← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-23 - ClearFake/Unknown malware/AsyncRAT
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(189), Unknown malware(46), AsyncRAT(35), NetSupportManager RAT(22), Cobalt Strike(13). Source: abuse.ch ThreatFox API. SSL enriched: 33 IPs with HTTPS, 11 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | rpf.windsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | beta.darkm1nt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| domain | meetol.sbs | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-23 | |
| hostname | accounts.sentihey.dedyn.io | ThreatFox: Havoc - botnet_cc | 2025-12-23 | |
| hostname | ogs.sentihey.dedyn.io | ThreatFox: Havoc - botnet_cc | 2025-12-23 | |
| hostname | fonts.sentihey.dedyn.io | ThreatFox: Havoc - botnet_cc | 2025-12-23 | |
| hostname | vector.darkm1nt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | yap.darkm1nt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | xyyk.darkm1nt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | riod.darkm1nt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 7iml.silentl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | lnpw.silentl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 2f.silentl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | tsxw.silentl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | omega.silentl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | jmqk.softsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 4wl.softsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 8k.softsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | kvrv5.softsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | gamma.softsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | cliff.f1rewave.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | kjrif.f1rewave.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 802.f1rewave.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | spam.onthewifi.com | ThreatFox: NjRAT - botnet_cc | 2025-12-23 | |
| hostname | security.citystore.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | tpxyj-83-252-34-181.a.free.pinggy.link | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | v2.ctdrpu.za.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | vietkey.sarahl.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | safebrowsing.elijah.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | safebrowsing.pbcollege.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | safebrowsing.sunwin.moi | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | safebrowsing.amal.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | safebrowsing.star.co.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | delta.f1rewave.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | malware.safeguard.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | safe.safeguard.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| domain | safeguard.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | unikey.sarahl.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | unikey.sun.win | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | logs.koz2.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | api.koz2.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.koz2.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | 0028.duckdns.org | ThreatFox: Remcos - botnet_cc | 2025-12-23 | |
| hostname | money001.duckdns.org | ThreatFox: Remcos - botnet_cc | 2025-12-23 | |
| hostname | 4xm.f1rewave.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 818ne.storml1ght.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | layer.storml1ght.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | forest.storml1ght.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | core.storml1ght.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | nova.storml1ght.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | dark.cloudf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | t3vlw.cloudf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 78win88.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | shadow.cloudf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | hollow.cloudf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | beixn.dy-store.tech | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-23 | |
| hostname | flow.cloudf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| domain | roadyear.xyz | ThreatFox: Unknown Loader - botnet_cc | 2025-12-23 | |
| domain | rifledog.xyz | ThreatFox: Unknown Loader - botnet_cc | 2025-12-23 | |
| hostname | zs.bluef0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | nk.bluef0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | form.bluef0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | n3z.bluef0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | sct12.app.link | ThreatFox: Unknown malware - payload_delivery | 2025-12-23 | |
| domain | dekstop-app.app | ThreatFox: Unknown malware - payload_delivery | 2025-12-23 | |
| hostname | ersel33640.freedynamicdns.net | ThreatFox: DarkComet - botnet_cc | 2025-12-23 | |
| URL | https://selcukpeker.com/d.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| domain | selcukpeker.com | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | https://ourasolid.com/promise/scope.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | https://www.selcukpeker.com/d.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | https://ourasolid.com/promise/db.php | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | https://ourasolid.com/promise/json.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | http://79.141.172.212/request | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| URL | https://fuckingirlz.com/request | ThreatFox: NetSupportManager RAT - payload_delivery | 2025-12-23 | |
| domain | koz2.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | line.bluef0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | malware.sun.win | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | sarahl.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| domain | cryptocurrencyexchange24.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-23 | |
| domain | han-duck-soo-apologizes.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-23 | |
| hostname | y9zqm.m1stycliff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | nqr.m1stycliff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | sj.m1stycliff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | zqb9.m1stycliff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | dehw4.m1stycliff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | shield.cl0udriver.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | h26t3.cl0udriver.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | qoda.cl0udriver.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | alpha.cl0udriver.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | fire.cl0udriver.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| domain | miraisystem1337.xyz | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-23 | |
| URL | http://146.103.104.211/f999fb4b778f4b7a.php | ThreatFox: Stealc - botnet_cc | 2025-12-23 | |
| hostname | 0mp8j.n1ghtbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | forge.n1ghtbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | ember.n1ghtbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| URL | http://45.93.20.61/0462fab2d67b49d5.php | ThreatFox: Stealc - botnet_cc | 2025-12-23 | |
| hostname | airvcastro.duckdns.org | ThreatFox: Nanocore RAT - botnet_cc | 2025-12-23 | |
| hostname | blue.n1ghtbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | pixel.n1ghtbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | xet.kievholod.kiev.ua | ThreatFox: Vidar - botnet_cc | 2025-12-23 | |
| URL | https://raw.githubusercontent.com/machazoo/source/main/main.txt | ThreatFox: Unknown malware - payload_delivery | 2025-12-23 | |
| URL | http://103.143.81.175:19091/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2025-12-23 | |
| domain | wepay.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | www.slotmachinesno.sa.com | ThreatFox: vanillarat - botnet_cc | 2025-12-23 | |
| domain | digitalhari.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| URL | https://emierich.com/2o2o.js | ThreatFox: KongTuke - payload_delivery | 2025-12-23 | |
| domain | emierich.com | ThreatFox: KongTuke - payload_delivery | 2025-12-23 | |
| URL | https://emierich.com/js.php | ThreatFox: KongTuke - payload_delivery | 2025-12-23 | |
| hostname | gbb9.darkfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | ridge.darkfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | shift.darkfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | a6.darkfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | wke.darkfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | trace.skysh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | 9nn.skysh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | xw.skysh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | cloud.skysh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | river.skysh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | hafqes.hollowtweak.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | vuzmip.hollowtweak.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | dexqel.hollowtweak.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | jarxim.quartz-jolt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| domain | vigilantguildsatori.com | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-23 | |
| hostname | wodqis.quartz-jolt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | tufhel.quartz-jolt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | mepxuv.quartz-jolt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | zylqen.quartz-jolt.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | motherpure.duckdns.org | ThreatFox: Nanocore RAT - botnet_cc | 2025-12-23 | |
| hostname | tazmel.sn0cklebeam.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | logs.giftingbuddy.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | download.giftingbuddy.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | cdn.aref.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-23 | |
| hostname | download.iciba.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.chis.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.mingxing.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.21food.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | logs.rieege.mx | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.rieege.mx | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | bendecidos8624blessd.dynuddns.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | cdn.koz1.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | logs.koz1.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.koz1.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | cdn.egestx.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | download.egestx.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 | |
| hostname | vupxir.sn0cklebeam.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | qesdul.sn0cklebeam.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | sousssf-39168.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-23 | |
| hostname | harbex.sn0cklebeam.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| hostname | jivqam.sn0cklebeam.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-23 | |
| domain | nextra.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-23 |