← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-25 - ClearFake/Unknown malware/AsyncRAT
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(237), Unknown malware(53), AsyncRAT(32), Cobalt Strike(15), Quasar RAT(14). Source: abuse.ch ThreatFox API. SSL enriched: 39 IPs with HTTPS, 9 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | ao.n1ghtflow.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 3dxd.n1ghtflow.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | u3u9.n1ghtflow.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 62spf.n1ghtflow.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | p7.stormm1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | z3.stormm1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 33y5t.stormm1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | lk51.stormm1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 1hm2.stormm1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 6fnuy.deepf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | dhtk.deepf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gzif.deepf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | http://77.110.123.23/ce369e7324834845.php | ThreatFox: Stealc - botnet_cc | 2025-12-25 | |
| hostname | xc7.deepf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | tu1.deepf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | x94.shadowm1st.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | pgt.shadowm1st.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | w0t.shadowm1st.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ebhm.shadowm1st.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | m7.shadowm1st.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 2hedr.rainsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 6dr.rainsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gelz.rainsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ez04d.rainsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4eie3.rainsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | oqs9.windl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 9rdg.windl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | n4.windl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 13va.windl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ox.windl1ne.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | http://95.164.123.123 | ThreatFox: Stealc - botnet_cc | 2025-12-25 | |
| hostname | starmls1234-61151.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | s7.frostsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | tqep6.frostsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | s3.frostsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | sdgp3.frostsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | yp.frostsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | sft.cl0udbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | jp2.cl0udbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | night.cl0udbreeze.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 5mao.skyfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | et.skyfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | hwr.skyfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ouu.skyfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 42b.skyfl0w.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | j9o9f.windsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | d9j.windsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ykf.windsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | kk.windsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | lgna.windsh1eld.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | aqmj4.deepc0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | kbn.deepc0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 1f.deepc0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | aq9.deepc0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ku.deepc0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | rvrc.darkw1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | lfm9.darkw1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7g.darkw1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | zuab.darkw1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | f5d6x.darkw1nd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qr8m.cl0udstone.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | k7.cl0udstone.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gieo.cl0udstone.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gn.cl0udstone.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | w51.cl0udstone.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7bc4p.n1ghtcrest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | http://62.60.226.159/geter/index.php | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-25 | |
| hostname | yvt.n1ghtcrest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 1y1zd.n1ghtcrest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | an7i.n1ghtcrest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 63.n1ghtcrest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 3ec2k.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 9wk.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | pixel.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | k459j.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| domain | whistlesong.xyz | ThreatFox: Unknown Loader - botnet_cc | 2025-12-25 | |
| hostname | ij4s4.bluef0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 4lg.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| domain | shannonmystiqueeldritch.com | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-25 | |
| hostname | mind.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 0cawm.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | http://svclsc.com/ms/index.php | ThreatFox: Amadey - botnet_cc | 2025-12-25 | |
| hostname | blb.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 3qdt.m1stypath.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 61qtv.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | k1.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | form.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | nexus.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 5s1.silentf0rest.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qmiq.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | w0.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | ob.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 9s.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | n7c5.rainf0rm.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | j16.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | akshf.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7jy9.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | y9.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | util.advertising-platform.top | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-25 | |
| hostname | zym.windf0x.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gj2.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | pj.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | vs.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | xjayj.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | q1ezk.cloudsh1ft.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | fox.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| domain | trumpisperfect.com | ThreatFox: Unknown Stealer - botnet_cc | 2025-12-25 | |
| domain | suhcare.live | ThreatFox: Unknown RAT - botnet_cc | 2025-12-25 | |
| domain | wochelp.top | ThreatFox: Unknown RAT - botnet_cc | 2025-12-25 | |
| hostname | vex.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | gamma.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 7nt.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | qykr.fori5po1u.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| URL | https://garnevf.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2025-12-25 | |
| hostname | odm6j.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | api.78win88.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| hostname | download.78win88.co.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-25 | |
| domain | asj299.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj199.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj277.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj288.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj188.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | elsa3eed.dynalias.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | asj177.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | images.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | logs.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.remont-center.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | cdn.ojxqy.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.ojxqy.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | logs.mx1.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | download.mx1.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | malware.sarahl.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| hostname | proxey.publicvm.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-25 | |
| domain | transadvice.org | ThreatFox: Remcos - botnet_cc | 2025-12-25 | |
| hostname | teens-resource.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | hill-modern.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | iamg7bh-58861.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-25 | |
| hostname | mr4y9.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 | |
| hostname | 0zlrw.lo5ermedi0c.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-25 |