arkose invisible loader
[ok]https://client-api.arkoselabs.com/v2/invisible/2.10.0/api.js ↗
- last ran
- 2026-06-29 19:21 utc
- (6d ago)
- last updated
- 2026-05-15 04:50 utc
- (1mo ago)
- size
- 71.7kb
- sha256
- cc819d159bde
- apis touched
- 146
- 146 raw
- bot tells
- 17
- sinks
- 1
- 0 leaked
- hazards
- 1
- structural
- 0
- anti-debug
- 0
- L3/L4 hazards
- consistency
- 0
- cross-checks
- providers
- 0
categories probed (8)
click a row to drill into every api the script probes in that category.
[+] document
3 apis · 2 tells · 7 hits[+] *.contentWindowhigh · bot-tell×1
details + source hits (1)
[+] document.currentScriptmedium · bot-tell×2
details + source hits (2)
[+] document.createElementlow×4
details + source hits (4)
[+] introspection
13 apis · 1 tells · 77 hits[+] Object.definePropertymedium×16
details + source hits (16)
[+] Object.getOwnPropertyDescriptormedium · bot-tell×14
details + source hits (14)
[+] Object.getOwnPropertyDescriptorsmedium×14
details + source hits (14)
[+] Object.getPrototypeOfmedium×5
details + source hits (5)
[+] *.__proto__medium×2
details + source hits (2)
[+] Object.setPrototypeOfmedium×2
details + source hits (2)
[+] Symbol.toStringTagmedium×2
details + source hits (2)
[+] *.toStringlow×6
details + source hits (6)
[+] Object.createlow×5
details + source hits (5)
[+] *.constructorlow×4
details + source hits (4)
[+] *.hasOwnPropertylow×3
details + source hits (3)
[+] Symbol.iteratorinfo×3
details + source hits (3)
[+] Symbol.toPrimitiveinfo×1
details + source hits (1)
[+] screen
4 apis · 0 tells · 6 hits[+] screen.heightlow×2
details + source hits (2)
[+] screen.widthlow×2
details + source hits (2)
[+] screen.availHeightlow×1
details + source hits (1)
[+] screen.availWidthlow×1
details + source hits (1)
[+] timing
3 apis · 0 tells · 33 hits[+] performance.getEntrieslow×2
details + source hits (2)
[+] Dateinfo×25
details + source hits (25)
[+] Date.nowinfo×6
details + source hits (6)
[+] storage
2 apis · 0 tells · 13 hits[+] *.keyslow×12
details + source hits (12)
[+] localStoragelow×1
details + source hits (1)
[+] css
1 apis · 0 tells · 2 hits[+] *.matchesinfo×2
details + source hits (2)
[+] media
1 apis · 0 tells · 2 hits[+] crypto.getRandomValuesinfo×2
details + source hits (2)
[+] events
1 apis · 0 tells · 6 hits[+] *.addEventListenerinfo×6
details + source hits (6)
bot-detection tells (3)
strong indicators of bot-detection intent. drill into the categories section below to inspect description, evasion notes, and source snippets for any tell.
network sinks (1)
every place the script could ship data off the page. expand a row to see headers and the traced payload entries.
[+] xhrPOST ano leaks
url source · a
location · L15:45002
payload · shape json
- <body>: literal challenge shown
JSON.stringify(A)
L.send(JSON.stringify(A))
dynamic-execution hazards (1)
anywhere the script puts code beyond static reach. eval, function, document.write, dynamic import. these are the holes script2builtins-runtime would fill.
- FunctionL15:7358
`Function` constructor compiles a string into a function. common eval-equivalent in fingerprinting blobs.
Function("r","regeneratorRuntime = r")