Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

276
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#explorewithanyrun

0 posts0 participants0 posts today
ANY.RUN<p>🚨 New <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> scam targets US users with fake MS Defender and CloudFlare pages.<br>⚠️ The scam page is hosted on a domain registered back in 2006, pretending to be the Indo-American Chamber of Commerce.<br>🎯 The <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> page loads only for US-based victims, as observed during analysis with a residential IP in <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> Sandbox. </p><p>👨‍💻 Analysis session: <a href="https://app.any.run/browses/50395c46-41f5-4bb3-8205-61262ef4e63d/?utm_source=mastodon&amp;utm_medium=article&amp;utm_campaign=clickfix_scam&amp;utm_term=160425&amp;utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/browses/50395c46-4</span><span class="invisible">1f5-4bb3-8205-61262ef4e63d/?utm_source=mastodon&amp;utm_medium=article&amp;utm_campaign=clickfix_scam&amp;utm_term=160425&amp;utm_content=linktoservice</span></a></p><p>📍 URL: iaccindia[.]com<br>The page hijacks the full-screen mode and displays a fake “Windows Defender Security Center” popup. </p><p>🎭 It mimics the Windows UI, locks the screen, and displays urgent messages to panic the user. </p><p>Victims are prompted to call a fake tech support number (+1-…), setting the stage for further exploitation. </p><p>🎣 The phishing page may also display a fake CloudFlare message tricking users to execute a <a href="https://infosec.exchange/tags/malicious" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malicious</span></a> Run command. <br>Take a look: <a href="https://app.any.run/tasks/e83a5861-6006-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&amp;utm_medium=article&amp;utm_campaign=clickfix_scam&amp;utm_term=160425&amp;utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/e83a5861-600</span><span class="invisible">6-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&amp;utm_medium=article&amp;utm_campaign=clickfix_scam&amp;utm_term=160425&amp;utm_content=linktoservice</span></a></p><p><a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>: <br>supermedicalhospital[.]com <br>adflowtube[.]com <br>knowhouze[.]com <br>ecomicrolab[.]com <br>javascripterhub[.]com <br>virtual[.]urban-orthodontics[.]com </p><p>Streamline threat analysis for your SOC with <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> 🚀 <br><a href="https://infosec.exchange/tags/ExploreWithANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ExploreWithANYRUN</span></a></p>
ExploreLive feeds
About