ANY.RUN<p>🚨 New <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> scam targets US users with fake MS Defender and CloudFlare pages.<br>⚠️ The scam page is hosted on a domain registered back in 2006, pretending to be the Indo-American Chamber of Commerce.<br>🎯 The <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> page loads only for US-based victims, as observed during analysis with a residential IP in <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> Sandbox. </p><p>👨💻 Analysis session: <a href="https://app.any.run/browses/50395c46-41f5-4bb3-8205-61262ef4e63d/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/browses/50395c46-4</span><span class="invisible">1f5-4bb3-8205-61262ef4e63d/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice</span></a></p><p>📍 URL: iaccindia[.]com<br>The page hijacks the full-screen mode and displays a fake “Windows Defender Security Center” popup. </p><p>🎭 It mimics the Windows UI, locks the screen, and displays urgent messages to panic the user. </p><p>Victims are prompted to call a fake tech support number (+1-…), setting the stage for further exploitation. </p><p>🎣 The phishing page may also display a fake CloudFlare message tricking users to execute a <a href="https://infosec.exchange/tags/malicious" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malicious</span></a> Run command. <br>Take a look: <a href="https://app.any.run/tasks/e83a5861-6006-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/e83a5861-600</span><span class="invisible">6-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice</span></a></p><p><a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>: <br>supermedicalhospital[.]com <br>adflowtube[.]com <br>knowhouze[.]com <br>ecomicrolab[.]com <br>javascripterhub[.]com <br>virtual[.]urban-orthodontics[.]com </p><p>Streamline threat analysis for your SOC with <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> 🚀 <br><a href="https://infosec.exchange/tags/ExploreWithANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ExploreWithANYRUN</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
261active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#explorewithanyrun
0 posts · 0 participants · 0 posts today
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload