Similarweb - Website Traffic & SEO CheckerSecurity Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Dynamically creates script elements, potentially loading external malicious code.

Injects and executes scripts in web pages programmatically.

Dynamically sets a script's src attribute to load external code at runtime.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Creates a function from a string (new Function()), similar to eval().

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

Decodes base64 data, commonly used to hide malicious payloads.

Sends messages via Chrome runtime, could communicate with external services.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Uses XMLHttpRequest to make network calls.

JavaScript file could not be parsed and has high entropy. May contain obfuscated code.

Line exceeds 5000 characters (entropy: 5.278027336207221)

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Content script matches <all_urls>, executing on every website the user visits.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Encodes data to base64, may be used for data exfiltration.

Reads or writes to localStorage, which may contain sensitive site data.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

panel/panel.js