Pulse Detail — Threat Intelligence

PULSE NAME

ThreatFox Hunt: ClearFake IOCs - 2026-01-31

WHITE pduggusa 2026-01-31 Modified: 2026-03-02

IOCs

MEDIUM VOLUME

Automated ThreatFox hunt for ClearFake indicators. 33 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1189, T1204.002, T1566.002. Reference: https://analytics.dugganusa.com

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1189 T1204.002 T1566.002

MALWARE FAMILIES

ClearFake

Indicators of Compromise (32)

All URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/sdf	ClearFake payload_delivery - ThreatFox ID: 1738665	2026-01-31
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/forward	ClearFake payload_delivery - ThreatFox ID: 1738678	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/eth	ClearFake payload_delivery - ThreatFox ID: 1738684	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/cvx	ClearFake payload_delivery - ThreatFox ID: 1738688	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/var	ClearFake payload_delivery - ThreatFox ID: 1738713	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/zec	ClearFake payload_delivery - ThreatFox ID: 1738739	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/bra	ClearFake payload_delivery - ThreatFox ID: 1738742	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/hex	ClearFake payload_delivery - ThreatFox ID: 1738743	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/tor	ClearFake payload_delivery - ThreatFox ID: 1738745	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/das	ClearFake payload_delivery - ThreatFox ID: 1738760	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/zr0	ClearFake payload_delivery - ThreatFox ID: 1738761	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/st85	ClearFake payload_delivery - ThreatFox ID: 1738821	2026-01-31
domain	ofofoalalaladjrkrka.com	ClearFake payload_delivery - ThreatFox ID: 1738826	2026-01-31
domain	foamfasfkkfkfkfa.com	ClearFake payload_delivery - ThreatFox ID: 1738827	2026-01-31
domain	handsonatwork.co.uk	ClearFake payload_delivery - ThreatFox ID: 1738829	2026-01-31
hostname	wydannc6.v0xenharvest.ru	ClearFake payload_delivery - ThreatFox ID: 1738869	2026-01-31
hostname	hqej69yf.v0xenharvest.ru	ClearFake payload_delivery - ThreatFox ID: 1738870	2026-01-31
domain	captolls.com	ClearFake payload_delivery - ThreatFox ID: 1738884	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/gf22	ClearFake payload_delivery - ThreatFox ID: 1738913	2026-01-31
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/dav	ClearFake payload_delivery - ThreatFox ID: 1738932	2026-01-31
hostname	mvd0hzob.phyretools.ru	ClearFake payload_delivery - ThreatFox ID: 1739088	2026-01-31
hostname	ieuxq29f.phyretools.ru	ClearFake payload_delivery - ThreatFox ID: 1739089	2026-01-31
URL	https://cdn.jsdelivr.net/gh/www1day7/msdn/ltc	ClearFake payload_delivery - ThreatFox ID: 1739126	2026-01-31
hostname	syfs0mz4.graptagreeve.ru	ClearFake payload_delivery - ThreatFox ID: 1739132	2026-01-31
hostname	iiak3udi.graptagreeve.ru	ClearFake payload_delivery - ThreatFox ID: 1739133	2026-01-31
hostname	8p3sykdy.v0xenharvest.ru	ClearFake payload_delivery - ThreatFox ID: 1739134	2026-01-31
hostname	kkx90jas.v0xenharvest.ru	ClearFake payload_delivery - ThreatFox ID: 1739135	2026-01-31
hostname	88unxy7x.agingfrugally.digital	ClearFake payload_delivery - ThreatFox ID: 1739145	2026-01-31
hostname	xx4z5ilx.agingfrugally.digital	ClearFake payload_delivery - ThreatFox ID: 1739146	2026-01-31
hostname	r2rr3y5p.velostager.digital	ClearFake payload_delivery - ThreatFox ID: 1739204	2026-01-31
hostname	e4gdb4pt.velostager.digital	ClearFake payload_delivery - ThreatFox ID: 1739206	2026-01-31
URL	https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/nm12	ClearFake payload_delivery - ThreatFox ID: 1739263	2026-01-31

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch