← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-27 - Unknown malware/ClearFake/DragonForce
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(124), ClearFake(115), DragonForce(34), AsyncRAT(24), Aisuru(17). Source: abuse.ch ThreatFox API. SSL enriched: 72 IPs with HTTPS, 11 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (139)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | ares.uplus.co.kr | ThreatFox: Ares - botnet_cc | 2025-12-27 | |
| hostname | beautifulbumps.testingweblink.com | ThreatFox: Havoc - botnet_cc | 2025-12-27 | |
| hostname | ai2uuwqw.ecumen1sm0ff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | f94vb8l0.ecumen1sm0ff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zqdqgezv.ecumen1sm0ff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 7zxnifkk.ecumen1sm0ff.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| URL | https://124.70.99.232/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| hostname | pyeyen.za.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-27 | |
| hostname | tczflw.za.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| URL | https://43.157.56.250/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://159.223.105.127/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| domain | sarkariexamresult.in.net | ThreatFox: Quasar RAT - botnet_cc | 2025-12-27 | |
| hostname | xaesdb97.c2bba8etip.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | vrna7onz.c2bba8etip.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zfbbu8bs.c2bba8etip.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | l4r97zzd.c2bba8etip.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 5cw7rw2b.compres5text0l.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 8ouero1r.compres5text0l.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | iyhrsk8v.compres5text0l.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 83x6d0ks.compres5text0l.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 2sv9bgxa.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | inhibyln.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | fd4ol8zs.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | qfjal5xm.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 6warimna.preisdrop.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | tf72zgyh.preisdrop.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | nci5ab3x.preisdrop.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 6kl4y41v.preisdrop.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | github.ciberseguridad-eia.xyz | ThreatFox: Unknown malware - botnet_cc | 2025-12-27 | |
| hostname | api.ciberseguridad-eia.xyz | ThreatFox: Unknown malware - botnet_cc | 2025-12-27 | |
| hostname | liverfatdiet.stechdaily.com | ThreatFox: Havoc - botnet_cc | 2025-12-27 | |
| hostname | ctnodeexporter.chatutor.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| hostname | ctdify.chatutor.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| URL | https://banlieuefashion.com/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| hostname | p31dr0bs.dealzauber.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | z724fxb3.dealzauber.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | p6baqeca.dealzauber.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | ljogytxh.dealzauber.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| URL | http://130.12.180.20:59989/cat.sh | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| hostname | qjrkh8m1.savefalke.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | avatarcoder.ddns.net | ThreatFox: XWorm - botnet_cc | 2025-12-27 | |
| hostname | tspmo-40154.portmap.host | ThreatFox: XWorm - botnet_cc | 2025-12-27 | |
| hostname | hhgyqyai.savefalke.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | r4ojz98h.savefalke.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | yhkd41e4.savefalke.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | brightcleaners.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| URL | https://103.221.252.52/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://159.223.173.232/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://3.89.221.73/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://169.51.48.11/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://74.207.236.7/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| hostname | 9pbhrc3o.bargainbucht.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | cisun35q.bargainbucht.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 84sruvb9.bargainbucht.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | aacademica.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| hostname | 6g3xqw6s.bonusquelle.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| FileHash-MD5 | 2169e0dc6fbd8f8ca7b99a4e2125333b | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 027edad8db0e1abe6e88d073a9eb296a | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 3357b96f7baef169e28ed5a24ea79f59 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 1a13d520ee079d60c0c12062df8603a5 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | c835fbfaf4aff8e8c252bb0ef406ddeb | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 49874b7a63b6a46e3ec426a713d86b2a | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 1406e538fc441e89ce3d1747017f97a5 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | b8c046a7c3a28653662140bb2eaad32d | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 47808d596dab6ef8a05e529e1bf721ab | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | df802d7cfc8bd63e33d940ee99daed8d | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | c8a3953985d8d261bb3d48d2f3836d2b | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 57ba1e2960c1e866ce961acff1f8ae29 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 1300bacdbc80ac7237d36a91463756a5 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 19d69e198f1b8888d07eb612f1c27fa8 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 2171911cad8f83f35b3699eaaf30331a | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 74a97d25595ad73129fa946dc3156cec | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 8947dfad1fb06abd4a2bcffc7b54a2bd | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 7ceeb2208a50b1ef61fdec935d66e992 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 12e22f588f6128cf1a042d1122556cd2 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | e4a4fc96188310b7b07e7c0525b5c0aa | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 2dd7cd2bf15eec7d62689435fca9c49c | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 6241f16b5c466a46f925c0415ef38214 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | e84270afa3030b48dc9e0c53a35c65aa | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 9a4889237b6aa74e819d60fadb869f51 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 8bcd83352bbd52ca7bda998a52dd0e5c | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 70569247c1a50277840141ce7ed19d3d | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | ada4e228e982a7e309bb6a3308e4872d | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 333d79fc5f5d53d7f4fa285d588982ff | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 05f1a39c0902297debceb4c9c4c6674c | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | e67e7b8e0fb6baff4f25bb05dd5a5e21 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 3a6e2c775c9c1060c54a9a94e80d923a | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | cd54780ee2213a05468fa0d24eedd576 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 91acae0fff5ecbf0b65c3ddebb5a824a | ThreatFox: DragonForce - payload | 2025-12-27 | |
| FileHash-MD5 | 770c1dc157226638f8ad1ac9669f4883 | ThreatFox: DragonForce - payload | 2025-12-27 | |
| hostname | yyce0en9.bonusquelle.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | vml9rdmh.bonusquelle.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| FileHash-MD5 | 4b93b2341974f36c9e464632e94d68b3 | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | c9f3f7a6a36a43c295afa2352c97d1c3 | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | ef846baabc14fe461cff4c4a0fd5056f | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | 4566f5ba6d1a1db0dd7794ea8d791b3f | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | 66ca089cd347d18ae8ab200a4e7602a5 | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | 45ac577dcbf721988b49768497ba3bb8 | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| FileHash-MD5 | 826cc4ca915f9a49ec28b119a6655a5b | ThreatFox: Nova Stealer - payload | 2025-12-27 | |
| hostname | ispg4tzl.couponforge.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | bu7nil0q.couponforge.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | ozezesx1.couponforge.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| domain | svis.in.net | ThreatFox: DCRat - botnet_cc | 2025-12-27 | |
| hostname | yhlgut.za.com | ThreatFox: DCRat - botnet_cc | 2025-12-27 | |
| hostname | 7ylfs86u.perkmeister.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 4a4cn2sm.perkmeister.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 7b4m2pvx.perkmeister.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zylxz5wp.sparmarkt.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | c4y3itze.sparmarkt.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 4ry8jdls.sparmarkt.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 78win.it.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-27 | |
| hostname | fi8vr6q1.rabattkiste.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | dxyiz.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| hostname | general-invention.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-27 | |
| hostname | z22sc59w.rabattkiste.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | mhjmwloj.rabattkiste.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | d44vdnpu.dealblitz.qpon | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | w2q9lxtj.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | e6xa096z.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 2jznszsn.redf1ee7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | k2xyv9zj.s0ci0ltendency.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | a5ganxmg.s0ci0ltendency.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zxv70ud6.s0ci0ltendency.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | c22.yourbigbro.shop | ThreatFox: Cobalt Strike - botnet_cc | 2025-12-27 | |
| hostname | qm3y81ja.crypt5t2te.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zx5666xc.crypt5t2te.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | 80jm3i5h.crypt5t2te.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | p9xz8kwz.b2dmintonper5.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | j73qaq77.b2dmintonper5.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | zwssy2gy.b2dmintonper5.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| URL | https://169.50.189.146/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://82.165.173.192/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://216.92.226.14/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://167.86.117.147/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| URL | https://188.166.162.138/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-27 | |
| hostname | rq44wt3c.a9uedmu5eum.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | m6vc0q91.a9uedmu5eum.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | h8fd573x.a9uedmu5eum.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 | |
| hostname | b12mtww0.cerem0nyiwas1.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-27 |