← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-31 - ClearFake/Unknown malware/Cobalt Strike
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(265), Unknown malware(143), Cobalt Strike(108), GootLoader(63), Sliver(62). Source: abuse.ch ThreatFox API. SSL enriched: 103 IPs with HTTPS, 17 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | secure.seketafrica.org | ThreatFox: FAKEUPDATES - botnet_cc | 2025-12-31 | |
| URL | https://www.adunion.se/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.beard-redfern.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.axpdresources.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.altenabrass.nl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://welchwrite.com/promise | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://welchwrite.com/cip | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.devenio.it/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.davidberger.net/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://www.4uproduction.com.hk/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://tv.german-mma.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.8ps.cz/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.assenmacher-koeln.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://tjongerruiters.nl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.capacitafinanziaria.net/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://viridissima.ch/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.bsdeboomgaard.be/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.centuryoftrading.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.8659.se/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.weiterbildungsblog.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://sv-oftering.at/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.bourse-du-travail.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.innerstudio.dk/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.8design.se/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.mecanizacionesguerrero.net/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://yestoday-piano-bar.fr/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://yourboxspring.nl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.yozgat10noluasm.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://zaklad.zoloautor.pl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://zeynox.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://zibergara.net/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www5.uva.es/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://wynajem.megatona.pl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://yagmurhaber.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://yasminbusko.pl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://towerfinance.co.uk/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.wakanoya.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://winfried-kropp.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.wingauto.co.jp/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://worksense.nl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.worldwealthbuilders.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www1.zonewebmaster.eu/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.smithcoinc.biz/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://taylorwebsolutions.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.tnpconsultants.ch/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.pasiekamichalki.pl/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://pathfindertravels.se/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://www.imkerei.email/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.io.xonos.net/clients/puptown/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.dimant.laena.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://www.ferienhausdehaanmieten.de/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://claritycontentservices.com/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://www.bonapartehotel.com.br/site/ | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| domain | setting.cc | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | https://72.62.59.160/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| URL | https://74.208.210.81/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| URL | https://18.176.47.246/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| URL | https://103.26.141.6/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| URL | https://159.223.94.233/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| hostname | jasm72mf.vagusbra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | goe0vvjr.vagusbra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | qzf73dvm.vagusbra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 8bj1fusi.vagusbra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | g9zj25k4.spikeslavage.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | gp0k9bqe.spikeslavage.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | jb4i8crw.spikeslavage.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 66ne34xh.spikeslavage.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | tki8tul2.rufousquet.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | ushvnei2.rufousquet.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 6qx100zp.rufousquet.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 6m1u3wjk.rufousquet.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | www.capacitafinanziaria.net | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | 7mqkvitp.rockyhigra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | epsbaram.rockyhigra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | du7fucn1.rockyhigra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 5p4p1e3g.rockyhigra.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 0m0923vi.ngotln.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | gza4ty6c.ngotln.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | lukf5b1i.ngotln.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 5rmovzm4.ngotln.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | www.altenabrass.nl | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | www.welchwrite.com | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | ctprometeus.chatutor.com | ThreatFox: AsyncRAT - botnet_cc | 2025-12-31 | |
| hostname | 48e3kq3j.neumechawl.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | xclur56f.neumechawl.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 46gnt473.neumechawl.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | rzyqvsjt.neumechawl.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | futuresmuseumdubai.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-31 | |
| hostname | www.fahrschule-br.de | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | www.aicinformatique.com | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | lj1a3x3o.maidalensesalvy.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | w5ukqj3l.maidalensesalvy.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | aea44iuf.maidalensesalvy.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | nge83ek3.maidalensesalvy.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| domain | veredictum.in.net | ThreatFox: AsyncRAT - botnet_cc | 2025-12-31 | |
| hostname | avg6wjm4.joggedyankedtetrao.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 1ohxr29l.joggedyankedtetrao.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | xsc6qjzi.joggedyankedtetrao.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | nyxfathz.joggedyankedtetrao.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| domain | h11uu.com | ThreatFox: Quasar RAT - botnet_cc | 2025-12-31 | |
| hostname | s0u8vtfv.camaslepleypixel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | hr8aedru.camaslepleypixel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | g4a5feks.camaslepleypixel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 02pyxy26.camaslepleypixel.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 0dmtxln9.afriteblurbcepes.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 23hb2h4l.afriteblurbcepes.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | lmklwnfv.afriteblurbcepes.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | vqomxuin.afriteblurbcepes.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| domain | 999slot.media | ThreatFox: AsyncRAT - botnet_cc | 2025-12-31 | |
| hostname | bt7klphp.love5w0rd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | uolu3j41.love5w0rd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 25orcs50.love5w0rd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 5ytgzg4j.love5w0rd.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 2en04iv0.m0tionpo7t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 7xupsxdd.m0tionpo7t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | a7d0nfbn.m0tionpo7t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | o3s97ug7.m0tionpo7t.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| URL | https://18.233.234.27/ | ThreatFox: Unknown malware - payload_delivery | 2025-12-31 | |
| hostname | www.dancesportacademy.nl | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | www.criticalcare-neurotrauma.ca | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | a6mgkosi.c0mediandu7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | w8v9ulxk.c0mediandu7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | jgub7ajj.c0mediandu7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | j9swe6up.c0mediandu7.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | e8jla7wl.u9putvirolo8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | kktz6llc.u9putvirolo8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | w7h3zk3z.u9putvirolo8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 4gqwfb17.u9putvirolo8.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| domain | youngtechcoorp.com | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | www.walkingholidays.co.za | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| URL | http://954591cm.nyashsens.top/externalImageVmJsProcesslongpollWindowsFlowerlocal.php | ThreatFox: DCRat - botnet_cc | 2025-12-31 | |
| hostname | 2ts4xbdl.inimit9adin2.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | frboe5t2.inimit9adin2.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | xzsccma2.inimit9adin2.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | wqwbqa5g.inimit9adin2.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | www.dgccollectors.com | ThreatFox: GootLoader - botnet_cc | 2025-12-31 | |
| hostname | npqxzvny.m2p5uck.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | lmz2bhta.m2p5uck.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | 881d04q9.m2p5uck.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | sitx4akf.m2p5uck.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | ukocpmma.offe7sawmi1.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | rs9b4h2k.offe7sawmi1.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | ibn00ky3.offe7sawmi1.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 | |
| hostname | z71buske.offe7sawmi1.ru | ThreatFox: ClearFake - payload_delivery | 2025-12-31 |