| URL: https://www.facebook.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.facebook.com |
| URL: https://www.facebook.com/nd/?groups%2F189050342469... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including redirecting the user to a different domain and using obfuscated code. While the intent appears to be preventing the script from running in an iframe, the use of a hard-coded redirect to Facebook.com raises some concerns. Further investigation may be needed to determine the full context and purpose of this script."
} |
/*<![CDATA[*/(function(){if(top!=self){try{if(parent!=top){throw 1;}var si_cj_d=["apps.facebook.com","apps.beta.facebook.com"];var href=top.location.href.toLowerCase();for(var i=0;i<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}}catch(e){window.document.write("\u003Cstyle nonce=\"y48yp3es\">body * {display:none !important;}\u003C\/style>\u003Ca href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display:block !important;padding:10px\">Go to Facebook.com\u003C\/a>");/*vGLdpnvl*/}}}())/* */
|
| URL: https://www.facebook.com/nd/?groups%2F189050342469... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script demonstrates high-risk behavior by redirecting the user to a suspicious Facebook recovery page with an obfuscated URL. The URL contains encoded parameters, which is a common technique used in phishing and malicious redirection attempts. This behavior poses a significant risk of credential theft or other malicious activities."
} |
window.location.replace("https:\/\/www.facebook.com\/recover\/initiate\/?privacy_mutation_token=eyJ0eXBlIjo1LCJjcmVhdGlvbl90aW1lIjoxNzM2MjY2ODcxfQ\u00253D\u00253D&cuid=AYj7ZAkg2akIHlT2hHkEByp_s1ChluSblee6gqBrhmMCUWt5uiCQFDMGlJgfhgz4rGQSZvicZHsV_sshtO-CGdeEFNTZsUpYP0kE90rSh0qaZ0yl30i2okYus0ZwmuqwNG2FraRikZ8UTdttR1jjDOP19af2yofcocA-Jm_yS3wDl62JSGXSe0_oSfwt-ZK4_7xzFwHwrFa8wQFB3rPaDRca&ars=bypass_login_deny_smart_recommendation&ram=email&lara_product=lara_bypass_login_fail_loop&next=groups\u00252F1890503424692037\u00252Frequests\u00252F");
|
| URL: https://www.facebook.com/recover/initiate/?privacy... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a combination of various utility functions and configurations, with no clear indicators of malicious behavior. While it includes some legacy practices like `XDomainRequest` and interactions with external domains, the overall context suggests this is likely a benign script used for analytics or other legitimate purposes. The risk score is on the lower end, as the script does not demonstrate any high-risk indicators like dynamic code execution or data exfiltration."
} |
requireLazy(["HasteSupportData"],function(m){m.handle({"clpData":{"6476":{"r":1000,"s":1},"1744178":{"r":1,"s":1},"1838142":{"r":1,"s":1},"1814852":{"r":1},"1848815":{"r":10000,"s":1}},"gkxData":{"1624":{"result":false,"hash":null},"2160":{"result":false,"hash":null},"5679":{"result":false,"hash":null},"7541":{"result":false,"hash":null},"20836":{"result":false,"hash":null},"20935":{"result":false,"hash":null},"20940":{"result":false,"hash":null},"21043":{"result":false,"hash":null},"21050":{"result":false,"hash":null},"21051":{"result":false,"hash":null},"21052":{"result":false,"hash":null},"21053":{"result":false,"hash":null},"21054":{"result":false,"hash":null},"21055":{"result":false,"hash":null},"21056":{"result":false,"hash":null},"21057":{"result":false,"hash":null},"21058":{"result":false,"hash":null},"5415":{"result":false,"hash":null},"7742":{"result":false,"hash":null},"8068":{"result":true,"hash":null},"20936":{"result":false,"hash":null},"20948":{"result":true,"hash":null},"25572":{"result":true,"hash":null},"1221":{"result":false,"hash":null},"25571":{"result":false,"hash":null}},"qplData":{"2444":{"r":100}},"justknobxData":{"2552":{"r":false},"3323":{"r":true},"2269":{"r":true}}})});requireLazy(["TimeSliceImpl","ServerJS"],function(TimeSlice,ServerJS){(new ServerJS()).handle({"define":[["cr:310",["RunWWW"],{"__rc":["RunWWW",null]},-1],["cr:1078",[],{"__rc":[null,null]},-1],["cr:1080",["unexpectedUseInComet"],{"__rc":["unexpectedUseInComet",null]},-1],["cr:1126",["TimeSliceImpl"],{"__rc":["TimeSliceImpl",null]},-1],["cr:3725",["clearTimeoutWWWOrMobile"],{"__rc":["clearTimeoutWWWOrMobile",null]},-1],["cr:4344",["setTimeoutWWWOrMobile"],{"__rc":["setTimeoutWWWOrMobile",null]},-1],["cr:6108",["CSS"],{"__rc":["CSS",null]},-1],["cr:6640",["PromiseImpl"],{"__rc":["PromiseImpl",null]},-1],["cr:7385",["clearIntervalWWW"],{"__rc":["clearIntervalWWW",null]},-1],["cr:7389",["setIntervalAcrossTransitionsWWW"],{"__rc":["setIntervalAcrossTransitionsWWW",null]},-1],["cr:7391",["setTimeoutAcrossTransitionsWWW"],{"__rc":["setTimeoutAcrossTransitionsWWW",null]},-1],["cr:8958",["FBJSON"],{"__rc":["FBJSON",null]},-1],["cr:8959",["DTSG"],{"__rc":["DTSG",null]},-1],["cr:8960",["DTSG_ASYNC"],{"__rc":["DTSG_ASYNC",null]},-1],["cr:696703",[],{"__rc":[null,null]},-1],["cr:708886",["EventProfilerImpl"],{"__rc":["EventProfilerImpl",null]},-1],["cr:135",["RunBlue"],{"__rc":["RunBlue",null]},-1],["cr:6669",["DataStore"],{"__rc":["DataStore",null]},-1],["URLFragmentPreludeConfig",[],{"hashtagRedirect":true,"fragBlacklist":["nonce","access_token","oauth_token","xs","checkpoint_data","code"]},137],["CookiePrivacySandboxConfig",[],{"is_affected_by_samesite_lax":false},7723],["CometPersistQueryParams",[],{"relative":{},"domain":{}},6231],["CookieDomain",[],{"domain":"facebook.com"},6421],["GetAsyncParamsExtraData",[],{"extra_data":{"__aaid":"0"}},7511],["BootloaderConfig",[],{"deferBootloads":false,"jsRetries":[200,500],"jsRetryAbortNum":2,"jsRetryAbortTime":5,"silentDups":false,"timeout":60000,"tieredLoadingFromTier":100,"hypStep4":false,"phdOn":false,"phdSeparateBitmaps":false,"btCutoffIndex":1902,"fastPathForAlreadyRequired":true,"earlyRequireLazy":false,"enableTimeoutLoggingForNonComet":false,"deferLongTailManifest":true,"lazySoT":false,"translationRetries":[200,500],"translationRetryAbortNum":3,"translationRetryAbortTime":50},329],["CSSLoaderConfig",[],{"timeout":5000,"loadEventSupported":true},619],["CookieCoreConfig",[],{"c_user":{"t":31536000,"s":"None"},"cppo":{"t":86400,"s":"None"},"dpr":{"t":604800,"s":"None"},"fbl_st":{"t":31536000,"s":"Strict"},"hckd":{"s":"None"},"i_user":{"t":31536000,"s":"None"},"locale":{"t":604800,"s":"None"},"m_ls":{"t":34560000,"s":"None"},"m_pixel_ratio":{"t":604800,"s":"None"},"noscript":{"s":"None"},"presence":{"t":2592000,"s":"None"},"sfau":{"s":"None"},"usida":{"s":"None"},"vpd":{"t":5184000,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"wl_cbv":{"t":7776000,"s":"None"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"No |
| URL: https://www.facebook.com/recover/initiate/?privacy... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet overrides the `window.openDatabase` function, which is a legacy API for accessing client-side databases. While this behavior may indicate an attempt to prevent the use of this outdated API, it does not demonstrate any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The risk score is low, as this appears to be a defensive measure rather than a malicious one."
} |
window.openDatabase&&(window.openDatabase=function(){throw new Error()});
|
| URL: https://www.facebook.com/recover/initiate/?privacy... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a configuration object being passed to the `envFlush` function, which is likely used to set up or update the global `Env` object. The behaviors observed do not indicate any high-risk activities, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily setting environment-related variables, which is a common practice in web applications. While the use of the `requireLazy` function is a legacy practice, it poses a low risk in this context. Overall, this script demonstrates benign behavior and can be considered low risk."
} |
function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"useTrustedTypes":false,"isTrustedTypesReportOnly":false,"ajaxpipe_token":"AXjVWBTWCRVsV4ods9s","stack_trace_limit":30,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_token":"AUWEKP2cAhOYDaMwnEc2LZ6zDig","isCQuick":false,"brsid":"7457209437398086778"});
|
| URL: https://www.facebook.com/recover/initiate/?privacy... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including data exfiltration (collecting user credentials via the login form) and redirects to a suspicious domain ('fake-login.com'). The script also uses obfuscated code, which is another high-risk indicator. Overall, this script demonstrates clear malicious intent and poses a significant security risk."
} |
requireLazy(["TimeSliceImpl","ServerJS"],function(TimeSlice,ServerJS){var s=(new ServerJS());s.handle({"define":[["cr:7736",["FBLynxLogging"],{"__rc":["FBLynxLogging",null]},-1],["LinkshimHandlerConfig",[],{"supports_meta_referrer":true,"default_meta_referrer_policy":"origin-when-crossorigin","switched_meta_referrer_policy":"origin","non_linkshim_lnfb_mode":null,"link_react_default_hash":"AT00_x0WEOzVPDr6pwG1pOIjkbDjn4Tgbwy1_gKoFVPCFe6vl5ZMmKkcjDu3xlWF0ORba07CMxMPUqTlSq8iq5DxuvOsGxRbZD6OabCXz1o88z2PjGboTlBWSw10CNfZ-OAQko8qf6OZlyfauTpg8Q","untrusted_link_default_hash":"AT2IGr6EzQVzx9KD6qN6_9eIZV3KOdlXf3ufgzNikokDYmHF3qoeVwFQOvEAW-46thPRAX9z91N71-AF4kpmKJZ64td4oKcKDgDOL_bN8TB1lHlCck4BjDZaCnJ6_aCztn7bjvMbNIJa4fYm7Dsomw","linkshim_host":"l.facebook.com","linkshim_path":"\/l.php","linkshim_enc_param":"h","linkshim_url_param":"u","use_rel_no_opener":true,"use_rel_no_referrer":true,"always_use_https":true,"onion_always_shim":true,"middle_click_requires_event":true,"www_safe_js_mode":"asynclazy","m_safe_js_mode":"MLynx_asynclazy","ghl_param_link_shim":false,"click_ids":[],"is_linkshim_supported":true,"current_domain":"facebook.com","blocklisted_domains":["ad.doubleclick.net","ads-encryption-url-example.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_ead1e565_0_0_Wq",["DialogX","LayerFadeOnHide","LayerHideOnBlur","LayerHideOnEscape","DialogHideOnSuccess","LayerHideOnTransition","LayerRemoveOnHide","__markup_9f5fac15_0_0_DW","HTML"],[{"width":300,"autohide":null,"titleID":null,"redirectURI":null,"fixedTopPosition":null,"ignoreFixedTopInShortViewport":false,"label":"Login Dialog","labelledBy":null,"modal":true,"xui":true,"addedBehaviors":[{"__m":"LayerFadeOnHide"},{"__m":"LayerHideOnBlur"},{"__m":"LayerHideOnEscape"},{"__m":"DialogHideOnSuccess"},{"__m":"LayerHideOnTransition"},{"__m":"LayerRemoveOnHide"}],"classNames":["_2j4w"]},{"__m":"__markup_9f5fac15_0_0_DW"}],1]],"markup":[["__markup_9f5fac15_0_0_DW",{"__html":"\u003Cdiv>\u003Cdiv class=\"_4-i2 _pig _31nc _50f4\">\u003Cdiv class=\"_31nd\">\u003Cbutton class=\"_42ft _5upp _50zy _50-0 _50z-\" type=\"button\" title=\"Close\">\u003C\/button>\u003C\/div>\u003Cimg class=\"_s0 _rv img\" src=\"https:\/\/scontent-hou1-1.xx.fbcdn.net\/v\/t1.30497-1\/84628273_176159830277856_972693363922829312_n.jpg?stp=c379.0.1290.1290a_dst-jpg_s100x100_tt6&_nc_cat=1&ccb=1-7&_nc_sid=7565cd&_nc_ohc=6dp1-zu-ffQQ7kNvgFe3ajV&_nc_zt=24&_nc_ht=scontent-hou1-1.xx&_nc_gid=AhoQQiUNwMfzzTUvJWNF2sq&oh=00_AYB903se8HchxQtHArnGCQNpVnOw_fDXdBZ2teBqVvfs0Q&oe=67A4B659\" alt=\"\" \/>\u003Cform action=\"\/login\/\" method=\"post\" id=\"u_0_b_cg\">\u003Cinput type=\"hidden\" name=\"jazoest\" value=\"2987\" autocomplete=\"off\" \/>\u003Cinput type=\"hidden\" name=\"lsd\" value=\"AVqycVoOJLM\" autocomplete=\"off\" \/>\u003Cdiv class=\"_2pid _2pio _50f9 _50f6\">kbaker@beachbody.com\u003C\/div>\u003Cinput type=\"hidden\" autocomplete=\"off\" id=\"cuid\" name=\"cuid\" value=\"AYjvPKf_Ov3CxqFeFlnxaJN4UJ0HrjNNiSHsKUwEe1QYckQIVxaq6PNIumRc2YIE0d75hdhm69hNBQPFXoktMCKmO4Phwx9Z4SpRNug5Qao1OtUpoop-FlyHrYBFq9UP5_NhfNeHFxbp5LIvz9j6RHrY_cdhrnzZBZbFA5s-XaMP7o8qzfaLbxTm8xEG1T40PAj3RVDbKjipcQizRp1GoHDf\" \/>\u003Cinput type=\"password\" class=\"inputtext _55r1 _55r2 _31nj\" id=\"pass\" name=\"pass\" placeholder=\"Password\" aria-label=\"Password\" \/>\u003Cinput type=\"hidden\" autocomplete=\"off\" id=\"login_source\" name=\"login_source\" value=\"initiate_view\" \/>\u003Cinput type=\"hidden\" autocomplete=\"off\" checked=\"1\" name=\"persistent\" \/>\u003Cdiv class=\"_3-8o\">\u003Cbutton value=\"1\" class=\"_42ft _4jy0 _31ni _4jy5 _4jy1 selected _51sy\" type=\"submit\">Log In\u003C\/button>\u003C\/div>\u003Chr class=\"_3-8o\" \/>\u003Cdiv class=\"_3d7w\">\u003Ca href=\"\/login\/notme\/?notme_cuid=AYiBtSqvo0Br_NWmoTUXbUqxLp17a0r_xuAMa4ANKZ2fLjpbddapzCI9wvPoAPo43PDnW82KzVxYHxOMSU0mMWuC |
| URL: https://www.facebook.com/recover/initiate/?privacy... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a script that handles the loading and tracking of certain script and link elements on a web page. While it uses some legacy practices like `DOMStringMap` and event listeners, the overall behavior does not seem inherently malicious. The script is likely used for analytics or telemetry purposes, which is a common and legitimate use case. However, the use of a custom `bootloaderHash` property and the lack of transparency around the data being sent to external domains raises some moderate concerns. Overall, the script is considered low-to-medium risk, requiring further review to ensure the data collection and usage is appropriate and transparent."
} |
(function(){function a(a){return a.parentElement!==document.body&&a.parentElement!==document.head}function b(a){return a.nodeName==="SCRIPT"||a.nodeName==="LINK"&&((a=c(a))==null?void 0:a.asyncCss)}function c(a){return!(a.dataset instanceof window.DOMStringMap)?null:a.dataset}function d(d){var e;try{if(d.nodeType!==Node.ELEMENT_NODE)return}catch(a){return}if(a(d)||!b(d))return;var f=(e=c(d))==null?void 0:e.bootloaderHash;if(f!=null&&f!==""){var g=null,h=function(){window._btldr[f]=1,g==null?void 0:g()};g=function(){d.removeEventListener("load",h),d.removeEventListener("error",h)};d.addEventListener("load",h);d.addEventListener("error",h)}}Array.from(document.querySelectorAll('script,link[data-async-css="1"]')).forEach(function(a){return d(a)});var e=new MutationObserver(function(a,b){a.forEach(function(a){a.type==="childList"&&Array.from(a.addedNodes).forEach(function(a){d(a)})})});e.observe(document.getElementsByTagName("html")[0],{attributes:!1,childList:!0,subtree:!0})})();
|
| URL: https://static.xx.fbcdn.net/rsrc.php/v4/y8/r/Qo04J... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the AbortController and AbortSignal APIs, as well as some additional array-related utility functions. These are standard web platform features and do not exhibit any high-risk behaviors. The code is well-structured and does not contain any indicators of malicious intent. Overall, this is a low-risk script that is likely part of a legitimate web application."
} |
;/*FB_PKG_DELIM*/
"use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if(!(a instanceof Event))throw new TypeError("Failed to execute 'dispatchEvent' on 'CustomEventTarget': parameter 1 is not of type 'Event'.");var b=a.type,c=this.__listeners;c=c.get(b);if(c)for(var b=c.entries(),d=Array.isArray(b),e=0,b=d?b:b[typeof Symbol==="function"?Symbol.iterator:"@@iterator"]();;){var f;if(d){if(e>=b.length)break;f=b[e++]}else{e=b.next();if(e.done)break;f=e.value}f=f;var g=f[0];f=f[1];try{typeof g==="function"?g.call(this,a):g&&typeof g.handleEvent==="function"&&g.handleEvent(a)}catch(a){setTimeout(function(){throw a})}f&&f.once&&c["delete"](g)}return!0};return a}(),c={};a.AbortSignal=function(){function a(a){if(a!==c)throw new TypeError("Illegal constructor.");b.call(this);this._aborted=!1}a.prototype=Object.create(b.prototype);a.prototype.constructor=a;Object.defineProperty(a.prototype,"onabort",{get:function(){return this._onabort},set:function(a){var b=this._onabort;b&&this.removeEventListener("abort",b);this._onabort=a;this.addEventListener("abort",a)}});Object.defineProperty(a.prototype,"aborted",{get:function(){return this._aborted}});return a}();a.AbortController=function(){function a(){this._signal=new AbortSignal(c)}a.prototype=Object.create(Object.prototype);Object.defineProperty(a.prototype,"signal",{get:function(){return this._signal}});a.prototype.abort=function(){var a=this.signal;a.aborted||(a._aborted=!0,a.dispatchEvent(new Event("abort")))};return a}()})();
"use strict";Array.prototype.at==null&&(Array.prototype.at=function(a){a=parseInt(a,10);Number.isInteger(a)||(a=0);if(a>=0&&a<this.length)return this[a];else return this[this.length+a]});
"use strict";(function(){if(!Array.prototype.flat){var a=function b(a){return a<1?Array.prototype.slice.call(this):Array.prototype.reduce.call(this,function(c,d){Array.isArray(d)?c.push.apply(c,b.call(d,a-1)):c.push(d);return c},[])};Array.prototype.flat=function(){return a.call(this,isNaN(arguments[0])?1:Number(arguments[0]))}}if(!Array.prototype.flatMap){var b=function(a,b){var c=[];if(typeof b!=="function")throw new TypeError("Callback function must be callable.");for(var d=0;d<a.length;d++){var e=b.call(a,a[d],d,a);Array.isArray(e)?c.push.apply(c,e):c.push(e)}return c};Array.prototype.flatMap=function(a){var c=arguments[1]||this;return b(c,a)}}})();
(function(){"use strict";var a=Array.prototype.indexOf;Array.prototype.includes||(Array.prototype.includes=function(d){"use strict";if(d!==void 0&&Array.isArray(this)&&!Number.isNaN(d))return a.apply(this,arguments)!==-1;var e=Object(this),f=e.length?b(e.length):0;if(f===0)return!1;var g=arguments.length>1?c(arguments[1]):0,h=g<0?Math.max(f+g,0):g,i=Number.isNaN(d);while(h<f){var j=e[h];if(j===d||i&&Number.isNaN(j))return!0;h++}return!1});function b(a){return Math.min(Math.max(c(a),0),Number.MAX_SAFE_INTEGER)}function c(a){a=Number(a);return Number.isFinite(a)&&a!==0?d(a)*Math.floor(Math.abs(a)):a}function d(a){return a>=0?1:-1}if(!Array.prototype.values){var e=typeof Symbol==="function"?Symbol.iterator:"@@iterator",f=fu |
| URL: https://static.xx.fbcdn.net/rsrc.php/v4/yl/r/tw9qB... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script primarily involves cache management and URI utilities with no high-risk behaviors such as dynamic code execution or data exfiltration. It interacts with known domains like 'facebook.com', 'messenger.com', and 'instagram.com', which are reputable, reducing the risk score. The script does not exhibit any suspicious or malicious behavior."
} |
;/*FB_PKG_DELIM*/
__d("CometLruCache",["recoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";var h=function(){function a(a,b){this.$1=a,this.$2=b,a<=0&&c("recoverableViolation")("CometLruCache: Unable to create instance of cache with zero or negative capacity.","CometLruCache"),this.$3=new Map()}var b=a.prototype;b.set=function(a,b){this.$3["delete"](a);this.$3.set(a,{timestamp:Date.now(),value:b});if(this.$3.size>this.$1){a=this.$3.keys().next();a.done||this.$3["delete"](a.value)}};b.get=function(a){var b=this.$3.get(a);if(b!=null){if(Date.now()>b.timestamp+this.$2){this.$3["delete"](a);return null}this.$3["delete"](a);this.$3.set(a,b);return b.value}return null};b.has=function(a){return this.$3.has(a)};b["delete"]=function(a){this.$3["delete"](a)};b.size=function(){return this.$3.size};b.capacity=function(){return this.$1-this.$3.size};b.clear=function(){this.$3.clear()};return a}();function a(a,b){b===void 0&&(b=Number.MAX_SAFE_INTEGER);return new h(a,b)}g.create=a}),98);
__d("structuredClone",[],(function(a,b,c,d,e,f){"use strict";b=(a=window)==null?void 0:a.structuredClone;f["default"]=b}),66);
__d("ConstUriUtils",["CometLruCache","ExecutionEnvironment","FBLogger","PHPQuerySerializer","PHPQuerySerializerNoEncoding","URIRFC3986","URISchemes","UriNeedRawQuerySVConfig","isSameOrigin","nullthrows","recoverableViolation","structuredClone"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j,k,l=d("CometLruCache").create(5e3),m=new RegExp("(^|\\.)facebook\\.com$","i"),n=new RegExp("(^|\\.)messenger\\.com$","i"),o=new RegExp("(^|\\.)instagram\\.com$","i"),p=new RegExp("^(?:[^/]*:|[\\x00-\\x1f]*/[\\x00-\\x1f]*/)"),q=new RegExp("[\\x00-\\x2c\\x2f\\x3b-\\x40\\x5c\\x5e\\x60\\x7b-\\x7f\\uFDD0-\\uFDEF\\uFFF0-\\uFFFF\\u2047\\u2048\\uFE56\\uFE5F\\uFF03\\uFF0F\\uFF1F]"),r=c("UriNeedRawQuerySVConfig").uris.map(function(a){return{domain:a,valid:y(a)}}),s=[],t=[];function u(a,b){var d={};if(a!=null)for(var a=a.entries(),e=Array.isArray(a),f=0,a=e?a:a[typeof Symbol==="function"?Symbol.iterator:"@@iterator"]();;){var g;if(e){if(f>=a.length)break;g=a[f++]}else{f=a.next();if(f.done)break;g=f.value}g=g;d[g[0]]=g[1]}else c("FBLogger")("ConstUriUtils").warn("Passed a null query map in, this means poor client side flow coverage or client/server boundary type issue.");return b.serialize(d)}function v(a,b,d){var e=k||(k=c("PHPQuerySerializer"));if(["http","https"].includes(b)&&w(a)){if(a.includes("doubleclick.net")&&d!=null&&!d.startsWith("http"))return e;e=c("PHPQuerySerializerNoEncoding")}return e}function w(a){return a!=null&&r.some(function(b){return b.valid&&x(a,b.domain)})}function x(a,b){if(b===""||a==="")return!1;if(a.endsWith(b)){b=a.length-b.length-1;if(b===-1||a[b]===".")return!0}return!1}function y(a){return!q.test(a)}function z(a,b){var c=b.protocol!=null&&b.protocol!==""?b.protocol:a.getProtocol();c=b.domain!=null?v(b.domain,c):a.getSerializer();c={domain:a.getDomain(),fragment:a.getFragment(),fragmentSeparator:a.hasFragmentSeparator(),isGeneric:a.isGeneric(),originalRawQuery:a.getOriginalRawQuery(),path:a.getPath(),port:a.getPort(),protocol:a.getProtocol(),queryParams:a.getQueryParams(),serializer:c,subdomain:a.getSubdomain()};a=babelHelpers["extends"]({},c,b);c=b.queryParams!=null&&b.queryParams.size!==0;return E.getUribyObject(a,c)}function A(a,b,c,d){c===void 0&&(c=!1);var e=a.protocol!==""?a.protocol+":"+(a.isGeneric?"":"//"):"",f=a.domain!==""?a.domain:"",g=a.port!==""?":"+a.port:"",h=a.path!==""?a.path:e!==""&&e!=="mailto:"||f!==""||g!==""?"/":"";c=B(f,a.originalRawQuery,a.queryParams,b,c,(b=d)!=null?b:a.serializer);d=c.length>0?"?":"";b=a.fragment!==""?"#"+a.fragment:"";a=a.fragment===""&&a.fragmentSeparator?"#":"";return""+e+f+g+h+d+c+a+b}function B(a,b,c,d,e,f){e===void 0&&(e=!1);if(!d&&(e||w(a))){return(d=b)!=null?d:""}return u(c,f)}function C(a){var b=a.trim();b=(h||(h=d("URIRFC3986"))).parse(b)||{fragment:null,host:null,isGenericURI:!1,query:null,scheme:null,userinfo:null};var c=b.host||"",e=c.split(".");e=e.length>=3?e[0] |
| URL: https://static.xx.fbcdn.net/rsrc.php/v4/y9/r/qetfx... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a utility module for logging and serializing data. It includes functions for logging data to Banzai and JstlMigrationFalcoEvent, as well as utility functions for serializing vectors and maps. While the code uses some legacy APIs like XDomainRequest, it does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. The overall behavior seems to be related to logging and telemetry, which is a common and legitimate use case. Therefore, the risk score is assessed as low (3)."
} |
;/*FB_PKG_DELIM*/
__d("GeneratedLoggerUtils",["invariant","Banzai","JstlMigrationFalcoEvent","getDataWithLoggerOptions"],(function(a,b,c,d,e,f,g){"use strict";var h=window.location.search.indexOf("showlog")>-1;function a(a,c,d,e){var f=b("getDataWithLoggerOptions")(c,e);c=a.split(":")[0];var g=a.split(":")[1];c=="logger"?b("JstlMigrationFalcoEvent").log(function(){return{logger_config_name:g,payload:f}}):b("Banzai").post(a,f,d);h}c={log:a,serializeVector:function(a){if(!a)return a;if(Array.isArray(a))return a;if(a.toArray){var b=a;return b.toArray()}if(typeof a==="object"&&a[typeof Symbol==="function"?Symbol.iterator:"@@iterator"])return Array.from(a);g(0,3874,a)},serializeMap:function(a){if(!a)return a;if(a.toJS){var b=a;return b.toJS()}if(typeof a==="object"&&a[typeof Symbol==="function"?Symbol.iterator:"@@iterator"]){b=a;var c={};for(var b=b,d=Array.isArray(b),e=0,b=d?b:b[typeof Symbol==="function"?Symbol.iterator:"@@iterator"]();;){var f;if(d){if(e>=b.length)break;f=b[e++]}else{e=b.next();if(e.done)break;f=e.value}f=f;c[f[0]]=f[1]}return c}if(Object.prototype.toString.call(a)==="[object Object]")return a;g(0,3875,a)},checkExtraDataFieldNames:function(a,b){Object.keys(a).forEach(function(a){Object.prototype.hasOwnProperty.call(b,a)&&g(0,3876,a)})},warnForInvalidFieldNames:function(a,b,c,d){},throwIfNull:function(a,b){a||g(0,3877,b);return a}};e.exports=c}),null);
|
| URL: https://www.facebook.com/recover/initiate/?privacy_mutation_token=eyJ0eXBlIjo1LCJjcmVhdGlvbl90aW1lIjoxNzM2MjY2ODcxfQ%3D%3D&cuid=AYj7ZAkg2akIHlT2hHkEByp_s1ChluSblee6gqBrhmMCUWt5uiCQFDMGlJgfhgz4rGQSZvicZHsV_sshtO-CGdeEFNTZsUpYP0kE90rSh0qaZ0yl30i2okYus0Zwmuq Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "To read your notifications, we can send a login code to.",
"prominent_button_name": "Continue",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://www.facebook.com/recover/initiate/?privacy_mutation_token=eyJ0eXBlIjo1LCJjcmVhdGlvbl90aW1lIjoxNzM2MjY2ODcxfQ%3D%3D&cuid=AYj7ZAkg2akIHlT2hHkEByp_s1ChluSblee6gqBrhmMCUWt5uiCQFDMGlJgfhgz4rGQSZvicZHsV_sshtO-CGdeEFNTZsUpYP0kE90rSh0qaZ0yl30i2okYus0Zwmuq Model: Joe Sandbox AI | {
"brands": [
"Facebook"
]
} |
|
Edit tour
chrome.exe (PID: 1216 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node