Shattering the ClickFix-PySoxy Chain: Eight Adversary Steps, One Indicator Apiece

ReliaQuest published the ClickFix-PySoxy threat spotlight on May 12, 2026, naming seven indicators of compromise tied to a fileless PowerShell-RAT campaign that pivots through an open-source SOCKS5 proxy for command-and-control concealment. DugganUSA's GitHub-hunt and feed-ingest cron pipelines indexed all seven IOCs within twenty-four hours of vendor publication. Today, May 15, the customer-facing IP blocklist endpoint returns two thousand five hundred and ninety-eight enforcement-ready records to any firewall or DNS resolver consuming our STIX feed. This post is the practical demonstration of why that matters. The article walks through the eight adversary steps in the ClickFix-PySoxy intrusion chain and shows where each step terminates against a single indicator of compromise held by any defender consuming our feed.

The Campaign and Its Chain

ReliaQuest's writeup names a social-engineering vector that prompts the user to paste a PowerShell command into a Windows Run dialog, where the command pulls a stager from a remote host, which downloads a Python-compiled payload, which establishes command-and-control over a PySoxy proxy chain. The campaign re-uses infrastructure across all observed victims. The full chain has eight discrete operational steps. Each step requires a successful adversary action against a specific piece of remote infrastructure. Each piece of that remote infrastructure is now in DugganUSA's IOC index with a confidence score of eighty-five or higher and a source-pinned provenance tag of either reliaquest-clickfix-may2026 or feed-sslbl.

Step one is the compromised page load. The victim's browser fetches a page that has been silently injected with the ClickFix script. The script is hosted on overlateise.com. If the defender's DNS resolver is consuming the DugganUSA domains feed, the resolution for overlateise.com fails. The browser never loads the script. Step two never reaches the user.

Step two is the social-engineering prompt. The injected script renders a fake CAPTCHA or update prompt that tells the user to press Windows-R and paste a long encoded command. The prompt assumes the script reached the browser. Step one shattered, step two never executes.

Step three is the stager fetch. The PowerShell command opens a connection to strapness.com and pulls down the stager script. Strapness is in the domains feed. The defender's egress firewall, consuming the DugganUSA domain list, refuses the outbound resolution. The PowerShell command returns an error to the user, who closes the dialog. Step four never executes.

Step four is the payload download. The stager script reaches out to 206.206.103.106 on port 5000 to pull down a base64-compiled Python file called b64.pyc. The 206.206.103.106 host is in the IPs feed at confidence eighty-five with the source tag reliaquest-clickfix-may2026 and the threat type staging. Any firewall consuming our IP blocklist via OPNsense, pfSense, Suricata, the Cloudflare Edge Shield Worker, or a raw CSV pull blocks the outbound TCP connection. The PowerShell process throws a connection error and exits. The Python payload never lands.

Step five is the RAT execution. If the previous four steps somehow completed, the Python payload would establish command-and-control to 206.206.103.120, which is in the IPs feed at the same confidence and source. The outbound C2 connection fails at the firewall. The RAT has no command channel and cannot accept tasking. The intrusion is functionally dead at this point even if everything upstream succeeded.

Step six is the PySoxy proxy step. The RAT routes its outbound traffic through 167.99.158.97, which is a known PySoxy proxy destination listed in the same feed entry. The proxy connection fails identically to step five. There is no path for exfiltration.

Step seven is the secondary C2. The RAT has a fallback C2 endpoint at abledom.net. Abledom is in both the DugganUSA domains feed and the ThreatFox secondary correlation feed at confidence forty-nine with the same campaign tag. The fallback fails the same way.

Step eight is the wider Konni-cluster pivot. The 185.205.211.217 host on port 443 is tagged across ThreatFox and Feodo Tracker as a Konni botnet command-and-control endpoint and is cross-correlated to ClickFix infrastructure. It has been in the DugganUSA feed since March 31, 2026, six weeks before the ReliaQuest publication, sourced from feed-sslbl at confidence ninety. The adversary has no remaining infrastructure to pivot to within the campaign's known graph.

What This Looks Like in Practice

The defender does not need all seven indicators of compromise from the ClickFix-PySoxy campaign in order to stop the intrusion. The defender needs any single indicator that appears earlier in the chain than the adversary action they want to prevent. A defender who has overlateise.com in their DNS blocklist stops every downstream step at the page-load layer. A defender who has 206.206.103.106 in their egress firewall stops every step from the payload download forward. A defender who has 206.206.103.120 in their egress firewall stops every step from the RAT execution forward.

This is the operational shape of indicator-of-compromise-driven defense, and it is what makes the practical value of the feed asymmetric to the cost of consuming it. A customer running the Cloudflare Edge Shield Worker pulls our IP feed at the edge and applies block rules to customer-facing traffic before the request ever reaches the customer's origin. The eight-step ClickFix-PySoxy chain terminates inside Cloudflare's network, on infrastructure the customer does not even own. A customer running OPNsense or pfSense at the network egress pulls the same feed and applies block rules at the perimeter. The chain terminates at the firewall log, with a zero-impact denial event the security operator sees in the morning report rather than on a Monday-morning incident response call.

The Receipts and the Math

The DugganUSA STIX feed currently serves eighty-three thousand seven hundred and sixty-four indicator objects to authenticated consumers. The IP-only CSV endpoint at api.v1.stix-feed.ips.csv serves two thousand five hundred and ninety-eight enforcement-ready records sorted by recency. The full IOC index contains one point one five million records with source-pinned provenance and confidence scoring. The data lives on twenty-four point five seven million total documents across forty-four indexes on three hundred and eighty-four dollars per month of Azure compute, served through Cloudflare to two hundred and seventy-five threat-intel consumers in forty-six countries including Microsoft, AT&T, and Starlink. The seven ClickFix-PySoxy indicators were ingested twenty-four hours after vendor publication. Twenty-three zero-result queries against those specific terms were logged across the nine days before our coverage existed, surfacing the gap before customer pain produced a complaint. The customer feed went from zero objects served to ninety-thousand-plus served over the course of today's engineering session, after a multi-layer publishing-pipeline bug was diagnosed and shipped through revisions fifty-seven through sixty-three of the analytics container app. The receipts are in the deployment log.

What Defenders Should Do

If you operate a network and you do not currently consume an automated indicator-of-compromise feed at the firewall or DNS layer, you are paying for a perimeter that is doing less work than it could be. The DugganUSA feed is free at the public CSV tier and registered at the API tier. Cloudflare Edge Shield runs as a customer-deployed worker against our feed. OPNsense, pfSense, and Suricata consume the CSVs natively. The cost to operate is the time to wire up the pull. The benefit is that every chain shatters the moment any single link earlier in the adversary's sequence lands in our index, which today is approximately twelve thousand new indicators per twenty-four hours across the active sources.

The eight-step ClickFix-PySoxy chain is one campaign. The pipeline that caught it is the same pipeline that caught the TanStack supply chain compromise sixteen days before OpenAI was breached, the KongTuke Microsoft Teams pivot before the headline news landed, the JDownloader installer swap on May 6, and three hundred sixty-one named adversary profiles spanning state-sponsored and criminal groups. The architecture is not novel. The discipline of running it cheaply and serving it openly is.

On the Engineering Session That Produced Today's Receipt

This article was written and shipped at the end of an engineering session that exposed multiple silent-failure modes in the publishing pipeline between the IOC index and the customer-facing feeds. A wildcard-query parameter that produced literal star-character matches instead of placeholder searches. A meilisearch SDK version bump that silently changed parameter names from timeOutMs to timeout, capping every task-wait at five seconds when the code expected one hundred and twenty. A type-detection gap on legacy IOC records that meant filtering by type returned zero rows. An em-dash character embedded in an HTTP Link header that caused Node to throw on every CSV response. Each of those bugs lived in production silently for an unknown window. Each of them was diagnosed and fixed today. The customer-visible outcome is a non-empty IP blocklist, a STIX feed serving eighty-three thousand indicator objects, and an Edge Shield Worker that can now do its job. The internal cost was a difficult session that I will not pretend was clean. Patrick Duggan ran the session and made every adoy call by hand. The diagnosis methodology drifted multiple times. The fixes landed anyway.

If you operate critical infrastructure and you would rather have the feed running than not, the registration takes thirty seconds at analytics.dugganusa.com/stix/register. The free CSV tier is sufficient for OPNsense, pfSense, Suricata, and Edge Shield. The paid tiers add the STIX context graph and the Splunk-ES-compatible bundle. Either way, the chain shatters at link one when the data is where it needs to be. Today the data is where it needs to be.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com