← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-25 - ClearFake/Unknown malware/AsyncRAT
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(225), Unknown malware(59), AsyncRAT(28), Aisuru(21), Cobalt Strike(16). Source: abuse.ch ThreatFox API. SSL enriched: 38 IPs with HTTPS, 7 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | whistlesong.xyz | ThreatFox: Unknown Loader - botnet_cc | 2025-12-25 | |
| hostname | ij4s4.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4lg.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| domain | shannonmystiqueeldritch.com | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-25 | |
| hostname | mind.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 0cawm.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | http://svclsc.com/ms/index.php | ThreatFox: Amadey - botnet_cc | 2025-12-25 | |
| hostname | blb.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 3qdt.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 61qtv.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | k1.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | form.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | nexus.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 5s1.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qmiq.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | w0.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ob.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 9s.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | n7c5.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | j16.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | akshf.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7jy9.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | y9.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | util.advertising-platform.top | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-25 | |
| hostname | zym.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gj2.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | pj.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | vs.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | xjayj.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | q1ezk.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | fox.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| domain | trumpisperfect.com | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-25 | |
| domain | suhcare.live | ThreatFox: Unknown RAT - botnet_cc | 2025-12-25 | |
| domain | wochelp.top | ThreatFox: Unknown RAT - botnet_cc | 2025-12-25 | |
| hostname | vex.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gamma.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7nt.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qykr.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | https://garnevf.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-25 | |
| hostname | odm6j.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | api.78win88.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| hostname | download.78win88.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| domain | asj299.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj199.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj277.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj288.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj188.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | elsa3eed.dynalias.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj177.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | images.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | logs.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | cdn.ojxqy.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.ojxqy.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | logs.mx1.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.mx1.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | malware.sarahl.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | proxey.publicvm.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | transadvice.org | ThreatFox: Remcos - botnet_cc | 2025-12-25 | |
| hostname | teens-resource.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | hill-modern.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | iamg7bh-58861.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | mr4y9.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 0zlrw.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | line.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | me0.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | sqewtj.za.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | ehpgqp.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| hostname | 0v79.c2dmiumgho5t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | yju0.c2dmiumgho5t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | rvzvl.c2dmiumgho5t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | y7z3h.c2dmiumgho5t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | shadow.c2dmiumgho5t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 972d1.n2imenei8hbor.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | sba.n2imenei8hbor.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ekl.n2imenei8hbor.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4lj.n2imenei8hbor.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 56i3.n2imenei8hbor.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | wind.1ntrude7truha.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | a1d.1ntrude7truha.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4o.1ntrude7truha.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 50.1ntrude7truha.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | rain.1ntrude7truha.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 8f.entire1y5ming.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4hiyz.entire1y5ming.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gate.entire1y5ming.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | dw.entire1y5ming.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | lgq.entire1y5ming.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | bstsj.entert2inru8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | omega.entert2inru8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 8iyp.entert2inru8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | kc.entert2inru8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | cloud.entert2inru8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | hb999.comp0ser5kid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | dark.comp0ser5kid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | hollow.comp0ser5kid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | mv.comp0ser5kid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qvomu.comp0ser5kid.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | nujwg2.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| hostname | shield.s1ogan5timul.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | beta.s1ogan5timul.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | abd0r.s1ogan5timul.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | storm.s1ogan5timul.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | m9.s1ogan5timul.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | pjf.conf1dcorr0de.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | dx.conf1dcorr0de.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | zh.conf1dcorr0de.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | delta.conf1dcorr0de.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | kyalli3.testingweblink.com | ThreatFox: Havoc - botnet_cc | 2025-12-25 | |
| domain | messagepathconfirmation.download | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | bandizip.band | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | capframex.org | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | easeus.tech | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | ksdbmerge.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | magixvegaspro.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | trading-view.io | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | userbenchmark.tech | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | topazphoto.org | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | metatrader.forum | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | verdent-ai.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | wondersharerecoverit.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | ytddownloader.org | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | cakewallet-app.com | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | cefaz-notazsp.help | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 | |
| domain | cefaz-notazsp.click | ThreatFox: Unknown malware - botnet_cc | 2025-12-25 |