Is minionlab.ai safe?

encoded payload

suspicious base64-like blobs detected in page content

phishing

1 deceptive links where visible host does not match destination host

social engineering

The site solicits users to install a downloadable application (MinionLab) and grant it access to their device's 'idle resources' to run autonomous agents that 'actively navigate the internet' on the user's behalf. This is a classic resource-hijacking pitch framed as passive income — users are socially engineered into installing software that uses their device and network for third-party data collection tasks without clear disclosure of what data is collected or sent. (location: page.html:1001-1040, section 'Minion Owners Manual' steps 1-3)

social engineering

Animated 'live' counters for online minions (starting at ~66,242), tasks completed (starting at ~23,217,137), and registrations are driven entirely by client-side JavaScript with hardcoded seed values incremented by random numbers. These figures are fabricated to create artificial social proof and urgency, manipulating users into believing a large active user base exists. (location: page.html:1949-2017 (JavaScript countUp blocks with hardcoded savedVal, savedVal2, registrationVal, minionVal))

hidden content

A download modal (class 'onboarding17_component') is rendered with 'display:none;opacity:0' — hidden from view by default. It contains download links including a Chrome extension link pointing to 'stream-ai-a-revolutionary' (ID: fgamijdhamopilihagheoalbifagafka) and a Google Play link for 'com.streamai.app', which are branded as 'Stream AI', not MinionLab. This hidden content presents a different product identity than the visible page brand. (location: page.html:1050-1143)

brand impersonation

Hidden download modal links to a Chrome Web Store extension titled 'Stream AI - A Revolutionary' (ID: fgamijdhamopilihagheoalbifagafka) and a Google Play app 'com.streamai.app', while the visible page exclusively brands itself as 'MinionLab'. The site announces Stream AI was 'rebranded as MinionLab' but the download endpoints still resolve to the old Stream AI identifiers, creating a brand mismatch that could mislead users about what software they are actually installing. (location: page.html:1067-1083 (Chrome Web Store and Google Play links in hidden modal))

malicious redirect

The page contains a Cloudflare challenge script injected via a hidden 1x1 invisible iframe that dynamically writes and appends a script tag pointing to '/cdn-cgi/challenge-platform/scripts/jsd/main.js'. While this is a known Cloudflare bot-management pattern, the implementation injects script content via innerHTML into a hidden iframe document, which is an obfuscated script execution pattern that could be abused or spoofed. (location: page.html:2075 (Cloudflare CF script at end of body); page-text.txt:1889)

social engineering

The page includes a prominent notice discouraging users from heeding antivirus warnings about the downloadable Windows installer, claiming the app is safe despite being unsigned. Asking users to bypass security warnings is a recognized social engineering technique used to facilitate installation of potentially harmful unsigned software. (location: page.html:1103-1118 ('Important Notice About Antivirus Warnings' block))

hidden content

The Windows download button in the hidden modal links to 'href="#"' (no actual download URL provided), while the Mac OS download links to 'https://file.minionlab.ai/MinionLab_aarch64.dmg'. The Windows installer link in the 'Continue' button resolves to 'https://file-minionlab.nsi.network/MinionLab_x64_en-US%20.msi' — a different domain ('nsi.network') from the main site ('minionlab.ai'), which could indicate a third-party or shadow distribution channel. (location: page.html:1084-1122 (Windows download href='#' and Continue button href to file-minionlab.nsi.network))