← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-02-12 - Quasar RAT/IClickFix/ClearFake
Automated OSINT sweep from ThreatFox. Top malware: Quasar RAT(1349), IClickFix(236), ClearFake(53), Havoc(47), AsyncRAT(40). Source: abuse.ch ThreatFox API. SSL enriched: 18 IPs with HTTPS, 9 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | plasma707.promoportal4.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | garnet88.promoportal4.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | marlin204.promoportal4.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| URL | https://captioz.shop/ | ThreatFox: Unknown malware - payload_delivery | 2026-02-12 | |
| hostname | nylon6burst.bonus7basket.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | cinder930.bonus7basket.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | sierra14.bonus7basket.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | tundra803.savvy3spree.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| domain | femboyservicesapi.xyz | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| hostname | opal57x.savvy3spree.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | adsijijofjiowef-59815.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-12 | |
| hostname | vortex641.savvy3spree.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | basil902.dealharbor2.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | 2.tcp.cpolar.top | ThreatFox: XWorm - botnet_cc | 2026-02-12 | |
| hostname | d71j5xk1.highlifeless.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | 65w6z13g.highlifeless.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | hexagon73.dealharbor2.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| domain | captioz.shop | ThreatFox: Unknown malware - payload_delivery | 2026-02-12 | |
| hostname | ads.yahoos.live | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| domain | elkodu.cc | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| hostname | icewf89vp.localto.net | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | drift8wave.coupon9cabin.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | aurora519.coupon9cabin.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | krypton62.coupon9cabin.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | nimbus93.overplaymarbles.com | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| URL | http://64.188.79.242/installerr/api/endpoint.php | ThreatFox: Amadey - botnet_cc | 2026-02-12 | |
| hostname | cobalt7.overplaymarbles.com | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | x1emanymengetveefbeca.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-02-12 | |
| hostname | zephyr41.overplaymarbles.com | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | x400l.ltangarorw.org | ThreatFox: Bashlite - botnet_cc | 2026-02-12 | |
| hostname | log-webcast.gl.at.ply.gg | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| hostname | cinder.way17call-in.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | powney.prd.redroselin.org | ThreatFox: Havoc - botnet_cc | 2026-02-12 | |
| hostname | sparrow.way17call-in.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | ubdz2y87f.localto.net | ThreatFox: XWorm - botnet_cc | 2026-02-12 | |
| hostname | dkl.primarycolors.org | ThreatFox: Vidar - botnet_cc | 2026-02-12 | |
| hostname | mosaic.pucker8reined.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | legendwaredump-50855.portmap.host | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| hostname | tamil.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | dmv.de.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | 6543.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | 6960.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| domain | hitclub-web.us.org | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | marketrasen.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | ahf.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | ryu.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | rrb.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | koh.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | 789p.uk.net | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | worldclass.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | hybrids.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | dyw.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | polytropos.eu.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | slrbi356-30384.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-12 | |
| hostname | lumen.pucker8reined.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | legendwaredump-62861.portmap.host | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| domain | laundrysyndicserai.com | ThreatFox: DeerStealer - botnet_cc | 2026-02-12 | |
| domain | futureentrepreneurhub.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | blazingtigerpower.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | stormfurycommandhqex.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | netrovalixsystems.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | silverlilysummer.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | energyefficienttools.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| hostname | administrator.corepulseworks.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | primeaiinfrastructure.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | nexustelecomltd.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | brightmorningsunrise.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | abqdealershipsnew.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | futureinnovationlab.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| hostname | administrator.smartlaunchzone.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| domain | proactiveitinfrastructure.com | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| hostname | vjdisnli.rightsisyphus.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | onx0xsoi.rightsisyphus.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | harbor.enter483pro.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| domain | hubjimfoodsales.shop | ThreatFox: Unknown RAT - botnet_cc | 2026-02-12 | |
| hostname | mneqg-31-41-90-253.a.free.pinggy.link | ThreatFox: Unknown malware - botnet_cc | 2026-02-12 | |
| domain | tv88-km.cyou | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| domain | tv88-vip.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| domain | kp88.ink | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| domain | ax88vn01.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | comet.enter483pro.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | api.genesisproj.org | ThreatFox: Unknown Stealer - botnet_cc | 2026-02-12 | |
| URL | https://psicogenealogia.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-02-12 | |
| URL | https://151.247.22.202/ | ThreatFox: Vidar - botnet_cc | 2026-02-12 | |
| domain | angry-toaster.com | ThreatFox: SantaStealer - botnet_cc | 2026-02-12 | |
| hostname | willow.art67quarrel.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | glacier.art67quarrel.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | monarch.dle759zone.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | angxo.kozow.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-12 | |
| hostname | nectar.dle759zone.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| domain | myghibligenerator.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-02-12 | |
| hostname | orbit.flash97all.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-12 | |
| hostname | victorlopes.agencialegalads.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | vayna.in.digitaljaydeep.in | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | usbirdrep.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | upbirdrep.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | trybirdrep.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | turkey-company.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | trybirdrank.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | thietbidiencongnghiep.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | thecatflix.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | hotgirltiktok.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | inspirec.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | poloidesign.com.75156372-90-20180116090518.webstarterz.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | youthvxolenceproject.com.springvillehomestead.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | winbee.jp | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | simz2.jp | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | shop.jlct.jp | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | abac-kompresszor.hu.technorollshop.hu | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | wagnertech.lu | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | businessthrust.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | account-captcha-id4234.cfd | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | satwikskincare.com.digitaljaydeep.in | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | yoursny.org | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | yarapon.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | xbox.sumillionaires.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | wp.zyratalk.co | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | winwinexpert.ru | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | vipbirdrep.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | volokno.net | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | webdisk.tamiltotamil.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | webmail.kasatnews.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | webdisk.giracoin.io | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | vietorigin.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| hostname | vidaedinheiro.com.agenciadelivearte.com.br | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | urzone.in | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | truongminhduc.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | tradesunjapan.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | taskageniusalamin.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | sp0t.biz | ThreatFox: IClickFix - botnet_cc | 2026-02-12 | |
| domain | tehahfandbtrading.com | ThreatFox: IClickFix - botnet_cc | 2026-02-12 |