbp":"8","eovd":false,"efovd":true},"cd":{"pid":"dp-bodis31_3ph","eawp":"partner-dp-bodis31_3ph","qi":"IyyIZ538JPvijuwPoezEqQc"},"pc":{"ct":true},"dc":{"d":true}}};
|
| URL: http://ww25.cdn.optimizeyourmac.com/mopt/prefs/wmoset_us.plist?subid1=20250116-0843-5736-ab15-0b16008a689b Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Website Seo",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: http://ww25.cdn.optimizeyourmac.com/mopt/prefs/wmoset_us.plist?subid1=20250116-0843-5736-ab15-0b16008a689b Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://syndicatedsearch.goog/adsense/domains/caf.... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script interacts with a trusted domain (Google) and appears to be related to ad services or analytics, which is a common and legitimate use case. However, it includes obfuscated strings and aggressive DOM manipulation, which are considered low to moderate-risk indicators. Given the context and the lack of high-risk behaviors, the overall risk is low."
} |
if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"17079734847992307",packages:"domains",module:"ads",version:"1",m:{cei:"17300002,17301431,17301433,17301436,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_chatbot_aa":500,"afs_gpp_api":0,"disable_usp_api":0,"heterodyne_test":851,"ivt_changes":0}}};var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=ca(this);function r(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}}
r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.de=f;ba(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toString=function(){return this.de};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});
r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=ea[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ba(d.prototype,a,{configurable:!0,writable:!0,value:function(){return fa(aa(this))}})}return a});function fa(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var ha=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ia;if(typeof Object.setPrototypeOf=="function")ia=Object.setPrototypeOf;else{var ja;a:{var ka={a:!0},la={};try{la.__proto__=ka;ja=la.a;break a}catch(a){}ja=!1}ia=ja?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ma=ia;
function na(a,b){a.prototype=ha(b.prototype);a.prototype.constructor=a;if(ma)ma(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Nf=b.prototype}function u(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}
function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}function ra(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b}
r("Promise",function(a){function b(h){this.A=0;this.Sa=void 0;this.ta=[];this.Hd=!1;var g=this.kc();try{h(g.resolve,g.reject)}catch(k){g.reject(k)}}function c(){this.X=null}function d(h){return h instanceof |
| URL: https://optimizeyourmac.com/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including the use of a fallback redirect domain and aggressive DOM manipulation. While the intent may be to collect visitor fingerprints, the script lacks transparency and could potentially be used for malicious purposes if the redirect domain is not trustworthy."
} |
var redirect_link = 'http://optimizeyourmac.com/?';
// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reason
function fallbackRedirect() {
window.location.replace(redirect_link+'fp=-7');
}
try {
const rdrTimeout = setTimeout(fallbackRedirect, 300);
var fpPromise = FingerprintJS.load({monitoring: false});
fpPromise
.then(fp => fp.get())
.then(
result => {
var fprt = 'fp='+result.visitorId;
clearTimeout(rdrTimeout);
window.location.replace(redirect_link+fprt);
});
} catch(err) {
fallbackRedirect();
}
|
| URL: https://optimizeyourmac.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "The domain contains the word 'optimize' which is commonly used in scam websites targeting Mac users. While the URL structure is clean, the combination of 'optimize' and 'mac' is often associated with potentially unwanted programs or scam software."
} |
URL: https://optimizeyourmac.com |
| URL: https://syndicatedsearch.goog/afs/ads?adtest=off&p... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be related to Google's AdSense for Search (AFS) functionality, which is a legitimate advertising service. While it uses some legacy practices like `window.IS_GOOGLE_AFS_IFRAME_` and `XDomainRequest`, the overall behavior is consistent with typical ad-related functionality and does not demonstrate any high-risk indicators. The script is likely benign, with some minor outdated practices that pose low risk."
} |
window.AFS_AD_REQUEST_RETURN_TIME_ = Date.now();window.IS_GOOGLE_AFS_IFRAME_ = true;function populate(el) { var adBlock = document.getElementById("adBlock"); adBlock.innerHTML += el;}
var IS_GOOGLE_AFS_IFRAME_ = true;
var ad_json = {"caps":[{"n":"queryId","v":"QiyIZ4a4ILCijuwP68mYwQk"},{"n":"popstripeRs","v":"#1F8A70,#BEDB39,#FFE11A,#FD7400,#004358"}],"rs_attr":{"t":"Related Links","u":""},"gd":{"ff":{"fd":"swap","eiell":true,"pcsbs":"44","pcsbp":"8","eovd":true},"cd":{"pid":"dp-bodis31_3ph","eawp":"partner-dp-bodis31_3ph","qi":"QiyIZ4a4ILCijuwP68mYwQk"},"pc":{"ct":true},"dc":{"d":true}}};
|
| URL: https://ww25.optimizeyourmac.com/?subid1=20250116-0844-293a-a081-238aec2ce9c5 Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Add Company to Google Search",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://ww25.optimizeyourmac.com/?subid1=20250116-0844-293a-a081-238aec2ce9c5 Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://ww25.optimizeyourmac.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true,
"reasoning": "The subdomain 'ww25' is suspicious and likely a typosquatting attempt mimicking 'www'. The domain contains the keyword 'optimize' which is commonly used in malicious URLs targeting Mac users. The unusual subdomain numbering pattern is a red flag for potential malicious activity."
} |
URL: https://ww25.optimizeyourmac.com |
| URL: https://syndicatedsearch.goog/adsense/domains/caf.... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script interacts with a trusted domain (syndicatedsearch.goog) and appears to be related to Google's ad services. It does not exhibit high-risk behaviors such as dynamic code execution or data exfiltration. The use of encoded strings and potential tracking behavior are noted, but these are typical for ad-related scripts and do not indicate malicious intent."
} |
if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"5942599812270562725",packages:"domains",module:"ads",version:"1",m:{cei:"17301431,17301433,17301436,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_chatbot_aa":500,"afs_gpp_api":0,"disable_usp_api":0,"heterodyne_test":851,"ivt_changes":0}}};var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=ca(this);function r(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}}
r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.ce=f;ba(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toString=function(){return this.ce};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});
r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=ea[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ba(d.prototype,a,{configurable:!0,writable:!0,value:function(){return fa(aa(this))}})}return a});function fa(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var ha=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ia;if(typeof Object.setPrototypeOf=="function")ia=Object.setPrototypeOf;else{var ja;a:{var ka={a:!0},la={};try{la.__proto__=ka;ja=la.a;break a}catch(a){}ja=!1}ia=ja?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ma=ia;
function na(a,b){a.prototype=ha(b.prototype);a.prototype.constructor=a;if(ma)ma(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Mf=b.prototype}function u(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}
function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}function ra(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b}
r("Promise",function(a){function b(h){this.A=0;this.Sa=void 0;this.ta=[];this.Gd=!1;var g=this.kc();try{h(g.resolve,g.reject)}catch(k){g.reject(k)}}function c(){this.X=null}function d(h){return h instanceof b?h:new |
Edit tour
chrome.exe (PID: 4928 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node