{ "type": "Domain", "indicator": "eventsdata-microsoft-live.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/eventsdata-microsoft-live.com", "alexa": "http://www.alexa.com/siteinfo/eventsdata-microsoft-live.com", "indicator": "eventsdata-microsoft-live.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4114733938, "indicator": "eventsdata-microsoft-live.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6894f62d1121db26437a3eee", "name": "\u201cCAPTCHAgeddon\u201d Unmasking the Viral Evolution of the ClickFix Browser-Based Threat", "description": "What began as a niche red-team trick posing as a harmless captcha challenge rapidly mutated into one of today\u2019s most dominant attack methods. Like a real-world virus variant, this new \u201cClickFix\u201d strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year. It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result - a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures.", "modified": "2025-09-06T18:03:44.493000", "created": "2025-08-07T18:53:33.547000", "tags": [ "clickfix", "google", "powershell", "clearfake", "dbscan", "guardio", "wordpress", "uuids", "narrative", "evasion", "cluster", "lumma stealer", "stealth", "june", "chaos", "clarity", "noise", "entropy", "shell" ], "references": [ "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClickFix", "display_name": "ClickFix", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 272, "hostname": 39 }, "indicator_count": 316, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68933138ab2c03a350e61156", "name": "ClickFix Malware Dominates Delivery Chains", "description": "", "modified": "2025-09-05T10:03:04.115000", "created": "2025-08-06T10:40:56.352000", "tags": [], "references": [ "Cyber Threat Advisory - ClickFix Malware Dominates Delivery Chains.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 23, "domain": 43, "hostname": 14 }, "indicator_count": 80, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "271 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "689339df5af76fd5f4d1e21d", "name": "ClickFix Malware Dominates Delivery Chains", "description": "", "modified": "2025-08-06T11:17:51.057000", "created": "2025-08-06T11:17:51.057000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 42, "hostname": 8 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "301 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Cyber Threat Advisory - ClickFix Malware Dominates Delivery Chains.pdf", "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Clickfix" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6894f62d1121db26437a3eee", "name": "\u201cCAPTCHAgeddon\u201d Unmasking the Viral Evolution of the ClickFix Browser-Based Threat", "description": "What began as a niche red-team trick posing as a harmless captcha challenge rapidly mutated into one of today\u2019s most dominant attack methods. Like a real-world virus variant, this new \u201cClickFix\u201d strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year. It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result - a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures.", "modified": "2025-09-06T18:03:44.493000", "created": "2025-08-07T18:53:33.547000", "tags": [ "clickfix", "google", "powershell", "clearfake", "dbscan", "guardio", "wordpress", "uuids", "narrative", "evasion", "cluster", "lumma stealer", "stealth", "june", "chaos", "clarity", "noise", "entropy", "shell" ], "references": [ "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClickFix", "display_name": "ClickFix", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 272, "hostname": 39 }, "indicator_count": 316, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68933138ab2c03a350e61156", "name": "ClickFix Malware Dominates Delivery Chains", "description": "", "modified": "2025-09-05T10:03:04.115000", "created": "2025-08-06T10:40:56.352000", "tags": [], "references": [ "Cyber Threat Advisory - ClickFix Malware Dominates Delivery Chains.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 23, "domain": 43, "hostname": 14 }, "indicator_count": 80, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "271 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "689339df5af76fd5f4d1e21d", "name": "ClickFix Malware Dominates Delivery Chains", "description": "", "modified": "2025-08-06T11:17:51.057000", "created": "2025-08-06T11:17:51.057000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 42, "hostname": 8 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "301 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "eventsdata-microsoft-live.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "eventsdata-microsoft-live.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780528876.5987449 }