← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-16 - ClearFake/Formbook/Unknown malware
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(153), Formbook(130), Unknown malware(77), Meterpreter(50), Cobalt Strike(34). Source: abuse.ch ThreatFox API. SSL enriched: 34 IPs with HTTPS, 15 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | ripple.fur5hst0the.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 72.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | shift.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | spark.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | qdn2a.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | https://www.seydap.gr/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| hostname | 5fvhf.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | pixel.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | l9.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 3tqe7.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | jazz.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | odd.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | https://lumis.lt/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| URL | https://fastsolution.asia/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| hostname | omega.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | almond.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | m3a0z.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | endpoint.digitalpointsec.org | ThreatFox: Unknown malware - botnet_cc | 2025-12-16 | |
| hostname | artist.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | asj99.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| domain | asj77.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| domain | asj88.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| hostname | nifty.warzonedns.com | ThreatFox: Remcos - botnet_cc | 2025-12-16 | |
| hostname | 0u.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 6cqyk.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 7uy.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | bastroiklodasertjuyer.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| domain | giakloirtyuilokasdf.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| domain | hpolokolasolakiprijions.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| hostname | fcn.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | loop.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://43.156.137.45:443/jquery-3.3.1.min.js | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-16 | |
| hostname | delta.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ys.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | reson.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | human.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | qjx5z.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | vyrf.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | alpha.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | val.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | val.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://val.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://val.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | 9tkz.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | oz.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 95e.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | wh7.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | volt.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | t0.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | q3n.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ghost.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | bold.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | trace.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | szpf.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | loop.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 1r18.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | top.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | top.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | kit.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | kit.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://kit.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://kit.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://top.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://top.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://46.224.26.34/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://157.180.113.244/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://185.208.158.230/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | k9.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ocnbn.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 1yy.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | tangent.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | knit.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | pixel.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://42.193.243.230:8899/ySIH | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-16 | |
| hostname | m9q9.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | u89.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | fsglobe.com | ThreatFox: FAKEUPDATES - payload_delivery | 2025-12-16 | |
| domain | relatedsinsportycreiwer.site | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-16 | |
| domain | soundtu.sb | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-16 | |
| hostname | hazeontop555-51161.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-16 | |
| hostname | malware.brighttv.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-16 | |
| hostname | www.oreenheintznotary.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.otelsnearbrentfordstadium.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.otget.net | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ovisque.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.pavk23.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.portmore-iq.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.r5boj.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ritify.info | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.rjvc.cn | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.rternhouse.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.sgx60.shop | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ssessxtratrades.ltd | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.stra.parts | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.t2wjl8x.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.umespot.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.yla6phe.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ytegs.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.zlbk7uj.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.zm7.top | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.zmoonshots.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.heiliao.wiki | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.heroplu.xyz | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.hillipsakers.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.horncast.se | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.hpsvifx.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.i7u6fiq.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.iile.cn | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.indowblindsbd.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.infastvnauto.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ioneerindustriesllc.net | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.itoolstown.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.kwj9ys.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.lirionis.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.mnwp51y.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.n2s37.shop | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.oa6yi73.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.oadsidearmor.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.obsonadv.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.oodgutbug.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.oohook.net | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ordfilmpyr.lat | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.4er.online | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.5vip5.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.5x15yrz.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.7xj4xi.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.a2sbn1y.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ainedcapital.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.apwzfssh.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.atecards.pro | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.atio.ee | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.dityahd.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.eadpoint.xyz | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ebyarhgo9.info | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.egalsandstone.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.enjajackpot168.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.eojgm2.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.erkshireriskservices.ai | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.eucaixaapp.com.br | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.ffortlessrules.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 | |
| hostname | www.fnciu.bond | ThreatFox: Formbook - botnet_cc | 2025-12-16 |