← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-03 - Unknown Stealer/LockBit/Unknown malware
WHITE pduggusa 2026-01-03 Modified: 2026-02-02
99
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(797), LockBit(30), Unknown malware(28), Aisuru(15), Meterpreter(14). Source: abuse.ch ThreatFox API. SSL enriched: 25 IPs with HTTPS, 8 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedunknown-stealerlockbitunknown-malwarec2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Unknown Stealer LockBit Unknown malware Aisuru Meterpreter
Indicators of Compromise (99)
All hostname URL domain
TYPEINDICATORDESCRIPTIONCREATED
hostname nft.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname cim.co.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname dehesa.sa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname idm.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname www.asnetert.in.net ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname pixel.coppsindoor.org ThreatFox: Unknown malware - botnet_cc 2026-01-03
hostname scontent.xx.coppsindoor.org ThreatFox: Unknown malware - botnet_cc 2026-01-03
hostname api.coppsindoor.org ThreatFox: Unknown malware - botnet_cc 2026-01-03
hostname lgr7mgmwdnswvdgw.wincryptapi.com ThreatFox: Unknown malware - botnet_cc 2026-01-03
URL https://down.wincryptapi.com/download ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain witchhyf.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-03
domain arrierzh.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-03
domain makeravh.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-03
domain recitebl.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-03
URL http://87.248.157.152:5000/upl04d ThreatFox: Unknown malware - botnet_cc 2026-01-03
URL http://45.80.158.214/patch ThreatFox: Unknown malware - botnet_cc 2026-01-03
URL http://45.80.158.214/request-download ThreatFox: Unknown malware - botnet_cc 2026-01-03
URL http://45.80.158.214/request-inject ThreatFox: Unknown malware - botnet_cc 2026-01-03
hostname amish.jp.net ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname login.fdon.sa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
URL http://77.110.102.154:3000/pages/login.html ThreatFox: Unknown malware - botnet_cc 2026-01-03
domain goooooogk.cfd ThreatFox: Unknown malware - payload_delivery 2026-01-03
domain korex.sbs ThreatFox: Unknown malware - payload_delivery 2026-01-03
URL https://138.226.237.119/ ThreatFox: Vidar - botnet_cc 2026-01-03
hostname dev.googleshop.xyz ThreatFox: Cobalt Strike - botnet_cc 2026-01-03
URL https://probable-winner.info/ ThreatFox: Unknown malware - payload_delivery 2026-01-03
hostname diao.jingxiaoliandong.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-03
hostname ptn.tfba.me ThreatFox: Vidar - botnet_cc 2026-01-03
hostname ptn.kievteplo.kiev.ua ThreatFox: Vidar - botnet_cc 2026-01-03
hostname c1.msft-config-service.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-03
domain invoicing-kyc.com ThreatFox: Unknown malware - payload_delivery 2026-01-03
hostname www.dev.ostra-regal.com ThreatFox: GootLoader - botnet_cc 2026-01-03
hostname www.diallocksmith.keydesigndevelopment.com ThreatFox: GootLoader - botnet_cc 2026-01-03
hostname app.abuarerestaurant.net ThreatFox: FAKEUPDATES - botnet_cc 2026-01-03
hostname cooller-47026.portmap.host ThreatFox: Quasar RAT - botnet_cc 2026-01-03
domain oiastocks.pics ThreatFox: Unknown malware - botnet_cc 2026-01-03
URL http://lockbit33chewwx25efq6dgkhkw4u7nefudq4ijkuamjfd7x73on6dyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit7gtvdkx7j3tyfpw43zv6majh2owrsp3zilhpm36a3fldqtyqd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit3m6lgexvokfxyqcdnykdvhye7aftic6p4uh7mnz42h25ooiid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit2zfxali5yrplh5swimxva5o4xqi3zpbc24tczgffxh7msrvyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitdx4kanolaotenc3nmonlxv5enmhxdh2lk54rirvcdsljfbjyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit7tnu7whmaqnnlmvnoxzejssvr6vkcoovg35encvnp24pikvyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit6vhrjaqzsdj6pqalyideigxv4xycfeyunpx35znogiwmojnid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbity7oz7kjcdcgacvihhsli6oimuodmmaftw5omdpgscxdc3mhid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitwnklgh3lt6umrbiztgzl6qujtovdtcovdjhavepp7bpvcmfid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitst7jglgbsj7aijbiqvxwmlhcs7e7gb3eeqx7rjtxsjklw4yyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitnthkolp2mfa5byjrx2mcbleruktoiawsprqrducnrzilchjid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitjvv72zmzgcqgn63ehjaapffubbwjwi32gzdbrahxjy3hzrxid.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitbuy3gsqwrgavmi3ehlmk26h6g3aeyslnq4yksjcbpt6ij5cqd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitabmbzz652qeqd7yztgugcihpy4s4f6zuqi3jx32rzjylsn7ad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbit24pegjquuwbmwjlvyivmyaujf33kvlepcxyncnugm3zw73myd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbityq64mwtobqqcr3iwxs5q4o7iliuv72gbx4vflggj4m4wqekad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbity3v2rhjjjt6opcgvdrrlvdbrt3p2wqmxmq4cm36cchphdy6qd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitnpobu6luzzlxb7br5uyqnmeruwimpjuw2kv442nvxd6sufsad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitkybiqhyv64vdaamz7uf2ymjoafyalx3e6spmmsz5xyk5nbcad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitjqfuyrkxiie6bcly6ow4sh6lmyuyvyats5hcpe5e6hbuhikyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbithn5a2qgf4ojvut3q25yylrauvjxrz6sjdd4teas65osru2lqd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitf75dfwq4bsec3iaytf6z5z6dmstx3g35grn74ndxy3py2ozyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitynxdcxtuvma5deq5pxtnqoacftuigkk37xjq3whefozdpcuad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbity44loulvujiaoels7knti2tfsnglclnse22syaa6x3vpqp7yd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitqth2ij5cdqmj4cdchoh3etnlbh74utqviwqb5svvhxygnmoqd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitotfzuq2lpyydzgbhelps2mcz62cpix4nzpcyaak5444iwfmqd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitgf43c7avhx5wesx5ambjgbormhwc2tujsy6lvg6drkjhnjryd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitfnszjao7hayqsd424m74k5jxc52hozvabjrut7pjfsfaaaoad.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitdzdbv5dh6ncf65c22tdgej72sty6ikiieuinibh6icnzrv4yd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
URL http://lockbitbgtyqtgutvasrld5gx23ozo32y4xkjrby6bte3zyvjdlyoxyd.onion/ ThreatFox: LockBit - botnet_cc 2026-01-03
domain cathost.io ThreatFox: Havoc - botnet_cc 2026-01-03
domain ispolic.com ThreatFox: AsyncRAT - botnet_cc 2026-01-03
hostname dj6q.ignorelist.com ThreatFox: Mirai - botnet_cc 2026-01-03
domain yufit.biz ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zoolasuites.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zoomative.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain wildparker.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zmdservice.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain xaydungmaison.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yutoku-plusoneshop.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname yoshkarola.logomebel.ru ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain vnzalli.cm ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yoshikou-reunion.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yudai1207pt.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yokohama-riumachi-clinic.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yametai.info ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain yuu-jinsei.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zvezda-44.ru ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zarkasyi-golkar12.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain wolkensegler.design ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain wanya-no-heya.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname wiki.webitfactory.io ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname wp.ydqic.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname webgrade.kusherp.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain weconger.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain webhost.qa ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname website-1a9d6001.arminpardo.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname wpt-8gek.162-215-130-152.cpanel.site.oligoflora.com.br ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname wptraining.cloudware.ng ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain wurzelwerk-agentur.de ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
hostname www2.clv.it ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain zingst-ostsee.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
domain wodan-trading.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-03
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch