Andy
LightNews LightNews
cyb3r-andy.bsky.social
Andy
@cyb3r-andy.bsky.social
6 followers 16 following 190 posts
Cybersecurity analyst. Imaginary friend.
Posts Replies Media Videos
Pinned
cyb3r-andy.bsky.social
Andy @cyb3r-andy.bsky.social · Jul 25
New #ClickFix technique observed on 2025-06-29:
Compromised website > #SmartApeSG > #ClickFix (new fake secure connection technique) > ???
Initial visit to compromised website. After clicking the "Fix it up" button. Command copied to the clipboard for potential victim to execute.
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-17

IOCs:
hxxps://leprixnet[.]com/3s3s[.]js
hxxp://193[.]149[.]187[.]146/a
December 22, 2025 at 11:31 PM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-17

IOCs:
hxxps://juicekumyre[.]com/relay/graphql-client[.]js
hxxps://ninkilji[.]com/Bachelor[.]pdf
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 22, 2025 at 11:30 PM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-17

IOCs:
cansupeker[.]com/d[.]js
jacketinno[.]top/relay/graphql-client[.]js
ninkilji[.]com/Bachelor[.]pdf
deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 22, 2025 at 11:30 PM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-16

IOCs:
hxxps://ibuyline[.]com/2d2d[.]js
hxxp://193[.]149[.]190[.]117/a
December 22, 2025 at 11:29 PM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-16

IOCs:
hxxps://flikappint[.]com/hydration/api-gateway[.]js
hxxps://lipsklips[.]com/emulator
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 22, 2025 at 11:28 PM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-16

IOCs:
cansupeker[.]com/d[.]js
jacketinno[.]top/hydration/api-gateway[.]js
lipsklips[.]com/emulator
deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 22, 2025 at 11:28 PM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-15

IOCs:
hxxps://fsglobe[.]com/1e1e[.]js
hxxp://193[.]149[.]190[.]117/a
December 22, 2025 at 11:27 PM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-12

IOCs:
hxxps://gozamba[.]com/2q2q[.]js
gcaptcha[@]checkhuman[.]top:79
December 21, 2025 at 1:20 AM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-11

IOCs:
hxxps://wwexp[.]com/1w1w[.]js
gcaptcha[@]captchaver[.]top:79
December 21, 2025 at 1:20 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-11

IOCs:
hxxps://cpajoliette[.]com/d[.]js
hxxps://closemonei[.]com/documents/processor[.]js
91[.]193[.]19[.]108:79
hxxps://midpils[.]com/yhb[.]jpg
December 21, 2025 at 1:19 AM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-10

IOCs:
hxxps://vimsltd[.]com/9o9o[.]js
cloudflare[@]cfcheckver[.]top:79
December 21, 2025 at 1:18 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-10

IOCs:
hxxps://piterjimbj[.]com/sick/network[.]js
91[.]193[.]19[.]108:79
hxxps://oipolfield[.]com/ikrs[.]pdf
December 21, 2025 at 1:18 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-10

IOCs:
hxxps://cpajoliette[.]com/d[.]js
hxxps://kuliboku[.]com/sick/network[.]js
91[.]193[.]19[.]108:79
hxxps://oipolfield[.]com/ikrs[.]pdf
December 21, 2025 at 1:17 AM
cyb3r-andy.bsky.social
Compromised website > #SocGholish > #FakeUpdates:

Date Observed: 2025-12-09

IOCs:
hxxps://platform[.]isystemsservices[.]com/2ntlJ6FZBk6+WV8V7U9JBakSAQXgSlwf7kxVF/ZZFwXgWQFBrAsAVr0XBAWn
hxxps://images[.]weightlosstonight[.]net/XgdK7BK3HCfM1NTjHQdfioToH0dbtc451v7D7cs3eBWT
December 21, 2025 at 1:16 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-09

IOCs:
hxxps://watchsmiler[.]com/clipper/dom-composer[.]js
85[.]158[.]111[.]53:79
December 21, 2025 at 1:16 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-09

IOCs:
hxxps://kuliboku[.]com/clipper/dom-composer[.]js
85[.]158[.]111[.]53:79
hxxps://possibleresc[.]com/Lol[.]pdf
December 21, 2025 at 1:15 AM
cyb3r-andy.bsky.social
Compromised website > #SocGholish > #FakeUpdates:

Date Observed: 2025-12-08

IOCs:
hxxps://platform[.]isystemsservices[.]com/2ntlJ6FZBk6+WV8V7U9JBakSAQXgSlwf7kxVF/ZZFwXgWQFBrAsAVr0XBAWn
hxxps://members[.]affiliateincomecoach[.]com/XgdK7BK3HCfM1NTjHQdfioToH0dbtc451v7D7cs3eBWT
December 21, 2025 at 1:14 AM
cyb3r-andy.bsky.social
Compromised website > #SocGholish > #FakeUpdates:

Date Observed: 2025-12-05

IOCs:
hxxps://cp[.]envisionfonddulac[.]biz/sWZKRMpEKS3VRHB2hlJmZsIPLmaLV3N8hlN9fZ1EOGaLRDk93BIrZsw=
hxxps://api[.]weightlosstonight[.]org/XgdK7BK3uhEGHIrVECWcHcfjHoEg1hzstc451v7D7cs3eBWT
December 14, 2025 at 12:06 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-05

IOCs:
hxxps://ritualex[.]com/accelerator/auth[.]token[.]js
hxxps://flvirals[.]com/pole
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 14, 2025 at 12:06 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-05

IOCs:
hxxps://sfmonte[.]com/accelerator/auth[.]token[.]js
hxxps://flvirals[.]com/pole
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 14, 2025 at 12:06 AM
cyb3r-andy.bsky.social
Compromised website > #SocGholish > #FakeUpdates:

Date Observed: 2025-12-04

IOCs:
hxxps://cp[.]envisionfonddulac[.]biz/O4ZClECkIf1fpHimDLJutkjvJrYBt3usD7FypBekMLYBpCf2Qf805k3sK/FP7SD2Texg6Q==
hxxps://request[.]affiliatesalesagent[.]com/XgdK7BK3HCfM1NTjHQdfioToH0dbtc451v7D7cs3eBWT
December 14, 2025 at 12:05 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-04

IOCs:
hxxps://nimbsjoa[.]com/ttt/tww[.]js
hxxps://canrtsem[.]com/blue
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 14, 2025 at 12:04 AM
cyb3r-andy.bsky.social
Compromised website > #SmartApeSG > #ClickFix:

Date Observed: 2025-12-04

IOCs:
hxxps://sfmonte[.]com/ttt/tww[.]js
hxxps://canrtsem[.]com/blue
hxxps://deregulatedenergy[.]com/fdg2[.]zip
039b88209b3fb51bc0b4915ab2a1490de34448c6f5bfb66ac0fa3a5fa16927e8
December 14, 2025 at 12:04 AM
cyb3r-andy.bsky.social
Compromised website > #KongTuke > #ClickFix:

Date Observed: 2025-12-03

IOCs:
hxxps://dsourceva[.]com/7h7h[.]js
hxxp://65[.]38[.]120[.]109/m
hxxp://65[.]38[.]120[.]109/222b
December 14, 2025 at 12:03 AM
cyb3r-andy.bsky.social
Compromised website > #SocGholish > #FakeUpdates:

Date Observed: 2025-12-03

IOCs:
hxxps://cp[.]envisionfonddulac[.]biz/O4ZClECkIf1fpHimDLJutkjvJrYBt3usD7FypBekMLYBpCf2Qf805k3sK/FP7SD2Texg6Q==
hxxps://email[.]whyyoushouldwalk[.]com/XgdK7BK3HCfM1NTjHQdfioToH0dbtc451v7D7cs3eBWT
December 14, 2025 at 12:02 AM