Found this code on a public institution's website and have some concerns. Seeking opinions

Question

I found this code on a clients website, loaded the URL which returned the attached script. This appears to me (and I could be wrong) to be some sport of dataLayer info capture to spreadsheet auto-fill script. Naturally, what concerned my was the "userInfo", "user", "password" sections of this. I'm not overly versed in this level of code so I am reaching out here! Thanks!

! function(r, e, t) {
var n = function(e) {
        return "string" == typeof e
    },
    o = function() {
        return function(e) {
            for (var n = {
                    strictMode: !1,
                    key: ["source", "protocol", "authority", "userInfo", "user", "password", "host", "port", "relative", "path", "directory", "file", "query", "anchor"],
                    q: {
                        name: "queryKey",
                        parser: /(?:^|&)([^&=]*)=?([^&]*)/g
                    },
                    parser: {
                        strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
                        loose: /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/)?((?:(([^:@?]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/
                    }
                }, r = n.parser[n.strictMode ? "strict" : "loose"].exec(e), o = {}, t = 14; t--;) o[n.key[t]] = r[t] || "";
            o[n.q.name] = {}, o[n.key[12]].replace(n.q.parser, function(e, r, t) {
                r && (r = decodeURIComponent(r), o[n.q.name][r] && o[n.q.name][r].constructor === Array ? o[n.q.name][r].push(decodeURIComponent(t)) : o[n.q.name][r] ? o[n.q.name][r] = [o[n.q.name][r], decodeURIComponent(t)] : o[n.q.name][r] = decodeURIComponent(t))
            });
            var s = o.host.split(".");
            return o.rootDomain = 2 <= s.length ? s[s.length - 2] + "." + s[s.length - 1] : "", o.href = e, o
        }(r.location.href)
    },
    s = function() {
        if (r.rl_widget_cfg) return r.rl_widget_cfg.id;
        if (r.rl_siteid) return r.rl_siteid;
        var e = o().queryKey.rl_siteid;
        return e || ((e = localStorage.getItem("capture_previous_site_id")) || null)
    },
    c = e.createElement("script");
if (r.rl_widget_cfg || r.test_mode) c.src = "https://cdn.rlets.com/capture_static/mms/capture.js";
else {
    var i = function() {
        var e, r, t = s();
        if (t && n(t) && 32 === (t = (e = t, n(e) ? !1 !== r && e.trim ? e.trim() : e.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, "") : e).replace(/-/g, "")).length) return "/" + t.substr(0, 3) + "/" + t.substr(3, 3) + "/" + t.substr(6, 3) + "/" + t.substr(9) + ".js"
    }();
    i && (c.src = "https://cdn.rlets.com/capture_configs" + i)
}
e.head.appendChild(c)

}(window, document);

Answer 1

I've seen this on the Founders Credit Union site also, so I also think it's legit marketing. I still don't like it though.

Answer 2

cdn.rlets.com is for a tracking pixel for reachlocal.com. It's used for marketing purposes. (I've seen it used specifically as an integration with Facebook ads.)

It's minified, so hard to say exactly what it's doing, but I don't think it's malicious (any more than marketing pixels in general are).