PULSE NAME
OSINT Volley 2025-12-16 - ClearFake/Formbook/Unknown malware
WHITE pduggusa 2025-12-16 Modified: 2026-01-15
141
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(153), Formbook(130), Unknown malware(77), Meterpreter(50), Cobalt Strike(34). Source: abuse.ch ThreatFox API. SSL enriched: 34 IPs with HTTPS, 15 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
Indicators of Compromise (141)
All hostname URL domain
TYPEINDICATORDESCRIPTIONCREATED
hostname ripple.fur5hst0the.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 72.ko1osunde2d.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname shift.ko1osunde2d.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname spark.ko1osunde2d.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname qdn2a.ko1osunde2d.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
URL https://www.seydap.gr/ ThreatFox: Unknown malware - payload_delivery 2025-12-16
hostname 5fvhf.a1mond0prit.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname pixel.a1mond0prit.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname l9.a1mond0prit.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 3tqe7.a1mond0prit.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname jazz.fo0lrati0n.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname odd.fo0lrati0n.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
URL https://lumis.lt/ ThreatFox: Unknown malware - payload_delivery 2025-12-16
URL https://fastsolution.asia/ ThreatFox: Unknown malware - payload_delivery 2025-12-16
hostname omega.fo0lrati0n.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname almond.fo0lrati0n.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname m3a0z.idi0tnau8h.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname endpoint.digitalpointsec.org ThreatFox: Unknown malware - botnet_cc 2025-12-16
hostname artist.idi0tnau8h.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
domain asj99.com ThreatFox: AsyncRAT - botnet_cc 2025-12-16
domain asj77.com ThreatFox: AsyncRAT - botnet_cc 2025-12-16
domain asj88.com ThreatFox: AsyncRAT - botnet_cc 2025-12-16
hostname nifty.warzonedns.com ThreatFox: Remcos - botnet_cc 2025-12-16
hostname 0u.idi0tnau8h.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 6cqyk.idi0tnau8h.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 7uy.re5onwi1ling.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
domain bastroiklodasertjuyer.com ThreatFox: Latrodectus - botnet_cc 2025-12-16
domain giakloirtyuilokasdf.com ThreatFox: Latrodectus - botnet_cc 2025-12-16
domain hpolokolasolakiprijions.com ThreatFox: Latrodectus - botnet_cc 2025-12-16
hostname fcn.re5onwi1ling.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname loop.re5onwi1ling.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
URL http://43.156.137.45:443/jquery-3.3.1.min.js ThreatFox: Cobalt Strike - botnet_cc 2025-12-16
hostname delta.re5onwi1ling.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname ys.jazzm1s8uid.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname reson.jazzm1s8uid.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname human.jazzm1s8uid.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname qjx5z.jazzm1s8uid.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname vyrf.qu2rv0lts.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname alpha.qu2rv0lts.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname val.chadamaite.com ThreatFox: Vidar - botnet_cc 2025-12-16
hostname val.asrkala.top ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://val.chadamaite.com/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://val.asrkala.top/ ThreatFox: Vidar - botnet_cc 2025-12-16
hostname 9tkz.qu2rv0lts.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname oz.qu2rv0lts.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 95e.r2zin5pir.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname wh7.r2zin5pir.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname volt.r2zin5pir.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname t0.r2zin5pir.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname q3n.fumb1eim2ge.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname ghost.fumb1eim2ge.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname bold.fumb1eim2ge.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname trace.fumb1eim2ge.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname szpf.pl0tchisel.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname loop.pl0tchisel.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 1r18.pl0tchisel.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname top.chadamaite.com ThreatFox: Vidar - botnet_cc 2025-12-16
hostname top.asrkala.top ThreatFox: Vidar - botnet_cc 2025-12-16
hostname kit.chadamaite.com ThreatFox: Vidar - botnet_cc 2025-12-16
hostname kit.asrkala.top ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://kit.chadamaite.com/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://kit.asrkala.top/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://top.chadamaite.com/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://top.asrkala.top/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://46.224.26.34/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://157.180.113.244/ ThreatFox: Vidar - botnet_cc 2025-12-16
URL https://185.208.158.230/ ThreatFox: Vidar - botnet_cc 2025-12-16
hostname k9.pl0tchisel.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname ocnbn.fog-tangent.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname 1yy.fog-tangent.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname tangent.fog-tangent.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname knit.fog-tangent.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname pixel.v1braclaw.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
URL http://42.193.243.230:8899/ySIH ThreatFox: Cobalt Strike - botnet_cc 2025-12-16
hostname m9q9.v1braclaw.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
hostname u89.v1braclaw.ru ThreatFox: ClearFake - payload_delivery 2025-12-16
domain fsglobe.com ThreatFox: FAKEUPDATES - payload_delivery 2025-12-16
domain relatedsinsportycreiwer.site ThreatFox: Lumma Stealer - botnet_cc 2025-12-16
domain soundtu.sb ThreatFox: Lumma Stealer - botnet_cc 2025-12-16
hostname hazeontop555-51161.portmap.host ThreatFox: XWorm - botnet_cc 2025-12-16
hostname malware.brighttv.in.net ThreatFox: Quasar RAT - botnet_cc 2025-12-16
hostname www.oreenheintznotary.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.otelsnearbrentfordstadium.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.otget.net ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ovisque.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.pavk23.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.portmore-iq.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.r5boj.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ritify.info ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.rjvc.cn ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.rternhouse.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.sgx60.shop ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ssessxtratrades.ltd ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.stra.parts ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.t2wjl8x.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.umespot.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.yla6phe.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ytegs.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.zlbk7uj.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.zm7.top ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.zmoonshots.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.heiliao.wiki ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.heroplu.xyz ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.hillipsakers.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.horncast.se ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.hpsvifx.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.i7u6fiq.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.iile.cn ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.indowblindsbd.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.infastvnauto.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ioneerindustriesllc.net ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.itoolstown.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.kwj9ys.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.lirionis.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.mnwp51y.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.n2s37.shop ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.oa6yi73.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.oadsidearmor.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.obsonadv.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.oodgutbug.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.oohook.net ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ordfilmpyr.lat ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.4er.online ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.5vip5.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.5x15yrz.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.7xj4xi.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.a2sbn1y.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ainedcapital.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.apwzfssh.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.atecards.pro ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.atio.ee ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.dityahd.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.eadpoint.xyz ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ebyarhgo9.info ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.egalsandstone.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.enjajackpot168.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.eojgm2.bond ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.erkshireriskservices.ai ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.eucaixaapp.com.br ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.ffortlessrules.com ThreatFox: Formbook - botnet_cc 2025-12-16
hostname www.fnciu.bond ThreatFox: Formbook - botnet_cc 2025-12-16