← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-16 - ClearFake/Formbook/Meterpreter
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(155), Formbook(130), Meterpreter(51), Unknown malware(41), Unknown RAT(34). Source: abuse.ch ThreatFox API. SSL enriched: 39 IPs with HTTPS, 17 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | ds5.sk2tear0und.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | a5iz3.sk2tear0und.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 4nj.5hri1luv.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://114.132.217.187:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2025-12-16 | |
| hostname | patch.5hri1luv.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ratio.5hri1luv.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ok2.5hri1luv.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 8whb.de1iainal0s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | amal.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| hostname | odgb.de1iainal0s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | fizz.de1iainal0s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | nova.de1iainal0s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | tu5l.cr2ftedne5s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | gamma.cr2ftedne5s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | tur.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | tur.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://tur.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://tur.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | k1.cr2ftedne5s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | beta.cr2ftedne5s.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 6ehj.duzhk2s1ob.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | https://jjjgaasda.live/api/config | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-16 | |
| URL | https://jjjgaasda.live/api/client | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-16 | |
| URL | https://steamcommunity.com/profiles/76561199000000002/ | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-16 | |
| domain | tetrasa.cfd | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-16 | |
| URL | https://www.dcamargobetoneiras.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| hostname | nexus.duzhk2s1ob.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | newdc35635.duckdns.org | ThreatFox: Mirai - botnet_cc | 2025-12-16 | |
| hostname | 8a.duzhk2s1ob.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | https://lumis.lt/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| URL | https://fastsolution.asia/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| URL | https://www.seydap.gr/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-16 | |
| hostname | image.duzhk2s1ob.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | db9.fur5hst0the.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | i6.fur5hst0the.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | blz.fur5hst0the.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://45.93.20.34/20e1a9f6de594e28.php | ThreatFox: Stealc - botnet_cc | 2025-12-16 | |
| hostname | ripple.fur5hst0the.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 72.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | shift.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | spark.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | qdn2a.ko1osunde2d.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 5fvhf.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | pixel.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | l9.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 3tqe7.a1mond0prit.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | jazz.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | odd.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | omega.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | almond.fo0lrati0n.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | m3a0z.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | endpoint.digitalpointsec.org | ThreatFox: Unknown malware - botnet_cc | 2025-12-16 | |
| hostname | artist.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | asj99.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| domain | asj77.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| domain | asj88.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-16 | |
| hostname | nifty.warzonedns.com | ThreatFox: Remcos - botnet_cc | 2025-12-16 | |
| hostname | 0u.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 6cqyk.idi0tnau8h.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 7uy.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | bastroiklodasertjuyer.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| domain | giakloirtyuilokasdf.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| domain | hpolokolasolakiprijions.com | ThreatFox: Latrodectus - botnet_cc | 2025-12-16 | |
| hostname | fcn.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | loop.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://43.156.137.45:443/jquery-3.3.1.min.js | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-16 | |
| hostname | delta.re5onwi1ling.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ys.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | reson.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | human.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | qjx5z.jazzm1s8uid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | vyrf.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | alpha.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | val.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | val.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://val.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://val.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | 9tkz.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | oz.qu2rv0lts.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 95e.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | wh7.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | volt.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | t0.r2zin5pir.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | q3n.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ghost.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | bold.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | trace.fumb1eim2ge.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | szpf.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | loop.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 1r18.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | top.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | top.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | kit.chadamaite.com | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | kit.asrkala.top | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://kit.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://kit.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://top.chadamaite.com/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://top.asrkala.top/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://46.224.26.34/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://157.180.113.244/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| URL | https://185.208.158.230/ | ThreatFox: Vidar - botnet_cc | 2025-12-16 | |
| hostname | k9.pl0tchisel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | ocnbn.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | 1yy.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | tangent.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | knit.fog-tangent.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | pixel.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| URL | http://42.193.243.230:8899/ySIH | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-16 | |
| hostname | m9q9.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| hostname | u89.v1braclaw.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-16 | |
| domain | fsglobe.com | ThreatFox: FAKEUPDATES - payload_delivery | 2025-12-16 | |
| domain | relatedsinsportycreiwer.site | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-16 | |
| domain | soundtu.sb | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-16 | |
| hostname | hazeontop555-51161.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-16 | |
| hostname | malware.brighttv.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-16 | |
| hostname | www.oreenheintznotary.com | ThreatFox: Formbook - botnet_cc | 2025-12-16 |