https://potato.id/en/tags/threat-hunting/ Recent content in Threat Hunting on Jonias Fortuna Hugo en Mon, 01 Jun 2026 00:00:00 +0000 https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/ Sat, 16 May 2026 00:00:00 +0000 https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/ <h2 id="introduction">Introduction</h2> <p>That afternoon, one of my monitoring teammates casually mentioned a new alert: “Why is this user opening a Polygon crypto website?” That immediately caught my attention and I suspected the user had accessed a website infected with ClickFix.</p> <p>The suspicion became stronger because the user was not from the IT team and had no known involvement with cryptocurrency or Web3-related activities. In addition, a few days earlier we had investigated another incident where a user accidentally visited a ClickFix-infected website, which led to several IoCs, including connections to Web3 Polygon infrastructure used by the threat actor to host malware payloads.</p>