🛡️ Nehboro Detection Test Suite

⚠️ For testing purposes only. These pages simulate various threats that Nehboro detects. They are harmless - they only contain fake text/UI and never execute real malicious code. Use them to verify the extension is working and to demo its detection capabilities. Open each page with the extension enabled.

🎯 ClickFix Family (7 pages)

Basic ClickFix Sequence

Win+R → Ctrl+V → Enter with PowerShell payload

CLICKFIX_FULL_SEQUENCE

Fake Cloudflare ClickFix

Cloudflare-branded fake CAPTCHA with verification ID

FAKE_CLOUDFLARE + FAKE_VERIFICATION_ID

Multilingual ClickFix (Spanish)

Spanish Opera browser error with "Copiar solución"

CLICKFIX_MULTILANG

Fake Meet - Audio Driver

"Your audio drivers are outdated" with fix command

CLICKFIX_PRETEXT + FAKE_MEETING

Missing Font + BSOD

Fake "missing font" prompt and Windows BSOD

CLICKFIX_PRETEXT + FAKE_ERROR_PAGE

FileFix (Explorer Address Bar)

Paste path into File Explorer address bar

FILEFIX + CLICKFIX_PRETEXT

Win+X Terminal ClickFix

BSOD recovery via Win+X → Terminal

CLICKFIX_FULL_SEQUENCE (Win+X variant)

🎣 Phishing & Impersonation (6 pages)

Browser-in-the-Browser (BitB)

Fake OAuth popup with inset URL bar

FAKE_URL_BAR + PHISHING_IMPERSONATION

DocuSign Device Code Phish

Fake DocuSign page with verification code

DEVICE_CODE_PHISH

Insecure HTTP Login

Login form submitted over HTTP

INSECURE_LOGIN

Lookalike / Typosquat Domain

Mentions of typosquatted domains

LOOKALIKE_TYPOSQUAT

Punycode Domain (IDN)

xn-- domain name indicator

PUNYCODE_DOMAIN

Raw IP Hosting

Suspicious content on raw IP address

RAW_IP_HOSTING

🆘 Tech Support Scams (8 pages)

Fake Antivirus Scan

Fake Windows Defender threats found

FAKE_ANTIVIRUS

Fake Error with Support Number

Error code + call this number scam

FAKE_ERROR_PAGE + SCAM_PHONE

Fake Windows UI Overlay

Imitation Windows dialogs/notifications

FAKE_OS_UI

Browser Lock / Fullscreen

Page attempts to lock the browser

BROWSER_LOCK + FULLSCREEN_SPAM

Print Dialog Spam

window.print() called repeatedly

PRINT_LOOP

Data Theft Scare

"Your personal data has been stolen"

DATA_THEFT_SCARE + IP_GEOLOCATION_SCARE

Multilingual Scam (French)

French-language tech support scam

SCAM_MULTILANG

Antivirus Dismissal Pretext

"Ignore Windows Defender warning, it's normal"

AV_DISMISSAL_PRETEXT

🧠 Social Engineering (6 pages)

Urgency + Countdown

"Act now! Only 5 minutes left!"

URGENCY + FAKE_COUNTDOWN

Fake Browser Update

"Chrome is outdated, update now"

FAKE_UPDATE + FAKE_BROWSER_ERROR

Fake Software Download

Fake Zoom/Teams/antivirus download page

FAKE_SOFTWARE_DL + FAKE_DOWNLOAD

Fake Social Proof

"2,847 people downloaded this today"

FAKE_SOCIAL_PROOF

Notification Permission Spam

Repeated requestPermission() calls

NOTIFICATION_SPAM

Alert/Confirm Dialog Spam

Repeated alert() calls

DIALOG_SPAM

🦠 Malware Indicators (8 pages)

Clipboard Hijack

Live clipboard.writeText interception

CLIPBOARD_HIJACK

PowerShell Payload

Encoded PowerShell commands in page

POWERSHELL_PAYLOAD + PS_ENCODED

LOLBin Commands

mshta, regsvr32, certutil references

LOLBIN_COMMAND

Verified Base64 Payload

Large base64 with decoded PowerShell

BASE64_PAYLOAD

JavaScript Obfuscation

Heavy eval / Function() chains

OBFUSCATION + EVAL_DYNAMIC

Crypto Wallet Address Swap

BTC/ETH/SOL addresses in page

CRYPTO_ADDRESS_SWAP + CRYPTO_WALLET

Credit Card Skimmer

Payment field + exfil pattern

CARD_SKIMMER_ENHANCED + FORMJACKING

Keylogger Pattern

Global keydown listener + POST

KEYLOGGER_PATTERN

🔍 Visual & Advanced (4 pages)

Visual Brand Impersonation

Microsoft/Google colors + logos on fake domain

VISUAL_BRAND_IMPERSONATION

ConsentFix / OAuth Consent

Fake OAuth consent with device code flow

CONSENTFIX

Browser Fingerprinting Abuse

Canvas/WebGL/audio fingerprinting

FINGER_ABUSE

History API Loop

pushState spam prevents back button

HISTORY_LOOP

📋 Combo Tests (1 page)

Full Scam Kit (Kitchen Sink)

Many detections at once for stress-testing

Multiple + BONUS_SCAM_FULLKIT

Nehboro Detection Test Suite · 40 test pages · Built for the Nehboro browser extension