Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-02-12 - Quasar RAT/IClickFix/ClearFake

WHITE pduggusa 2026-02-12 Modified: 2026-03-14

113

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Quasar RAT(1365), IClickFix(236), ClearFake(58), Havoc(49), AsyncRAT(38). Source: abuse.ch ThreatFox API. SSL enriched: 21 IPs with HTTPS, 10 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1059.001 T1219 T1056.001 T1105 T1189 T1204.002 T1566.002

MALWARE FAMILIES

Quasar RAT IClickFix ClearFake Havoc AsyncRAT

Indicators of Compromise (113)

All hostname URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	mtg.emiraride.com	ThreatFox: Vidar - botnet_cc	2026-02-12
hostname	mtg.megaexdistribuidora.com.br	ThreatFox: Vidar - botnet_cc	2026-02-12
hostname	gts.emiraride.com	ThreatFox: Vidar - botnet_cc	2026-02-12
hostname	gts.megaexdistribuidora.com.br	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://65.109.252.105/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://65.109.245.121/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://65.21.182.91/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://77.42.49.62/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://89.167.8.65/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://65.109.254.225/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://gts.emiraride.com/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://gts.megaexdistribuidora.com.br/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://mtg.emiraride.com/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://mtg.megaexdistribuidora.com.br/	ThreatFox: Vidar - botnet_cc	2026-02-12
URL	https://89.167.68.164/	ThreatFox: Vidar - botnet_cc	2026-02-12
domain	a2achannel.com	ThreatFox: Unknown Stealer - botnet_cc	2026-02-12
domain	share2e2git.yachts	ThreatFox: Unknown Stealer - botnet_cc	2026-02-12
hostname	cedar27.discount5den.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	nebula501.discount5den.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	polar9dash.bargainbridge1.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
domain	onlinekings.cyou	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	trp-tanzen.org	ThreatFox: Snake - botnet_cc	2026-02-12
domain	throneback.xyz	ThreatFox: Unknown Loader - botnet_cc	2026-02-12
URL	https://saborizerefeicoes34.store/donldpats/receptor.php	ThreatFox: Unknown malware - botnet_cc	2026-02-12
domain	saborizerefeicoes34.store	ThreatFox: Unknown malware - botnet_cc	2026-02-12
domain	acscervice.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
hostname	hkrsuy.ru.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	mindabusiness.duckdns.org	ThreatFox: Remcos - botnet_cc	2026-02-12
hostname	mattersthatmatters.duckdns.org	ThreatFox: Remcos - botnet_cc	2026-02-12
hostname	greatmatteronly.duckdns.org	ThreatFox: Remcos - botnet_cc	2026-02-12
hostname	11223.it.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	slotdepodana.jp.net	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	aqua.us.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	hitclub2026.ac	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	sunllwin.me	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	go88r.ac	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	sunwin2026.io	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	2026sunwin.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	hisoftsfnrq.ru.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	qyzppt.sa.com	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	ironwood812.bargainbridge1.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
domain	go88xs.org	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	etax.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	789club2026.co	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	go88r.co	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	789clubv.win	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
domain	go88vip.vc	ThreatFox: Quasar RAT - payload_delivery	2026-02-12
hostname	saffron63.bargainbridge1.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	fjord305.offer6orchard.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
domain	hubjimfoodsales.shop	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	futureentrepreneurhub.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	blazingtigerpower.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	stormfurycommandhqex.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	netrovalixsystems.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	silverlilysummer.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	energyefficienttools.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
hostname	administrator.corepulseworks.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	primeaiinfrastructure.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	nexustelecomltd.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	brightmorningsunrise.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	abqdealershipsnew.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	futureinnovationlab.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
hostname	administrator.smartlaunchzone.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
domain	proactiveitinfrastructure.com	ThreatFox: Unknown RAT - botnet_cc	2026-02-12
URL	http://64.188.79.242/installerr/api/endpoint.php	ThreatFox: Amadey - botnet_cc	2026-02-12
URL	https://captioz.shop/	ThreatFox: Unknown malware - payload_delivery	2026-02-12
hostname	zenith44.offer6orchard.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
URL	http://nonny11.xyz/sol/fre.php	ThreatFox: Loki Password Stealer (PWS) - botnet_cc	2026-02-12
hostname	cobalt911.offer6orchard.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	mango72k.valuevault8.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	atlas906.valuevault8.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	raven31.valuevault8.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	plasma707.promoportal4.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	garnet88.promoportal4.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	marlin204.promoportal4.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	nylon6burst.bonus7basket.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	cinder930.bonus7basket.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	sierra14.bonus7basket.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	tundra803.savvy3spree.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
domain	femboyservicesapi.xyz	ThreatFox: Unknown malware - botnet_cc	2026-02-12
hostname	opal57x.savvy3spree.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	vortex641.savvy3spree.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	basil902.dealharbor2.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	d71j5xk1.highlifeless.digital	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	65w6z13g.highlifeless.digital	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	hexagon73.dealharbor2.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
domain	captioz.shop	ThreatFox: Unknown malware - payload_delivery	2026-02-12
hostname	ads.yahoos.live	ThreatFox: Unknown malware - botnet_cc	2026-02-12
domain	elkodu.cc	ThreatFox: Unknown malware - botnet_cc	2026-02-12
hostname	icewf89vp.localto.net	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	drift8wave.coupon9cabin.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	aurora519.coupon9cabin.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	krypton62.coupon9cabin.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	nimbus93.overplaymarbles.com	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	cobalt7.overplaymarbles.com	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	zephyr41.overplaymarbles.com	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	x400l.ltangarorw.org	ThreatFox: Bashlite - botnet_cc	2026-02-12
hostname	cinder.way17call-in.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	powney.prd.redroselin.org	ThreatFox: Havoc - botnet_cc	2026-02-12
hostname	sparrow.way17call-in.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	mosaic.pucker8reined.coupons	ThreatFox: ClearFake - payload_delivery	2026-02-12
hostname	tamil.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	dmv.de.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	6543.cn.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	6960.cn.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
domain	hitclub-web.us.org	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	marketrasen.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	ahf.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	ryu.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	rrb.us.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	koh.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	789p.uk.net	ThreatFox: AsyncRAT - botnet_cc	2026-02-12
hostname	worldclass.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-02-12

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch