TF-1825653
high
📛 Threat Title
ClearFake: Domain name that delivers a malware payload 5ronk1lr.pointsbetiran.com
Description
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: ClearFake. Confidence: 100. First seen: 2026-06-10 00:34:28 UTC. Reporter: anonymous. Tags: ClearFake.
Remediations (10)
-
web:blog.sekoia.io
ClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware Delivery ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake...
-
web:cybersecuritynews.com
Sekoia researchers noted that the ClearFake infrastructure includes over 9,300 compromised websites, with thousands of users potentially exposed to these malicious lures every day. The use of blockchain technology for malware delivery represents an emerging threat that makes traditional mitigation and blocking significantly more challenging.
-
web:darkwebinformer.com
A domain -based indicator has been identified delivering ClearFake JavaScript malware . The domain is flagged for phishing and payload delivery activity and is associated with malicious script injection campaigns designed to trick users into interacting with fraudulent browser updates or phishing pages.
-
web:expel.com
ClearFake's latest campaign uses fake CAPTCHAs and social engineering trick victims into installing malware , and it's getting more evasive.
-
web:securereading.com
Once delivered, ClearFake malware typically enables follow-on activity such as credential theft, redirection to scam content, or additional payload downloads. Because the delivery channel appears legitimate, many perimeter defenses fail to block access by default.
-
web:thehackernews.com
ClearFake malware infects 9,300+ websites, using fake reCAPTCHA and Web3 tactics to spread Lumma and Vidar Stealers, exposing 200,000+ users.
-
web:threatfox.abuse.ch
ClearFake IOC: 5ronk1lr.pointsbetiran.com ( domain ) You are viewing the ThreatFox database entry for domain 5ronk1lr.pointsbetiran.com .
-
web:www.darktrace.com
ClearFake continues to be observed across multiple sectors, but Darktrace remains well‑positioned to counter such threats. Because ClearFake's end goal is often to deliver malware such as information stealers and malware loaders, early disruption is critical to preventing compromise.
-
web:www.kroll.com
Key Takeaways Kroll continues to observe a rapid evolution in how CLEARFAKE is delivering payloads to victims across all sectors. Clusters of evolved techniques include the use of data/time obfuscation to create filenames as well as variations of MSHTA usage. Despite the evolution, there remains a number of key themes that can assist in detection and mitigation of this threat, including ...
-
web:www.linkedin.com
A sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The ...
Indicators of Compromise (1)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
domain
5ronk1lr.pointsbetiran.com
IOC database
- Type
- domain
- Value
5ronk1lr.pointsbetiran.com- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
- Description
- Ingested from IOC source: https://threatfox.abuse.ch/downloads/hostfile/
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
References (2)
- Malpedia profile ThreatFox IOCs
-
ThreatFox IOC page
ThreatFox IOCs
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: ClearFake. Confidence: 100. First seen: 2026-06-10 00:34:28 UTC. Reporter: anonymous. Tags: ClearFake.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.