This page simulates a ClickFix social engineering attack — a technique where victims are tricked into running malicious commands themselves by disguising them as routine verification steps.
In this demo the payload is completely harmless: it will only open Notepad and type "You have been hacked".
How the demo works:
Users see a fake Cloudflare verification page
They click "Copy fix" — the command is silently placed in their clipboard
They are instructed to press Win+R and paste the command
Running it opens Notepad and types the message
Click the button below to reveal the fake page to your audience.
A browser check is preventing you from accessing this site. Please complete the verification below to continue.
1
Click "Copy fix" below to copy the verification code to your clipboard.
2
Press Win + R on your keyboard to open the Run dialog.
3
Press Ctrl + V to paste, then press Enter.
This verification expires in 3:00 minutes.
⚠️ [INSTRUCTOR] — What just happened:
The following command was silently copied to the clipboard:
If pasted into Run (Win+R) and executed, this would open Notepad and type "You have been hacked".
In a real attack, this command would instead download and execute malware, create persistence, or exfiltrate credentials — all initiated by the victim themselves.