Windows Analysis Report
http://ww1.tryd.pro

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": true,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: http://ww1.tryd.pro

{
    "risk_score": 4,
    "reasoning": "The script appears to be related to Google's AdSense for Search (AFS) functionality, which is a legitimate advertising service. However, it uses some potentially aggressive DOM manipulation techniques, such as dynamically appending content to the 'adBlock' element. Additionally, the script sets global variables that could be used for tracking or other purposes. While the intent seems to be advertising-related, the aggressive DOM manipulation and use of global variables warrant further review."
}

window.AFS_AD_REQUEST_RETURN_TIME_ = Date.now();window.IS_GOOGLE_AFS_IFRAME_ = true;function populate(el) { var adBlock = document.getElementById("adBlock"); adBlock.innerHTML += el;}
var IS_GOOGLE_AFS_IFRAME_ = true;
var ad_json = {"caps":[{"n":"queryId","v":"rp2FZ72fLberjuwPzZaEkQk"},{"n":"popstripeRs","v":"#1F8A70,#BEDB39,#FFE11A,#FD7400,#004358"}],"rs_attr":{"t":"Related Links","u":""},"gd":{"ff":{"fd":"swap","eiell":true,"pcsbs":"44","pcsbp":"8","eovd":false,"efovd":true},"cd":{"pid":"dp-bodis30_3ph","eawp":"partner-dp-bodis30_3ph","qi":"rp2FZ72fLberjuwPzZaEkQk"},"pc":{"ct":true},"dc":{"d":true}}};

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It appears to be encoding sensitive information, such as a UUID, page URL, and other request parameters, and storing it in the `window.park` variable. While the intent is not entirely clear, the use of obfuscated data and the potential for data exfiltration to an unknown domain warrant further investigation. The overall risk score is in the medium range, indicating the need for closer inspection and potential mitigation measures."
}

window.park = "eyJ1dWlkIjoiNGNkN2JlNWMtZjg4OS00ZGRhLTg5MmYtOTY3ZjBhNzE0NTlhIiwicGFnZV90aW1lIjoxNzM2ODA5OTExLCJwYWdlX3VybCI6Imh0dHA6Ly93dzEudHJ5ZC5wcm8vP2NhZj0xXHUwMDI2YnB0PTM0NVx1MDAyNnF1ZXJ5PUJlc3QrQ3JlZGl0K0NhcmRzKzIwMjVcdTAwMjZhZmRUb2tlbj1DaE1JbWV5c2l1bnppZ01WYXZrQ0J4MmVoREF1RW1RQmxMcXBqeldOV2sxSTBCVXdsenRHQzZTQ05ab19TN3pFcXNDazdxbWllQ1RCQmpXc1Zfa0FrR0NFcE5XbEpxNUU3NktPMkZSandjUVBrV2dfZGxjbl9CdWFKMjZTelhFM1h6dG10eGFBQzRDZkRtUy1CUUwzZFdWWjVZeTlrdUtMaWlraklBRVx1MDAyNnBjc2E9ZmFsc2VcdTAwMjZuYj0wXHUwMDI2bm09NFx1MDAyNm54PTI0MFx1MDAyNm55PTU0XHUwMDI2aXM9NzAweDM2M1x1MDAyNmNsa3Q9NzhcdTAwMjZzdWlkPTMyNzQyNzA5ODIxIiwicGFnZV9tZXRob2QiOiJHRVQiLCJwYWdlX3JlcXVlc3QiOnsiYWZkVG9rZW4iOiJDaE1JbWV5c2l1bnppZ01WYXZrQ0J4MmVoREF1RW1RQmxMcXBqeldOV2sxSTBCVXdsenRHQzZTQ05ab19TN3pFcXNDazdxbWllQ1RCQmpXc1Zfa0FrR0NFcE5XbEpxNUU3NktPMkZSandjUVBrV2dfZGxjbl9CdWFKMjZTelhFM1h6dG10eGFBQzRDZkRtUy1CUUwzZFdWWjVZeTlrdUtMaWlraklBRSIsImJwdCI6IjM0NSIsImNhZiI6IjEiLCJjbGt0IjoiNzgiLCJpcyI6IjcwMHgzNjMiLCJuYiI6IjAiLCJubSI6IjQiLCJueCI6IjI0MCIsIm55IjoiNTQiLCJwY3NhIjoiZmFsc2UiLCJxdWVyeSI6IkJlc3QrQ3JlZGl0K0NhcmRzKzIwMjUiLCJzdWlkIjoiMzI3NDI3MDk4MjEifSwicGFnZV9oZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9zeW5kaWNhdGVkc2VhcmNoLmdvb2cvIl19LCJob3N0Ijoid3cxLnRyeWQucHJvIiwiaXAiOiI4LjQ2LjEyMy4xODkifQo=";

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "risk_score": 5,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that warrant further review. While it does not contain any clear indicators of malicious intent, it uses some practices that could be considered aggressive or potentially problematic. The script appears to be related to Google's advertising and analytics services, which is a legitimate use case, but the implementation raises some concerns."
}

The key factors contributing to the medium risk score (5) are:

1. **External Data Transmission (+2 points):** The script sends user data to the `syndicatedsearch.goog` domain, which could be considered a third-party domain. This behavior requires further review to ensure the data transmission is transparent and necessary for the script's intended purpose.

2. **Aggressive DOM Manipulation (+2 points):** The script appears to aggressively manipulate the DOM, including clearing the `innerHTML` property. This behavior could potentially impact the user experience or introduce vulnerabilities if not implemented carefully.

3. **Fallback Domains (+1 point):** The script uses multiple fallback domains, including some that may be less trusted, such as `appsspot.com` and `blogspot.com`. While this is a common practice, it warrants additional scrutiny to ensure the fallback domains are legitimate and necessary.

4. **Contextual Adjustments (-1 point):** The script's apparent purpose of providing Google's advertising and analytics services is a legitimate use case, so the risk score is reduced by 1 point.

Overall, the script exhibits behaviors that could be considered potentially problematic, but the context suggests it is likely related to legitimate Google services. Further review and testing may be necessary to fully assess the risks and ensure the implementation follows best practices for security and user privacy.

if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"5942599812270562725",packages:"domains",module:"ads",version:"1",m:{cei:"17301431,17301433,17301436,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_chatbot_aa":500,"afs_gpp_api":0,"disable_usp_api":0,"heterodyne_test":851,"ivt_changes":0}}};var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=ca(this);function r(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}}
r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.ce=f;ba(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toString=function(){return this.ce};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});
r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=ea[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ba(d.prototype,a,{configurable:!0,writable:!0,value:function(){return fa(aa(this))}})}return a});function fa(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var ha=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ia;if(typeof Object.setPrototypeOf=="function")ia=Object.setPrototypeOf;else{var ja;a:{var ka={a:!0},la={};try{la.__proto__=ka;ja=la.a;break a}catch(a){}ja=!1}ia=ja?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ma=ia;
function na(a,b){a.prototype=ha(b.prototype);a.prototype.constructor=a;if(ma)ma(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Mf=b.prototype}function u(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}
function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}function ra(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b}
r("Promise",function(a){function b(h){this.A=0;this.Sa=void 0;this.ta=[];this.Gd=!1;var g=this.kc();try{h(g.resolve,g.reject)}catch(k){g.reject(k)}}function c(){this.X=null}function d(h){return h instanceof b?h:new

{
    "risk_score": 5,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that warrant further review. While it does not contain any clear indicators of malicious intent, it uses some practices that could be considered aggressive or potentially problematic. The script appears to be related to Google's advertising and analytics services, which is a legitimate use case, but the implementation raises some concerns."
}

The key points that contribute to the medium risk score of 5 are:

1. **External Data Transmission (+2 points):** The script sends user data to various external domains, including `www.google.com`, `appspot.com`, `blogspot.com`, and others, which could potentially include sensitive information.

2. **Aggressive DOM Manipulation (+2 points):** The script appears to aggressively manipulate the DOM, including setting global variables and modifying the `window` object, which could have unintended consequences.

3. **Fallback Domains (+1 point):** The script uses multiple fallback domains, some of which may be less trustworthy, which could indicate an attempt to bypass security measures.

4. **Contextual Adjustments:**
   - **Trusted Domains (-1 point):** The script interacts with known, reputable domains like `google.com`, which mitigates some of the risk.
   - **Analytics/Telemetry (-2 points):** The script's intent appears to be related to Google's advertising and analytics services, which is a legitimate use case.

The final risk score of 5 reflects the script's mixed behavior, where it exhibits some potentially problematic practices but is also likely serving a legitimate purpose. Further investigation may be warranted to ensure the script is not misusing or exfiltrating sensitive user data, but the overall risk is considered medium.

if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"5942599812270562725",packages:"domains",module:"ads",version:"1",m:{cei:"17300002,17301437,17301439,17301442,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_chatbot_aa":500,"afs_gpp_api":0,"disable_usp_api":0,"heterodyne_test":851,"ivt_changes":0}}};var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=ca(this);function r(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}}
r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.ce=f;ba(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toString=function(){return this.ce};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});
r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=ea[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ba(d.prototype,a,{configurable:!0,writable:!0,value:function(){return fa(aa(this))}})}return a});function fa(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
var ha=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ia;if(typeof Object.setPrototypeOf=="function")ia=Object.setPrototypeOf;else{var ja;a:{var ka={a:!0},la={};try{la.__proto__=ka;ja=la.a;break a}catch(a){}ja=!1}ia=ja?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ma=ia;
function na(a,b){a.prototype=ha(b.prototype);a.prototype.constructor=a;if(ma)ma(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Mf=b.prototype}function u(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}
function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}function ra(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b}
r("Promise",function(a){function b(h){this.A=0;this.Sa=void 0;this.ta=[];this.Gd=!1;var g=this.kc();try{h(g.resolve,g.reject)}catch(k){g.reject(k)}}function c(){this.X=null}function d(h){return h instanceof b?h:n

{
  "brands": "unknown"
}

```json
{
    "risk_score": 5,
    "reasoning": "The script includes moderate-risk indicators such as external data transmission via fetch to a third-party domain (bodis.com) without transparency (+2 points) and obfuscated code using base64 encoding (+3 points). There are no high-risk indicators like dynamic code execution or data exfiltration. The domain bodis.com is not widely recognized as trusted, but there is no clear evidence of malicious intent, leading to a medium risk score."
}

!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).version={})}(this,(function(exports){"use strict";function __awaiter(e,t,n,i){return new(n||(n=Promise))((function(s,a){function o(e){try{d(i.next(e))}catch(e){a(e)}}function r(e){try{d(i.throw(e))}catch(e){a(e)}}function d(e){var t;e.done?s(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(o,r)}d((i=i.apply(e,t||[])).next())}))}var Blocking;"function"==typeof SuppressedError&&SuppressedError,function(e){e.PENDING="pending",e.NONE="none",e.BLOCKED="blocked",e.ALLOWED="allowed"}(Blocking||(Blocking={}));class Adblock{constructor(e){this.state=Blocking.PENDING,this._mocked=!1,e?(this.state=e,this._mocked=!0):this.state=Blocking.ALLOWED}inject(){return __awaiter(this,void 0,void 0,(function*(){}))}hasAdblocker(){if(void 0===window.google)return!0;const e=document.querySelectorAll("style");return Array.from(e).some((e=>!!e.innerHTML.includes("adblockkey")))}handleAdblocked(){this.removeAdblockKey(),this.state=Blocking.BLOCKED}removeAdblockKey(){var e;null===(e=document.documentElement.dataset)||void 0===e||delete e.adblockkey}get isBlocked(){return this.state===Blocking.BLOCKED}get isAllowed(){return this.state===Blocking.ALLOWED}toContext(){return{user_has_ad_blocker:null,is_ad_blocked:null}}}const OBFUSCATING_BASE_64_PREFIX="UxFdVMwNFNwN0wzODEybV",encode=e=>OBFUSCATING_BASE_64_PREFIX+btoa(unescape(encodeURIComponent(JSON.stringify(e))));function decode$1(e){return JSON.parse(decodeURIComponent(escape(atob(e.replace(OBFUSCATING_BASE_64_PREFIX,"")))))}var version="0.5.5";const APP_ENV="production",TRACKING_DOMAIN="https://click-use1.bodis.com/",SALES_JS_URL="https://parking.bodiscdn.com/js/inquiry.js",GOOGLE_CAF_TIMEOUT_SCRIPTS="0",GOOGLE_CAF_TIMEOUT_CALLBACKS="0",GOOGLE_MV3_URL_PARAMS="abp=1&bodis=true",APP_VERSION=version,COOKIE_CONSENT_JS_URL="",isLocal=(e=!0)=>"production"!==APP_ENV;function log(...e){}const FIND_DOMAIN_URL="_fd",getFindDomain=(e="",t=!1)=>{const n=`${e}/${FIND_DOMAIN_URL}${window.location.search}`,i=e?"include":"same-origin",s=Object.assign({Accept:"application/json","Content-Type":"application/json"},t?{"X-HOST":window.location.host}:{});return fetch(n,{method:"POST",headers:s,credentials:i}).then((e=>e.text())).then(decode$1)};var ZeroClickReasons;!function(e){e.CAF_TIMEDOUT="caf_timedout",e.CAF_ADLOAD_FAIL_RS="caf_adloadfail_rs",e.CAF_ADLOAD_FAIL_ADS="caf_adloadfail_ads",e.DISABLED_GB="disabled_gb",e.DISABLED_AB="disabled_ab",e.DISABLED_DS="disabled_ds",e.AD_BLOCKED="ad_blocked",e.PREFERRED="preferred"}(ZeroClickReasons||(ZeroClickReasons={}));const getZeroClick=e=>__awaiter(void 0,void 0,void 0,(function*(){const t=Object.assign(Object.assign({},e),{type:"zc_fetch"});return fetch("/_zc",{method:"POST",body:JSON.stringify({signature:encode(t)}),headers:{Accept:"application/json","Content-Type":"application/json"}}).then((e=>__awaiter(void 0,void 0,void 0,(function*(){try{return decode$1(yield e.text())}catch(e){return{}}}))))})),waiter=(e,t)=>new Promise((n=>{t(e),e<=0&&n();let i=e;const s=()=>{i>0?(i-=1,t(i),setTimeout(s,1e3)):n()};s()})),decode=()=>JSON.parse(atob(window.park||""));var PAGE_STYLES='* {\n  font-smoothing: antialiased;\n  -webkit-font-smoothing: antialiased;\n  -moz-osx-font-smoothing: grayscale;\n}\n\nhtml, body {\n  width: 100%;\n  margin: 0;\n}\n\nhtml {\n  background-color: #2B2B2B;\n  height: 100%;\n}\n\nbody {\n  min-height: 90%;\n  font-family: Arial, sans-serif;\n  letter-spacing: 1.2px;\n  color: #ccc;\n  text-align: center;\n}\n\n/* App Target - This starts hidden until we apply a class to "activate" it */\n\n#target {\n  opacity: 0;\n  visibility: hidden;\n}\n\n/* Status Messages - These are displayed when we are not rendering ad blocks or Related Search */\n\n#pk-status-message {\n  height: 75vh;\n  width: 100%;\n  display: flex;\n  flex-direction: column;\n  align-items

{
    "risk_score": 4,
    "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and potential fallback domains. However, it appears to be related to Google AdSense functionality, which is a legitimate use case. Further review may be needed to ensure the script is not exhibiting any suspicious or malicious behavior beyond the standard AdSense integration."
}

if (window.name.match(/^{"name":"master-\d+"/)) {var script = document.createElement('script');script.src = "/adsense/search/ads.js";var href = window.location.href;if (!!href && (href.indexOf('?pac=') > 0 || href.indexOf('&pac=') > 0)) {if (href.indexOf('?pac=1') > 0 || href.indexOf('&pac=1') > 0) {script.src += '?pac=1';} else if (href.indexOf('?pac=2') > 0 || href.indexOf('&pac=2') > 0) {script.src += '?pac=2';} else {script.src += '?pac=0';}}document.head.appendChild(script);window.IS_GOOGLE_AFS_IFRAME_ = true;}function populate(el) {var adBlock = document.getElementById('adBlock');adBlock.innerHTML += el;}function getMaster() {var m = null;var pIndex = window.name.indexOf('|');if (pIndex > -1 && window.name.charAt(0) != '{') {try {m = window.parent.frames[window.name.substring(pIndex + 1)];} catch (e) {}if (m) {return m;}var nameInfo = window.name.match(/^(slave-\d+)-(\d+)/);var masterNum = (nameInfo && nameInfo[2]) ? nameInfo[2] : null;if (masterNum) {try {m = window.parent.frames['master-' + masterNum];} catch (e) {}}}return m;}window.onresize = function() {var resizeMaster = getMaster();try {resizeMaster && resizeMaster.sPH && resizeMaster.sPH();} catch(e) {}};var masterFrame = getMaster();try {masterFrame && masterFrame.mPAASH && masterFrame.mPAASH();} catch(e) {}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be related to Google's AdSense for Search (AFS) functionality, which is a legitimate advertising service. The code sets some variables and defines a function to populate an ad block. While it uses some legacy practices like `window.IS_GOOGLE_AFS_IFRAME_`, the overall behavior is consistent with typical ad-related functionality and does not exhibit any high-risk indicators. The risk score is low, as the script seems to be part of a legitimate advertising implementation."
}

window.AFS_AD_REQUEST_RETURN_TIME_ = Date.now();window.IS_GOOGLE_AFS_IFRAME_ = true;function populate(el) { var adBlock = document.getElementById("adBlock"); adBlock.innerHTML += el;}
var IS_GOOGLE_AFS_IFRAME_ = true;
var ad_json = {"caps":[{"n":"queryId","v":"uJ2FZ4XEE5KijuwPwvOIwAU"}],"rs_attr":{"t":"Related Links","u":""},"gd":{"ff":{"fd":"swap","eiell":true,"pcsbs":"44","pcsbp":"8","eovd":false,"efovd":true},"cd":{"pid":"dp-bodis30_3ph","eawp":"partner-dp-bodis30_3ph","ru":"https://syndicatedsearch.goog/","qi":"uJ2FZ4XEE5KijuwPwvOIwAU"},"pc":{"ct":true},"dc":{"d":true}}};

{
    "risk_score": 4,
    "reasoning": "The script appears to be initializing a consent management platform (CMP) from Oath (now part of Verizon Media). While this is a common practice for websites to obtain user consent for data processing, the script does not demonstrate any high-risk behaviors. However, it does use the legacy `XDomainRequest` API, which poses a moderate risk. Additionally, the script is dynamically loading the CMP script from an external domain, which could potentially be used for malicious purposes if the domain is compromised. Overall, the script requires further review but does not exhibit clear signs of malicious intent."
}

!function(n,c){n.cmpJSInit=function(){var t,e;n.cmpJSInitDone||(t=c.getElementsByTagName("head")[0],(e=c.createElement("script")).type="text/javascript",e.src="https://consent.cmp.oath.com/cmp.js",t.appendChild(e),n.cmpJSInitDone=!0)}}(window,document);

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It uses the `YAHOO.AjaxHelper` module, which includes features for dynamic code execution, data exfiltration, and interaction with potentially untrusted domains. While the script appears to have some legitimate functionality, such as analytics and asset management, the overall implementation and lack of transparency increase the risk profile."
}

!function(f){"use strict";function o(f){this.buffer=[],this.loaded=!1;for(var o=0;o<f.length;o++){var e=f[o];this[e]=this.bufferInvocation.bind(this,e)}}o.prototype.bufferInvocation=function(o){for(var e=[],t=this,f=1;f<arguments.length;f++)e.push(arguments[f]);if(!t.loaded)return new Promise(function(f){t.buffer.push({f:o,args:e,resolve:f})});t.loaded[o].apply(t.loaded,e)},o.prototype.pour=function(f){var o,e,t,r=this;for(r.loaded=f,o=0;o<r.buffer.length;o++)"function"==typeof(t=f[(e=r.buffer[o]).f])&&e.resolve(t.apply(f,e.args));r.buffer=[]},f.YAHOO=f.YAHOO||{},f.YAHOO.StubBuffer=o}(window);!function(e,p){"use strict";var d={},f=e.YAHOO=e.YAHOO||{},u=f.NB||{};d.EVAL_STRATEGY={DEFAULT:0,IMMEDIATE:0,DEFERRED:1},d.DEFAULT_CONF={evalStrategy:d.EVAL_STRATEGY.DEFAULT,returnPayload:!1,timeout:2e4,retry:0},d.DEFAULT_XHR_CONF={method:"GET",postData:null,readyStateCallback:null,responseType:"json"},d.cb={},d.cbCounter=0,d.invoke=function(i,c,e){var l=Object.assign({},d.DEFAULT_CONF,e);return function A(u){return new Promise(function(t,e){var a=p.head||p.getElementsByTagName("head")[0],r="AHCB"+ ++d.cbCounter,n=p.createElement("script");n.type="text/javascript";var s=new URL(window.location.origin+i);s.searchParams.set("callback","YAHOO.AjaxHelper.cb."+r),n.src=s.pathname+"?"+s.searchParams.toString()+s.hash;var o=!1;d.cb[r]=function(e){o||(o=!0,n.onerror=null,a.removeChild(n),d.cb[r]=function(){},f.AssetManager&&t(f.AssetManager.process(e,c,l)))};s=function(){o||(o=!0,n.onerror=null,a.removeChild(n),d.cb[r]=function(){},0<u?t(A(u-1)):e(this.readyState))};n.onerror=s,a.appendChild(n),"number"==typeof l.timeout&&setTimeout(s,l.timeout)})}(l.retry)},d.xhr=function(n,a,e){var s,o=Object.assign({},d.DEFAULT_CONF,d.DEFAULT_XHR_CONF,e);new Promise(function(e,t){var a=!1;(s=new XMLHttpRequest).onload=function(){a=!0,200<=s.status&&s.status<300?e(s.response||""):t(s.statusText)},o.readyStateCallback&&(s.onreadystatechange=function(){o.readyStateCallback(s)}),s.onerror=function(){a=!0,t(s.statusText)},o.withCredentials&&(s.withCredentials=!0);try{s.open(o.method,n),o.headers&&u.properties(o.headers,function(e,t){s.setRequestHeader(e,t)}),s.send(o.postData)}catch(r){t(r)}"number"==typeof o.timeout&&setTimeout(function(){a||(s.abort(),a=!0,t("call timed out"))},o.timeout)}).then(function(e){try{"json"===o.responseType&&(e=e&&""!=e?JSON.parse(e):{}),a(!0,e)}catch(t){a(!1,{message:"parse error"})}},function(e){a(!1,{message:e,status:s.status,statusText:s.responseText})})},d.replay=function(e,t,a){if(f.AssetManager){a=Object.assign({},d.DEFAULT_CONF,a);return f.AssetManager.process(e,t,a)}},e.YAHOO.AjaxHelper=d,!e.YAHOO.AssetManager&&e.YAHOO.StubBuffer&&(e.YAHOO.AssetManager=new e.YAHOO.StubBuffer(["requireDry","process","afterDownload","onload","loadScript"]))}(window,document);

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet appears to be a tracking and analytics script, with some potentially concerning behaviors. While it does not exhibit clear signs of malicious intent, there are a few moderate-risk indicators that warrant further review:

1. External Data Transmission (+2 points): The script sends user data to third-party domains via `XHR` and `fetch` calls, which could potentially include sensitive information.
2. Fallback Domains (+2 points): The script uses multiple fallback domains, some of which may be of unknown or dubious reputation.
3. Aggressive DOM Manipulation (+2 points): The script repeatedly alters or clears the DOM, which could be indicative of overly aggressive behavior.

However, the script also contains some legitimate functionality, such as analytics and tracking, which mitigates the overall risk. Additionally, the script does not appear to be heavily obfuscated or contain any high-risk indicators like dynamic code execution or data exfiltration.

Overall, this script falls into the medium-risk category and would require further investigation to determine the full extent of its behavior and potential impact."
}

!function(o){"use strict";var L=o.YAHOO=o.YAHOO||{};L.ULT||(L.ULT={}),L.ULT.SRC_SPACEID_KEY="_S",L.ULT.DEST_SPACEID_KEY="_s",L.ULT.SRC_VIEW_KEY="_I",L.ULT.YLC_LIBSRC=2,L.ULT.CTRL_C="",L.ULT.CTRL_D="",L.ULT.BASE64_STR="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-",L.ULT.getImage=function(){var r=new Image;return r.onload=r.onerror=function(){r.onload=r.onerror=null,r=null},r},L.ULT.track_click=function(r,e,t){return r&&e?(r=L.ULT.y64_token("ylc",r,e),t?L.ULT.y64_token("ylg",r,t):r):r},L.ULT.beacon_click=function(r,e,t){return t=t||L.ULT.getImage(),e&&"IMG"===e.nodeName&&(t=e,e=undefined),r&&(e=L.ULT.track_click(L.ULT.BEACON,r,e),e+=(-1===e.indexOf("?")?"?":"&")+"t="+Math.random(),t.src=e),!0},L.ULT.click_beacon=function(r,e,t){var n,a=r.target||r.srcElement,c=L.ULT.getImage();e&&(t=L.ULT.track_click(L.ULT.BEACON,e,t),t+="?t="+Math.random(),n=a.getAttribute("href",2),c.onerror=c.onload=function(){o.location=n},r.preventDefault?r.preventDefault():r.returnValue=!1,c.src=t)},L.ULT.has_multibyte=function(r){for(var e=0;e<r.length;e++)if(255<r.charCodeAt(e))return!0;return!1},L.ULT.escape_multibyte_if_necessary=function(r){return L.ULT.has_multibyte(r)?encodeURIComponent(r):r},L.ULT.y64_token=function(r,e,t){if(!r||!e||!t)return e;t._r=L.ULT.YLC_LIBSRC;var n,a=[],c=0;for(n in t){var o=t[n];if("string"!=typeof o&&(o=String(o),t[n]=o),n.length<1)return e;if(-1!==n.indexOf(" "))return e;if(L.ULT.has_ctrl_char(n)||L.ULT.has_ctrl_char(o))return e;t[n]=o=L.ULT.escape_multibyte_if_necessary(o),a[c++]=n}for(var a=a.sort(),T=[],c=0;c<a.length;c++)T[c]=a[c]+L.ULT.CTRL_C+t[a[c]];if((T=T.join(L.ULT.CTRL_D)).length<1||1024<T.length)return e;T=";_"+r+"="+L.ULT.encode64(T);return e.replace(new RegExp("(;_"+r+"=[0-9a-zA-Z\\._\\-]+)"),""),-1===(c=-1===(c=-1===(c=e.indexOf("/*"))?e.indexOf("/?"):c)?e.indexOf("?"):c)?e+T:e.substr(0,c)+T+e.substr(c)},L.ULT.has_ctrl_char=function(r){for(var e=0;e<r.length;e++)if(r.charCodeAt(e)<32)return!0;return!1},L.ULT.encode64=function(r){for(var e,t,n,a,c="",o="",T="",i=0;t=(a=r.charCodeAt(i++))>>2,n=(3&a)<<4|(e=r.charCodeAt(i++))>>4,a=(15&e)<<2|(o=r.charCodeAt(i++))>>6,T=63&o,isNaN(e)?a=T=64:isNaN(o)&&(T=64),c=c+L.ULT.BASE64_STR.charAt(t)+L.ULT.BASE64_STR.charAt(n)+L.ULT.BASE64_STR.charAt(a)+L.ULT.BASE64_STR.charAt(T),a=T=o="",i<r.length;);return c}}(window);var w=window,d=document;!function(o,i){"use strict";var n="load",r=!1,a=function(){if("Microsoft Internet Explorer"!==o.navigator.appName)return!1;var e=new RegExp("MSIE ([0-9]{1,}[.0-9]{0,})").exec(o.navigator.userAgent);return e&&e[1]&&parseFloat(e[1])}();function u(e,t,n){n=0<n?0|n:0;return e.substring(n,n+t.length)===t}function c(e,t){var n=[];return s(t,function(e,t){n.push(encodeURIComponent(e)+"="+encodeURIComponent(t))}),e=0<n.length?e+(-1===e.indexOf("?")?"?":"&")+n.join("&"):e}function s(e,t){for(var n in e)f(e,n)&&t(n,e[n])}function f(e,t){return Object.prototype.hasOwnProperty.call(e,t)}function l(e){return"function"==typeof e.trim?e.trim():e.replace(/^\s+|\s+$/gm,"")}function t(e){var t;a&&a<9&&"undefined"!=typeof e.createTextRange?((t=e.createTextRange()).collapse(!1),t.select()):"number"==typeof e.selectionStart&&(e.selectionStart=e.selectionEnd=e.value.length)}function p(e){"focus"in e&&e.focus()}function d(e,t,n,r){if(r=r||!1,e.addEventListener)e.addEventListener(t,n,r);else{if(!e.attachEvent)return!1;e.attachEvent("on"+t,n)}}function g(e,t,n,r){if(r=r||!1,e.removeEventListener)e.removeEventListener(t,n,r);else{if(!e.detachEvent)return!1;e.detachEvent("on"+t,n)}return!0}function v(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")}function m(t,n){var r=!0;if(0<n.indexOf(" "))return n.split(" ").forEach(function(e){r=r&&m(t,e)}),r;var e=function(e){e&&r&&(r=e.classList?n&&e.classList.contains(n):!!e.className&&new RegExp("(?:^|\\s+)"+v(n)+"(?:\\s+|$)").test(e.className))};return t&&t.forEach?t.forEach(e):e(t),r}function h(){var e=o.performance||{},t=e.getEntriesByType;return!!r||(e&&e.timing?0<e.timing.loadEvent

{
  "contains_trigger_text": true,
  "trigger_text": "Best Credit Cards 0 APR - Best Credit Cards 0 APR",
  "prominent_button_name": "Visit Website",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Find Best Credit Cards 0 APR - Best Credit Cards 0 APR",
  "prominent_button_name": "Visit Website",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "TRYD.PRO"
  ]
}

{
  "brands": [
    "Tryd.pro",
    "Yahoo",
    "Infotofind"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://search.yahoo.com

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}