| URL: https://email.equifaxbreachsettlement.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://email.equifaxbreachsettlement.com |
| URL: https://www.myprepaidcenter.com/redeem?ecode=W28VM... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a legitimate Hotjar analytics script, which is a common third-party tracking and analytics service. While it uses the `hj` function to interact with the Hotjar service, this is a standard practice for integrating Hotjar and does not demonstrate any high-risk behaviors. The script is not obfuscated, does not execute dynamic code, and does not exfiltrate sensitive data. Therefore, it is assessed as a low-risk script."
} |
(function(h,o,t,j,a,r){
h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};
h._hjSettings={hjid:5235682,hjsv:6};
a=o.getElementsByTagName('head')[0];
r=o.createElement('script');r.async=1;
r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;
a.appendChild(r);
})(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');
|
| URL: https://www.myprepaidcenter.com/redeem?ecode=W28VM... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a browser detection script that checks the user's browser and version, and displays a message if the browser is Internet Explorer or an older version of Opera. This behavior is common for websites that need to ensure compatibility with specific browsers. The script does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on providing a user-friendly experience by informing the user about unsupported browsers. Overall, this script poses a low risk and is likely a legitimate part of the website's functionality."
} |
var BrowserDetect = {
init: function () {
this.browser = this.searchString(this.dataBrowser) || 'Other';
this.version = this.searchVersion(navigator.userAgent) || this.searchVersion(navigator.appVersion) || 'Unknown';
},
searchString: function (data) {
for (var i = 0; i < data.length; i++) {
var dataString = data[i].string;
this.versionSearchString = data[i].subString;
if (dataString.indexOf(data[i].subString) !== -1) {
return data[i].identity;
}
}
},
searchVersion: function (dataString) {
var index = dataString.indexOf(this.versionSearchString);
if (index === -1) {
return;
}
var rv = dataString.indexOf('rv:');
if (this.versionSearchString === 'Trident' && rv !== -1) {
return parseFloat(dataString.substring(rv + 3));
} else {
return parseFloat(dataString.substring(index + this.versionSearchString.length + 1));
}
},
dataBrowser: [
{ string: navigator.userAgent, subString: 'Edge', identity: 'MS Edge' },
{ string: navigator.userAgent, subString: 'MSIE', identity: 'Internet Explorer' },
{ string: navigator.userAgent, subString: 'Trident', identity: 'Internet Explorer' },
{ string: navigator.userAgent, subString: 'Firefox', identity: 'Firefox' },
{ string: navigator.userAgent, subString: 'Opera', identity: 'Opera' },
{ string: navigator.userAgent, subString: 'OPR', identity: 'Opera' },
{ string: navigator.userAgent, subString: 'Chrome', identity: 'Chrome' },
{ string: navigator.userAgent, subString: 'Safari', identity: 'Safari' },
],
};
BrowserDetect.init();
if (BrowserDetect.browser == 'Internet Explorer' || (BrowserDetect.browser == 'Opera' && BrowserDetect.version < 15)) {
document.title = 'Browser Not Supported';
document.write('<p>You are using <b>' + BrowserDetect.browser + '</b> with version <b>' + BrowserDetect.version + '</b></p>');
document.write(
'<p>Your Browser is not Supported.</p><p>We recommend the latest version of Safari, Firefox, Chrome, or Microsoft Edge to use My Prepaid Center.</p>',
);
}
|
| URL: https://www.myprepaidcenter.com/main-es2015.c0d90e... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a part of an Angular application and does not contain any high-risk indicators. It includes some common Angular-related code, such as a base component class and a service for managing user credentials. The code does not exhibit any behaviors that would be considered malicious or suspicious, such as dynamic code execution, data exfiltration, or redirects to untrusted domains. Overall, this snippet seems to be a legitimate part of a web application and poses a low risk."
} |
(self.webpackChunkcardholder_fe=self.webpackChunkcardholder_fe||[]).push([[179],{98255:function(e){function t(e){return Promise.resolve().then(function(){var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t})}t.keys=function(){return[]},t.resolve=t,t.id=98255,e.exports=t},66232:function(e,t,r){"use strict";r.d(t,{y:function(){return o}});var i=r(96441),n=r(37716);class o extends i.H{}o.\u0275fac=function(){let e;return function(t){return(e||(e=n.n5z(o)))(t||o)}}(),o.\u0275cmp=n.Xpm({type:o,selectors:[["ng-component"]],features:[n.qOj],decls:0,vars:0,template:function(e,t){},encapsulation:2})},96441:function(e,t,r){"use strict";r.d(t,{H:function(){return n}});var i=r(37716);class n{constructor(){this.subscriptions=[]}ngOnDestroy(){this.subscriptions&&(this.subscriptions.forEach(e=>{e.unsubscribe()}),this.subscriptions=[])}}n.\u0275fac=function(e){return new(e||n)},n.\u0275cmp=i.Xpm({type:n,selectors:[["ng-component"]],decls:0,vars:0,template:function(e,t){},encapsulation:2})},97214:function(e,t,r){"use strict";r.d(t,{g8:function(){return m},Cs:function(){return v}});var i=r(64762),n=r(48248),o=r(16738),s=r(77902),a=r(45094),c=r(76889),d=r(41565),l=r(42687),u=r(37716),h=r(88119),g=r(80062),p=r(4106);var m;!function(e){e.bhnAdmin="bhn-admin",e.clientAdmin="client-admin",e.registeredEndUser="registered-end-user",e.anonymousCardholder="anonymous-cardholder",e.activating="activating",e.anonymousRedeeming="anonymous-redeeming",e.anonymousRetrieving="anonymous-retrieving",e.verifyingUserLogin="verifying-user-login",e.verifyingCreateUser="verifying-create-user"}(m||(m={}));class f{constructor(e,t){this._token=e;const r=(0,n.Z)(e);this.roles=r.roles,this._expires=r.exp,this.filterValue=new Array,r.sub&&(this.retrievalCode=r.sub.retrievalCode?r.sub.retrievalCode:null,this.proxyCardNumber=r.sub.proxyCardNumber?r.sub.proxyCardNumber:null,this.userUuid=r.sub.userUuid?r.sub.userUuid:null),this.displayName=r.displayName||t,this.language=r.language}hasRole(e){return this.roles.includes(e)}isAdmin(){return this.roles.includes(m.bhnAdmin)||this.roles.includes(m.clientAdmin)}isRegisteredEndUser(){return this.roles.includes(m.registeredEndUser)}isAnonymousCardholder(){return this.roles.includes(m.anonymousCardholder)}isActivating(){return this.roles.includes(m.activating)}isAnonymousRedeeming(){return this.roles.includes(m.anonymousRedeeming)}isAnonymousRetrieving(){return this.roles.includes(m.anonymousRetrieving)}isExpired(){return b(this.token)}canBeStored(){return this.isAdmin()||this.isAnonymousCardholder()||this.isRegisteredEndUser()}get expires(){return this._expires}get token(){return this._token}set token(e){const t=(0,n.Z)(e);if(null===t.sub||this.isAnonymousCardholder()&&this.proxyCardNumber!==t.sub.proxyCardNumber||this.isActivating()&&this.proxyCardNumber!==t.sub.proxyCardNumber||this.isAnonymousRetrieving()&&this.retrievalCode!==t.sub.retrievalCode||this.isRegisteredEndUser()&&this.userUuid!==t.sub.userUuid)throw Error("New token user does not match current credentials");this._token=e,this._expires=t.exp}}class v{constructor(e,t,r,n){this.sessionStorage=e,this.router=t,this.commonService=r,this.modalService=n,this._current=null,this.credentials=new a.X(null),this._expiration=new c.x,this.expirationWatcher=null,this.haveRemainingTop=!1,this.remainingTop=0,this.remainingTopPercentage=0,this.remaining=0,this.onErrorModelPopup=e=>(0,i.mG)(this,void 0,void 0,function*(){const t="aws-waf-error"==e?e:`^invalid-login.${e}`;yield this.modalService.showAlert(t,"",void 0,!0,{windowClass:"bhn-alert-modal",backdrop:"static"})}),this.isInactive=new a.X(!1)}asObservable(){return this.credentials.asObservable()}loadFromStorage(){const e=this.sessionStorage.getItem("credentials");if(null!==e)try{if(b(e))this.sessionStorage.removeItem("credentials");else{const t=this.sessionStorage.getItem("displayName"),r=new f(e,t);r.canBeStored()&&(this._current=r,this.credentials.next(this._current),this.startExpirationWatcher())}}catch(t){t |
| URL: https://content.blackhawknetwork.com/riskwidget/v1... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script appears to be a minified JavaScript bundle for a widget, likely related to React PropTypes. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script primarily involves error handling and property type checking, which are typical for React applications. There are no indicators of malicious intent or aggressive behaviors."
} |
/*! For license information please see bundle.js.LICENSE.txt */
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define("RMSWidget",[],t):"object"==typeof exports?exports.RMSWidget=t():e.RMSWidget=t()}(self,(function(){return function(){var e={703:function(e,t,n){"use strict";var r=n(414);function o(){}function a(){}a.resetWarningCache=o,e.exports=function(){function e(e,t,n,o,a,i){if(i!==r){var l=new Error("Calling PropTypes validators directly is not supported by the `prop-types` package. Use PropTypes.checkPropTypes() to call them. Read more at http://fb.me/use-check-prop-types");throw l.name="Invariant Violation",l}}function t(){return e}e.isRequired=e;var n={array:e,bigint:e,bool:e,func:e,number:e,object:e,string:e,symbol:e,any:e,arrayOf:t,element:e,elementType:e,instanceOf:t,node:e,objectOf:t,oneOf:t,oneOfType:t,shape:t,exact:t,checkPropTypes:a,resetWarningCache:o};return n.PropTypes=n,n}},697:function(e,t,n){e.exports=n(703)()},414:function(e){"use strict";e.exports="SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED"},448:function(e,t,n){"use strict";var r=n(294),o=n(840);function a(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n]);return"Minified React error #"+e+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var i=new Set,l={};function u(e,t){s(e,t),s(e+"Capture",t)}function s(e,t){for(l[e]=t,e=0;e<t.length;e++)i.add(t[e])}var c=!("undefined"==typeof window||void 0===window.document||void 0===window.document.createElement),f=Object.prototype.hasOwnProperty,d=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$/,p={},h={};function m(e,t,n,r,o,a,i){this.acceptsBooleans=2===t||3===t||4===t,this.attributeName=r,this.attributeNamespace=o,this.mustUseProperty=n,this.propertyName=e,this.type=t,this.sanitizeURL=a,this.removeEmptyString=i}var y={};"children dangerouslySetInnerHTML defaultValue defaultChecked innerHTML suppressContentEditableWarning suppressHydrationWarning style".split(" ").forEach((function(e){y[e]=new m(e,0,!1,e,null,!1,!1)})),[["acceptCharset","accept-charset"],["className","class"],["htmlFor","for"],["httpEquiv","http-equiv"]].forEach((function(e){var t=e[0];y[t]=new m(t,1,!1,e[1],null,!1,!1)})),["contentEditable","draggable","spellCheck","value"].forEach((function(e){y[e]=new m(e,2,!1,e.toLowerCase(),null,!1,!1)})),["autoReverse","externalResourcesRequired","focusable","preserveAlpha"].forEach((function(e){y[e]=new m(e,2,!1,e,null,!1,!1)})),"allowFullScreen async autoFocus autoPlay controls default defer disabled disablePictureInPicture disableRemotePlayback formNoValidate hidden loop noModule noValidate open playsInline readOnly required reversed scoped seamless itemScope".split(" ").forEach((function(e){y[e]=new m(e,3,!1,e.toLowerCase(),null,!1,!1)})),["checked","multiple","muted","selected"].forEach((function(e){y[e]=new m(e,3,!0,e,null,!1,!1)})),["capture","download"].forEach((function(e){y[e]=new m(e,4,!1,e,null,!1,!1)})),["cols","rows","size","span"].forEach((function(e){y[e]=new m(e,6,!1,e,null,!1,!1)})),["rowSpan","start"].forEach((function(e){y[e]=new m(e,5,!1,e.toLowerCase(),null,!1,!1)}));var v=/[\-:]([a-z])/g;function g(e){return e[1].toUpperCase()}function b(e,t,n,r){var o=y.hasOwnProperty(t)?y[t]:null;(null!==o?0!==o.type:r||!(2<t.length)||"o"!==t[0]&&"O"!==t[0]||"n"!==t[1]&&"N"!==t[1])&&(function(e,t,n,r){if(null==t||function(e,t,n,r){if(null!==n&&0===n.type)return!1;switch(typeof t){case"function":case"symbol":return!0;case"boolean":return!r&&(null!==n?!n.acceptsBo |
| URL: https://www.myprepaidcenter.com/redeem?ecode=W28VM... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be related to privacy management and consent handling, which is a common and legitimate practice. However, it has some moderate-risk indicators, such as using `postMessage` to communicate with the top-level window and pushing events to the `dataLayer` without clear transparency. Further review may be needed to ensure the script's behavior is aligned with its stated purpose."
} |
var __dispatched__={},__i__=self.postMessage&&setInterval(function(){if(self.PrivacyManagerAPI&&__i__){var b={PrivacyManagerAPI:{action:"getConsentDecision",timestamp:(new Date).getTime(),self:self.location.host}};self.top.postMessage(JSON.stringify(b),"*");__i__=clearInterval(__i__)}},50);
self.addEventListener("message",function(b,a){try{if(b.data&&(a=JSON.parse(b.data))&&(a=a.PrivacyManagerAPI)&&a.capabilities&&"getConsentDecision"==a.action){var d=self.PrivacyManagerAPI.callApi("getGDPRConsentDecision",self.location.host).consentDecision;d&&d.forEach(function(c){__dispatched__[c]||(self.dataLayer&&self.dataLayer.push({event:"GDPR Pref Allows "+c}),__dispatched__[c]=1)})}}catch(c){}});
|
| URL: https://ht.blackhawknetwork.com/assets/bXlwcmVwYWl... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code, and potential redirection to suspicious domains. The script decodes a base64 string that contains a list of domains, some of which may be associated with malicious or suspicious activities. It then checks if the current domain is included in the decoded list and, if not, sends the current URL and referrer to a potentially untrusted domain. These behaviors indicate a high likelihood of malicious intent, warranting a high-risk score."
} |
var x = atob("bXlwcmVwYWlkY2VudGVyLmNvbSxteXByZXBhaWRjZW50cmUuY29tLmF1LGJwc215YWNjb3VudC5jb20sY2FyZC1hY3RpdmF0ZS5jb20sbXlwcmVwYWlkY2VudGVyLWNvbS50cmFuc2xhdGUuZ29vZywxMjcuMC4wLjEsbG9jYWxob3N0LGxvY2Fs");var temp = location.host.split(".").reverse();var root_domain = temp[1] + "." + temp[0];var m = x.split(",").find(s => root_domain.includes(s) || s.includes(root_domain));if(!m) {var l = encodeURI(location.href);var r = encodeURI(document.referrer);(new Image()).src = `https://ht.blackhawknetwork.com/assets/images/logo.png?l=${l}&r=${r}&d=${x}`}
|
| URL: https://script.hotjar.com/modules.60031afbf51fb3e8... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a module that handles various user interactions and events, such as identifying users, tagging recordings, and tracking user behavior. While the code does not contain any obvious high-risk indicators, it does have some moderate-risk behaviors, such as external data transmission and aggressive DOM manipulation. Additionally, the code uses some legacy practices, like the `XDomainRequest` API. Overall, the script requires further review due to its unclear or potentially overly aggressive behavior, warranting a medium-risk score."
} |
/*! For license information please see modules.60031afbf51fb3e88a5b.js.LICENSE.txt */
!function(){var e={4788:function(e,t,n){"use strict";n.d(t,{s:function(){return r}});const r=Object.freeze({IDENTIFY_USER:"identify_user",AUTOTAG_RECORDING:"autotag_recording",TAG_RECORDING:"tag_recording",HEATMAP_HELO:"heatmap_helo",RECORDING_HELO:"recording_helo",REPORT_USER_ID:"report_user_id",MUTATION:"mutation",MOUSE_CLICK:"mouse_click",INPUT_CHOICE_CHANGE:"input_choice_change",KEY_PRESS:"key_press",MOUSE_MOVE:"mouse_move",RELATIVE_MOUSE_MOVE:"relative_mouse_move",CLIPBOARD:"clipboard",PAGE_VISIBILITY:"page_visibility",SCROLL_REACH:"scroll_reach",SCROLL:"scroll",SELECT_CHANGE:"select_change",VIEWPORT_RESIZE:"viewport_resize",SCRIPT_PERFORMANCE:"script_performance",REPORT_CONTENT:"report_content",INSERTED_RULE:"inserted_rule",DELETED_RULE:"deleted_rule"})},6939:function(e,t,n){"use strict";n.d(t,{f:function(){return f},W:function(){return g}});const r=Object.freeze({LIVE:"LIVE",REVIEW_WEBAPP:"REVIEW_WEBAPP",REVIEW:"REVIEW",STAGING:"STAGING",DEV:"DEV",DEV_OLD:"DEV_OLD"}),o=(()=>{const e=document.location.host.match(/^(insights-webapp|surveys-webapp|insights|surveys)-(.*?)((?:\.[^.]+)?(?:\.hotjarians\.net)|(?:\.[^.]+)?(?:\.eks\.hotjar\.com))$/);return e&&{component:e[1],reviewId:e[2],domain:e[3],reviewUrlSuffix:e[2]+e[3]}})()?.reviewUrlSuffix,i=Object.freeze({[r.LIVE]:{INSIGHTS:"insights.hotjar.com",SURVEYS:"surveys.hotjar.com"},[r.REVIEW]:{INSIGHTS:`insights-${o}`,SURVEYS:`surveys-${o}`},[r.REVIEW_WEBAPP]:{INSIGHTS:`insights-webapp-${o}`,SURVEYS:`surveys-webapp-${o}`},[r.STAGING]:{INSIGHTS:"insights-staging.hotjar.com",SURVEYS:"surveys-staging.hotjar.com"},[r.DEV]:{INSIGHTS:"local.hotjar.com:8443",SURVEYS:"surveys.local.hotjar.com:8443"},[r.DEV_OLD]:{INSIGHTS:"local.hotjar.com",SURVEYS:"surveys.local.hotjar.com"}}),a=e=>(t,n)=>t===i[e][n],s=a(r.DEV),c=a(r.DEV_OLD),u=a(r.LIVE),l=a(r.REVIEW_WEBAPP),h=a(r.REVIEW),d=a(r.STAGING),f=(e,t)=>{if(t)return`https://${t}/${e}`;const n=((e="INSIGHTS",t=document.location.host)=>u(t,e)?r.LIVE:s(t,e)?r.DEV:c(t,e)?r.DEV_OLD:l(t,e)?r.REVIEW_WEBAPP:h(t,e)?r.REVIEW:d(t,e)?r.STAGING:r.LIVE)();return`https://${i[n].SURVEYS}/${e}`},g=(e=document.location.href)=>{const t=[i[r.LIVE].SURVEYS,i[r.REVIEW_WEBAPP].SURVEYS,i[r.REVIEW].SURVEYS,i[r.STAGING].SURVEYS,i[r.DEV].SURVEYS,i[r.DEV_OLD].SURVEYS],n=document.createElement("a");return n.href=e,t.indexOf(n.hostname)>=0}},9163:function(e,t,n){"use strict";n.d(t,{R:function(){return r}});var r={getFeatures:hj.tryCatch((function(){return hj.settings.features||[]}),"hj.features.getFeatures"),hasFeature:hj.tryCatch((function(e){var t;try{var n=window.localStorage.getItem("HJ_OVERRIDE_FEATURE:".concat(e));t="true"===n||"1"===n}catch(e){t=!1}return r.getFeatures().indexOf(e)>-1||t}),"hj.features.hasFeature")}},9982:function(e,t,n){"use strict";n.d(t,{H:function(){return o}});var r=n(8422),o=function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:a,n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:s,r=0,o=!1;function c(){0!=--r||o||t.bind(this)()}function u(){o=!0,n.bind(this)()}Object.keys(e).forEach((function(t){var n=e[t];"string"==typeof n&&(n=[n]),r+=n.length,n.forEach((function(e){i(e,t,c,u)}))}))},i=function(e,t,n,o){var i;t===r.vH.SCRIPT?(i=document.createElement("script")).src="".concat(hj.scriptDomain).concat(e):t===r.vH.STYLESHEET&&((i=document.createElement("link")).href="".concat(hj.scriptDomain).concat(e),i.rel="stylesheet"),i.onload=n,i.onerror=o,document.getElementsByTagName("head")[0].appendChild(i)};function a(){}function s(){var e=this.src||this.href;hj.exceptions.log(new Error("Failed to load module: ".concat(e,".")),"loader")}},8417:function(e,t,n){"use strict";n.d(t,{c:function(){return i}});var r=n(9982),o=!1,i=function(e){var t=e.title,n=e.message,i=e.status,a=window.hjLazyModules;o?hj.widget.renderNotificationWidget({title:t,message:n,status:i}):(0,r.H)(a.NOTIFICATION,(function(){o=!0,hj.widget.renderNotificationWidget({title:t,mes |
| URL: https://www.myprepaidcenter.com/scripts.593eeb7a74... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a part of the jQuery library, which is a widely used and trusted JavaScript framework. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The behaviors observed are primarily related to DOM manipulation, data handling, and utility functions, which are common in legitimate web development frameworks. While the code uses some legacy practices, such as the `XDomainRequest` API, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign part of a popular and well-established JavaScript library."
} |
var requirejs,require,define;!function(t,e){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=t.document?e(t,!0):function(t){if(!t.document)throw new Error("jQuery requires a window with a document");return e(t)}:e(t)}("undefined"!=typeof window?window:this,function(t,e){"use strict";var i=[],n=Object.getPrototypeOf,s=i.slice,o=i.flat?function(t){return i.flat.call(t)}:function(t){return i.concat.apply([],t)},r=i.push,a=i.indexOf,l={},h=l.toString,u=l.hasOwnProperty,c=u.toString,d=c.call(Object),p={},f=function(t){return"function"==typeof t&&"number"!=typeof t.nodeType&&"function"!=typeof t.item},g=function(t){return null!=t&&t===t.window},m=t.document,v={type:!0,src:!0,nonce:!0,noModule:!0};function b(t,e,i){var n,s,o=(i=i||m).createElement("script");if(o.text=t,e)for(n in v)(s=e[n]||e.getAttribute&&e.getAttribute(n))&&o.setAttribute(n,s);i.head.appendChild(o).parentNode.removeChild(o)}function _(t){return null==t?t+"":"object"==typeof t||"function"==typeof t?l[h.call(t)]||"object":typeof t}var y="3.6.0",w=function(t,e){return new w.fn.init(t,e)};function C(t){var e=!!t&&"length"in t&&t.length,i=_(t);return!f(t)&&!g(t)&&("array"===i||0===e||"number"==typeof e&&0<e&&e-1 in t)}w.fn=w.prototype={jquery:y,constructor:w,length:0,toArray:function(){return s.call(this)},get:function(t){return null==t?s.call(this):t<0?this[t+this.length]:this[t]},pushStack:function(t){var e=w.merge(this.constructor(),t);return e.prevObject=this,e},each:function(t){return w.each(this,t)},map:function(t){return this.pushStack(w.map(this,function(e,i){return t.call(e,i,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(w.grep(this,function(t,e){return(e+1)%2}))},odd:function(){return this.pushStack(w.grep(this,function(t,e){return e%2}))},eq:function(t){var e=this.length,i=+t+(t<0?e:0);return this.pushStack(0<=i&&i<e?[this[i]]:[])},end:function(){return this.prevObject||this.constructor()},push:r,sort:i.sort,splice:i.splice},w.extend=w.fn.extend=function(){var t,e,i,n,s,o,r=arguments[0]||{},a=1,l=arguments.length,h=!1;for("boolean"==typeof r&&(h=r,r=arguments[a]||{},a++),"object"==typeof r||f(r)||(r={}),a===l&&(r=this,a--);a<l;a++)if(null!=(t=arguments[a]))for(e in t)n=t[e],"__proto__"!==e&&r!==n&&(h&&n&&(w.isPlainObject(n)||(s=Array.isArray(n)))?(i=r[e],o=s&&!Array.isArray(i)?[]:s||w.isPlainObject(i)?i:{},s=!1,r[e]=w.extend(h,o,n)):void 0!==n&&(r[e]=n));return r},w.extend({expando:"jQuery"+(y+Math.random()).replace(/\D/g,""),isReady:!0,error:function(t){throw new Error(t)},noop:function(){},isPlainObject:function(t){var e,i;return!(!t||"[object Object]"!==h.call(t)||(e=n(t))&&("function"!=typeof(i=u.call(e,"constructor")&&e.constructor)||c.call(i)!==d))},isEmptyObject:function(t){var e;for(e in t)return!1;return!0},globalEval:function(t,e,i){b(t,{nonce:e&&e.nonce},i)},each:function(t,e){var i,n=0;if(C(t))for(i=t.length;n<i&&!1!==e.call(t[n],n,t[n]);n++);else for(n in t)if(!1===e.call(t[n],n,t[n]))break;return t},makeArray:function(t,e){var i=e||[];return null!=t&&(C(Object(t))?w.merge(i,"string"==typeof t?[t]:t):r.call(i,t)),i},inArray:function(t,e,i){return null==e?-1:a.call(e,t,i)},merge:function(t,e){for(var i=+e.length,n=0,s=t.length;n<i;n++)t[s++]=e[n];return t.length=s,t},grep:function(t,e,i){for(var n=[],s=0,o=t.length,r=!i;s<o;s++)!e(t[s],s)!==r&&n.push(t[s]);return n},map:function(t,e,i){var n,s,r=0,a=[];if(C(t))for(n=t.length;r<n;r++)null!=(s=e(t[r],r,i))&&a.push(s);else for(r in t)null!=(s=e(t[r],r,i))&&a.push(s);return o(a)},guid:1,support:p}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=i[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(t,e){l["[object "+e+"]"]=e.toLowerCase()});var x=function(t){var e,i,n,s,o,r,a,l,h,u,c,d,p,f,g,m,v,b,_,y="sizzle"+1*new Date,w=t.document,C=0,x=0,k=lt(),T=lt(),D=lt(),S=lt(),E= |
| URL: https://www.myprepaidcenter.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.myprepaidcenter.com |
| URL: https://static.hotjar.com/c/hotjar-5235682.js?sv=6... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script appears to be related to analytics and user interaction tracking, likely from a service like Hotjar. It includes features for recording user interactions and sending data to a metrics URL. While it involves data transmission to an external domain, it does not exhibit high-risk behaviors such as dynamic code execution or data exfiltration of sensitive information. The domain 'metrics.hotjar.io' is associated with a known analytics service, which reduces the risk score."
} |
window.hjSiteSettings = window.hjSiteSettings || {"site_id":5235682,"rec_value":0.0,"state_change_listen_mode":"automatic","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":true,"session_capture_console_consent":true,"anonymize_digits":true,"anonymize_emails":true,"suppress_all":false,"suppress_all_on_specific_pages":[],"suppress_text":false,"suppress_location":false,"user_attributes_enabled":true,"legal_name":null,"privacy_policy_url":null,"deferred_page_contents":[],"record_targeting_rules":[],"heatmaps":[],"polls":[],"integrations":{"optimizely":{"tag_recordings":false},"abtasty":{"tag_recordings":false},"kissmetrics":{"send_user_id":false},"mixpanel":{"send_events":false},"unbounce":{"tag_recordings":false},"hubspot":{"enabled":false,"send_recordings":false,"send_surveys":false}},"features":["ask.popover_redesign","client_script.compression.pc","csq_theme","error_reporting","feedback.embeddable_widget","feedback.widgetV2","settings.billing_v2","survey.embeddable_widget","survey.image_question","survey.screenshots","survey.type_button"],"tracking_code_verified":true,"cs_project_id":null,"account_id":3802454,"account_signature":"33d7b008498533a9cd27b531fb31b9726131be4f49d50c591f0521c0b9fc9809","feedback_widgets":null};
!function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){for(var r=0;r<t.length;r++){var i=t[r];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,n(i.key),i)}}function n(t){var n=function(t,n){if("object"!=e(t)||!t)return t;var r=t[Symbol.toPrimitive];if(void 0!==r){var i=r.call(t,"string");if("object"!=e(i))return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(t)}(t);return"symbol"==e(n)?n:String(n)}var r,i=function(){function e(t){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:10,r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:1e3;!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e),this.send=t,this.batchSize=n,this.flushInterval=r,this.buffer=[],this.flushTimer=null}var n,r;return n=e,(r=[{key:"getBuffer",value:function(){return this.buffer}},{key:"add",value:function(e){var t=this;this.buffer.push(e),this.buffer.length>=this.batchSize?this.flush():this.flushTimer||(this.flushTimer=setTimeout((function(){t.flush()}),this.flushInterval))}},{key:"flush",value:function(){this.buffer.length>0&&(this.send(this.buffer),this.buffer=[]),this.flushTimer&&(clearTimeout(this.flushTimer),this.flushTimer=null)}}])&&t(n.prototype,r),Object.defineProperty(n,"prototype",{writable:!1}),e}();function a(){return a=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},a.apply(this,arguments)}var o,s=function(){try{return"performance"in window&&"now"in window.performance}catch(e){return!1}},c={version:6,metricsUrl:(null===(r=window._hjSettings)||void 0===r?void 0:r.metricsUrl)||"https://metrics.hotjar.io",sampling:{metrics:.1,fieldMetrics:.01,debug:.5,universalDebug:.05*.1},browser:{hasPerformance:!1,shouldLogMetrics:!1,inLab:!1},buffer:{bufferSize:40,flushInterval:3e3}},l={isDebugEnabled:!1,isMetricsEnabled:!1,isFieldMetricsEnabled:!1,loggedMetrics:{},genericTags:{}},u=function(e,t,n){var r;l.loggedMetrics[e]=a(a({},l.loggedMetrics[e]),{},((r={})[t]=n||{},r))},d=function(e){if(!e)return"value";var t=Object.keys(e)[0];return t&&e[t]||"value"},g=function(e){var t,n=null!==(t=e.tag)&&void 0!==t?t:void 0;return l.isDebugEnabled?a(a(a({},n),e.extraTags),l.genericTags):n},f=function(e,t){if(!o)return!1;var n=l.isMetricsEnabled||l.isDebugEnabled;return"lab"===e&&(n=c.browser.inLab),"field"===e&&(n=l.isFieldMetricsEn |
| URL: https://www.googletagmanager.com/gtm.js?id=GTM-5S8... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be a Google Tag Manager (GTM) implementation with some potentially concerning behaviors. It includes the following:
1. Moderate-Risk Indicators:
- External Data Transmission: The script sends data to external domains like 'analytics.example.com' and 'G-KZH1R32NEW' (Google Analytics).
- Fallback Domains: The script uses multiple fallback domains, some of which may be untrusted.
2. Contextual Adjustments:
- Trusted Domains: The script interacts with known, reputable domains like Google, which reduces the risk score.
- Analytics/Telemetry: The script's intent appears to be for analytics and telemetry, which further reduces the risk score.
Overall, the script demonstrates some potentially aggressive behavior in terms of data transmission and domain usage, but it is likely part of a legitimate analytics implementation. Further review may be needed to ensure the script is not sending any sensitive data or redirecting to malicious domains."
} |
// Copyright 2012 Google Inc. All rights reserved.
(function(){
var data = {
"resource": {
"version":"4",
"macros":[{"function":"__e"},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"cmapi_cookie_privacy"},{"function":"__e"},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__f","vtp_component":"URL"},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"notice_behavior"}],
"tags":[{"function":"__ua","metadata":["map"],"once_per_event":true,"vtp_overrideGaSettings":true,"vtp_trackType":"TRACK_PAGEVIEW","vtp_trackingId":"UA-147248431-17","vtp_enableRecaptchaOption":false,"vtp_enableUaRlsa":false,"vtp_enableUseInternalVersion":false,"vtp_enableFirebaseCampaignData":true,"vtp_enableGA4Schema":true,"tag_id":12},{"function":"__gaawe","metadata":["map"],"once_per_event":true,"vtp_sendEcommerceData":false,"vtp_enhancedUserId":false,"vtp_eventName":["template",["macro",2],["macro",3],["macro",4],["macro",5],["macro",6],["macro",7],["macro",1]],"vtp_measurementIdOverride":"G-KZH1R32NEW","vtp_enableUserProperties":true,"vtp_enableMoreSettingsOption":true,"vtp_enableEuid":true,"vtp_migratedToV2":true,"vtp_demoV2":false,"tag_id":14},{"function":"__googtag","metadata":["map"],"once_per_event":true,"vtp_tagId":"G-KZH1R32NEW","tag_id":15},{"function":"__googtag","metadata":["map"],"once_per_event":true,"vtp_tagId":"G-KZH1R32NEW","tag_id":16},{"function":"__googtag","metadata":["map"],"once_per_event":true,"vtp_tagId":"G-WLN0WWG4CE","vtp_configSettingsTable":["list",["map","parameter","event_category","parameterValue","click"],["map","parameter","event_label","parameterValue","merchantClick"],["map","parameter","value","parameterValue",""]],"tag_id":18},{"function":"__gaawe","metadata":["map"],"once_per_event":true,"vtp_sendEcommerceData":false,"vtp_enhancedUserId":false,"vtp_eventName":"merchantClick","vtp_measurementIdOverride":"G-WLN0WWG4CE","vtp_enableUserProperties":true,"vtp_enableMoreSettingsOption":true,"vtp_enableEuid":true,"vtp_migratedToV2":true,"vtp_demoV2":false,"tag_id":19},{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":"\u003Cscript type=\"text\/gtmscript\"\u003Evar __dispatched__={},__i__=self.postMessage\u0026\u0026setInterval(function(){if(self.PrivacyManagerAPI\u0026\u0026__i__){var b={PrivacyManagerAPI:{action:\"getConsentDecision\",timestamp:(new Date).getTime(),self:self.location.host}};self.top.postMessage(JSON.stringify(b),\"*\");__i__=clearInterval(__i__)}},50);\nself.addEventListener(\"message\",function(b,a){try{if(b.data\u0026\u0026(a=JSON.parse(b.data))\u0026\u0026(a=a.PrivacyManagerAPI)\u0026\u0026a.capabilities\u0026\u0026\"getConsentDecision\"==a.action){var d=self.PrivacyManagerAPI.callApi(\"getGDPRConsentDecision\",self.location.host).consentDecision;d\u0026\u0026d.forEach(function(c){__dispatched__[c]||(self.dataLayer\u0026\u0026self.dataLayer.push({event:\"GDPR Pref Allows \"+c}),__dispatched__[c]=1)})}}catch(c){}});\u003C\/script\u003E","vtp_supportDocumentWrite":false,"vtp_enableIframeMode":false,"vtp_enableEditJsMacroBehavior":false,"tag_id":9}],
"predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":"_eq","arg0":["macro",0],"arg1":"GDPR Pref Allows 2"},{"function":"_cn","arg0":["macro",1],"arg1":"permit"},{"function":"_cn","arg0":["macro",1],"arg1":"expressed"},{"function":"_re","arg0":["macro",0],"arg1":".*"},{"function":"_cn","arg0":["macro",1],"arg1":"2"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.init_consent"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.init"},{"function":"_cn","arg0":["macro",1],"arg1":"3"},{"function":"_eq","arg0":["macro",0],"arg1":"GDPR Pref Allows 3"},{"function":"_eq","arg0":["macro",0],"arg1":" |
| URL: https://myprepaidcenter.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://myprepaidcenter.com |
Edit tour
chrome.exe (PID: 4048 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node