← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites - Silent Push
WHITE CyberHunter_NL 2026-06-01 Modified: 2026-06-01
46
IOCs
MEDIUM VOLUME
drivesurgescreenshotweb searchclickfixinjectmozilla firefoxfingerprintpatternwhoispivotvirustotalfakeupdatespathterminaldefensefebruaryaprilztdspayloadlogic
Indicators of Compromise (46)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0ca424475803a1cb54908a81a00bd93f 2026-06-01
FileHash-MD5 f3926add1a4531ff324a6acb57d40769 MD5 of 7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d 2026-06-01
FileHash-SHA1 a4f0014474278238b5fe78fc2c4182b498012a33 SHA1 of 7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d 2026-06-01
FileHash-SHA256 0c62c11e910d7c0d6b6c9800b70e78bfd9220e1f78bd7bb34ae4c3646d05f6e5 2026-06-01
FileHash-SHA256 29ac78c51bcdfe68c64830bdeb6e41437dd55e2691149741c9b78be03b6c82ea 2026-06-01
FileHash-SHA256 428bd0b0ac36dfdd223b3953dbe61c0baf227f893310b03e7afe3111462019c6 2026-06-01
FileHash-SHA256 7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d 2026-06-01
FileHash-SHA256 8ecc7108cd679316bf5900e84f19b256dc399902cdede646493f502ac872cc1a 2026-06-01
FileHash-SHA256 90aecb370dfb1a99a1f7de0a9c6842ab1b664521fddea16b0ec9a91f322646fc 2026-06-01
FileHash-SHA256 a84b032b49773c2318b11b1164d1aada69e940229aedbf8185c33fc7dd1d2cdf 2026-06-01
FileHash-SHA256 e1ce4e6222396a58d13dddfe64c1dd21f1632bcbe11d1867d44bab4fc646883a 2026-06-01
IPv4 147.45.42.200 CC=RU ASN=AS2895 ooo freenet group 2026-06-01
IPv4 147.45.42.205 CC=RU ASN=AS2895 ooo freenet group 2026-06-01
IPv4 46.226.166.57 CC=RU ASN=AS16230 company skynet ltd 2026-06-01
IPv4 91.92.240.127 CC=BG ASN=AS34368 zonata - natskovi & sie ltd. 2026-06-01
URL http://147.45.42.200/66856ca57ed?force=1 2026-06-01
URL http://147.45.42.200/ce3cbfc887?force=1 2026-06-01
URL http://147.45.42.200/e97b7f7ccab3a?force=1 2026-06-01
URL http://46.226.166.57/66856ca57ed?force=1 2026-06-01
URL http://46.226.166.57/ce3cbfc887?force=1 2026-06-01
URL http://46.226.166.57/e97b7f7ccab3a?force=1 2026-06-01
URL http://bseolized.com 2026-06-01
URL http://newtdsone.shop/jsrepo?rnd= 2026-06-01
domain banerpanel.live 2026-06-01
domain beacontrace.bond 2026-06-01
domain brightson.icu 2026-06-01
domain bseolized.com 2026-06-01
domain captioto.com 2026-06-01
domain coverlink.icu 2026-06-01
domain cptoptious.com 2026-06-01
domain datumprobe.icu 2026-06-01
domain eraggifts.icu 2026-06-01
domain jcdlforwarding.com 2026-06-01
domain jclforwarding.com 2026-06-01
domain keyview.icu 2026-06-01
domain maxintora.com 2026-06-01
domain newtdsone.shop 2026-06-01
domain traceglimpse.icu 2026-06-01
domain tracekey.icu 2026-06-01
domain webgleam.info 2026-06-01
domain ycyfugihih.cfd 2026-06-01
domain ztds.info 2026-06-01
email thiagorivera197151@ycyfugihih.cfd 2026-06-01
hostname check.first-node.rocks 2026-06-01
hostname ns1.erans.ru 2026-06-01
hostname testio.ecartdev.com 2026-06-01
References (1)
↗ https://www.silentpush.com/blog/drivesurge/?utm_source=rss&utm_medium=rss&utm_campaign=drivesurge