← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-02-14 - Formbook/ClearFake/Unknown Stealer
Automated OSINT sweep from ThreatFox. Top malware: Formbook(160), ClearFake(66), Unknown Stealer(60), AsyncRAT(48), XWorm(44). Source: abuse.ch ThreatFox API. SSL enriched: 30 IPs with HTTPS, 10 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (112)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | ns2.bbcbook.net | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-14 | |
| hostname | ns1.bbcbook.net | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-14 | |
| hostname | t4k2n.flint1zarco.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | cr1nt-vvay.crint3valko.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | saffron.crint3valko.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| URL | https://drawnbe.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-14 | |
| hostname | www.xoilaczzasz.tv | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | q7m9v.crint3valko.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | b1int-rnix.blint8darvo.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | yousef2121-30567.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | harvest.blint8darvo.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | x8p3a.blint8darvo.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| domain | portuge.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-14 | |
| URL | https://portuge.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-14 | |
| hostname | securityalarms.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | nhl.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | natur-klang.waldlied.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | gruen-blatt.waldlied.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| URL | https://brekaz.shop/api/css.js | ThreatFox: Unknown malware - payload_delivery | 2026-02-14 | |
| domain | brekaz.shop | ThreatFox: Unknown malware - payload_delivery | 2026-02-14 | |
| hostname | coffre-fort.noitresor.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | dyuhquas8.localto.net | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | mon-tresor.noitresor.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| domain | vn-vlxx.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | wald-lauf.herbstlauf.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| domain | boscodellabella.ch | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | gold-zeit.herbstlauf.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | t72k-30675.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | ggmenp120-43957.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | odayrifaii-37201.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | nuit-douce.revesage.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | odayrifaii-36276.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | hotehotehotel123.dynuddns.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| FileHash-MD5 | 510a87871053e239479f28101f013d0f | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | 0ec7d167c7ee8764e21c792d6a65d059 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | fb42dec2c39cd7884ca4cb6b76308f51 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | 370fbcc6711fb983ae4679f02c5ac461 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | 29144c2f5acd859adf08d42ffcd74f50 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | 0f7d721e4e5e2ce0a5c629f2fd4ac572 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| FileHash-MD5 | e80e683b7d37acd47afa66919145ecf4 | ThreatFox: Unknown malware - payload | 2026-02-14 | |
| hostname | grand-reve.revesage.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | kalt-start.winterzug.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | eis-bahn.winterzug.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | eco-nature.clairforet.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | odayrifaii-36772.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | bois-vert.clairforet.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| domain | kopekmantle.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-02-14 | |
| hostname | stern-fahrt.stolzmond.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| URL | http://91.196.33.68 | ThreatFox: Stealc - botnet_cc | 2026-02-14 | |
| hostname | mond-schein.stolzmond.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | uhadenozoowgoxokqgjvctlehtjmhwyocirfrjcg.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | webxio1231-40781.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | 7mgtwzocu.localto.net | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | ragxggbbhytljtuxtdkltyucygeyvegfctbsurnz.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | qkoyfenxbyimpvnbsoibyfovpdydxjghovpqzxys.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | promo-libre.ventdoux.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | gwdvcxhfzaplyiyvcpfbdepelkxnegdnjnywopeb.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | ckvyonlulzcjnleiknrmvmwouqvjkgaijcagpspr.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | www.koga.ar | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-14 | |
| hostname | vent-frais.ventdoux.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | 0xmrjoex.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | blitz-deal.blaukraft.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | shadow32434-34507.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | top-angebot.blaukraft.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | must-availability.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | super-prix.pommerouge.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | extra-bonus.pommerouge.coupons | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | hsgzs7-38984.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | www.timaglobalservices.com | ThreatFox: Remcos - botnet_cc | 2026-02-14 | |
| hostname | www.timaglobalservicesbackup1.com | ThreatFox: Remcos - botnet_cc | 2026-02-14 | |
| hostname | www.timaglobalservicesbackup2.com | ThreatFox: Remcos - botnet_cc | 2026-02-14 | |
| hostname | lynx1-51909.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-14 | |
| hostname | grandmonde.f2ctoryp1anet.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | hxyjv-94-190-24-20.a.free.pinggy.link | ThreatFox: Unknown malware - botnet_cc | 2026-02-14 | |
| domain | xytets.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-14 | |
| hostname | globalwork.f2ctoryp1anet.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | geheimcode.cav1ng5cript.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | deepdark.cav1ng5cript.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | toutsavoir.f2bricat9sar.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | 176.65.148.31.ptr.pfcloud.network | ThreatFox: Mirai - botnet_cc | 2026-02-14 | |
| hostname | ironsteel.f2bricat9sar.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | mainrepair.du5tmanrepai7.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| hostname | quickfix.du5tmanrepai7.ru | ThreatFox: ClearFake - payload_delivery | 2026-02-14 | |
| domain | mozila-connection-dns.sbs | ThreatFox: Remcos - botnet_cc | 2026-02-14 | |
| hostname | d9cyfgfth.localto.net | ThreatFox: Remcos - botnet_cc | 2026-02-14 | |
| hostname | zaraazra.mitreeki.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | thewheel.staging.ebowdev.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | vapekz.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | unicprimavera.com.br | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | vitanatura-gr.ekd.fwv.mybluehost.me | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | spanishtravelandstudies.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | ringer.vn | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | smtp.arcmidlands.org | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | testes.nsgrafica.ao | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | selax.pl | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | sfgraphics.com.ar | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | pi.afiunemaya.com.mx | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | old.se.staging.xrf.digital | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | portal.habitatbonaire.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | ns2.liposemcortes3d.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | ns2.ivamediagroup.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | nolamz.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | np.hanse-werbeshop.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | noihamxuong.cokhiviendong.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | mail.satitravel.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | mail.theoldschool.sc | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | nhacaired88.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | nieuwsbrief.kinderkoopjesjager.nl | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | mail.residencial-primecaxias.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | mail.rolyatmosi.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| hostname | mail.thebluestartrans.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 | |
| domain | martina-riederer.de | ThreatFox: Unknown Stealer - payload_delivery | 2026-02-14 |