{ "type": "Domain", "indicator": "softbasepc.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/softbasepc.com", "alexa": "http://www.alexa.com/siteinfo/softbasepc.com", "indicator": "softbasepc.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4114801069, "indicator": "softbasepc.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6894f62d1121db26437a3eee", "name": "\u201cCAPTCHAgeddon\u201d Unmasking the Viral Evolution of the ClickFix Browser-Based Threat", "description": "What began as a niche red-team trick posing as a harmless captcha challenge rapidly mutated into one of today\u2019s most dominant attack methods. Like a real-world virus variant, this new \u201cClickFix\u201d strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year. It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result - a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures.", "modified": "2025-09-06T18:03:44.493000", "created": "2025-08-07T18:53:33.547000", "tags": [ "clickfix", "google", "powershell", "clearfake", "dbscan", "guardio", "wordpress", "uuids", "narrative", "evasion", "cluster", "lumma stealer", "stealth", "june", "chaos", "clarity", "noise", "entropy", "shell" ], "references": [ "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClickFix", "display_name": "ClickFix", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 272, "hostname": 39 }, "indicator_count": 316, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Clickfix" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6894f62d1121db26437a3eee", "name": "\u201cCAPTCHAgeddon\u201d Unmasking the Viral Evolution of the ClickFix Browser-Based Threat", "description": "What began as a niche red-team trick posing as a harmless captcha challenge rapidly mutated into one of today\u2019s most dominant attack methods. Like a real-world virus variant, this new \u201cClickFix\u201d strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year. It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result - a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures.", "modified": "2025-09-06T18:03:44.493000", "created": "2025-08-07T18:53:33.547000", "tags": [ "clickfix", "google", "powershell", "clearfake", "dbscan", "guardio", "wordpress", "uuids", "narrative", "evasion", "cluster", "lumma stealer", "stealth", "june", "chaos", "clarity", "noise", "entropy", "shell" ], "references": [ "https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat", "https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClickFix", "display_name": "ClickFix", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 272, "hostname": 39 }, "indicator_count": 316, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "softbasepc.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "softbasepc.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780528416.3501158 }