New #ClickFix scam targets US users with fake MS Defender and CloudFlare pages.
The scam page is hosted on a domain registered back in 2006, pretending to be the Indo-American Chamber of Commerce.
The #phishing page loads only for US-based victims, as observed during analysis with a residential IP in #ANYRUN Sandbox.
Analysis session: 
URL: iaccindia[.]com
The page hijacks the full-screen mode and displays a fake “Windows Defender Security Center” popup.
It mimics the Windows UI, locks the screen, and displays urgent messages to panic the user.
Victims are prompted to call a fake tech support number (+1-…), setting the stage for further exploitation.
The phishing page may also display a fake CloudFlare message tricking users to execute a #malicious Run command.
Take a look: https://app.any.run/tasks/e83a5861-6006-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice
#IOCs:
supermedicalhospital[.]com
adflowtube[.]com
knowhouze[.]com
ecomicrolab[.]com
javascripterhub[.]com
virtual[.]urban-orthodontics[.]com
Streamline threat analysis for your SOC with #ANYRUN 
#ExploreWithANYRUN
