← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-09 - Unknown Stealer/Vidar/Unknown malware
WHITE pduggusa 2026-01-09 Modified: 2026-02-08
89
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(34), Vidar(28), Unknown malware(26), DeimosC2(25), Cobalt Strike(22). Source: abuse.ch ThreatFox API. SSL enriched: 49 IPs with HTTPS, 21 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedunknown-stealervidarunknown-malwarec2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Unknown Stealer Vidar Unknown malware DeimosC2 Cobalt Strike
Indicators of Compromise (89)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://cdn.jsdelivr.net/gh/key-cnfg7win/browse/fl ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://blog.megalearning.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-114-cl0ud/acrn ThreatFox: ClearFake - payload_delivery 2026-01-09
hostname fir.azl.one ThreatFox: Vidar - botnet_cc 2026-01-09
hostname fir.mir-massage.kiev.ua ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://138.226.236.189/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://95.216.178.137/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://5.75.173.180/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://138.226.237.95/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://77.42.70.191/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://95.217.242.119/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://65.109.187.78/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://fir.mir-massage.kiev.ua/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://95.217.27.206/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://fir.azl.one/ ThreatFox: Vidar - botnet_cc 2026-01-09
domain mcafeeupdates.com ThreatFox: ShadowPad - botnet_cc 2026-01-09
URL https://frttsch.com/2w2w.js ThreatFox: KongTuke - payload_delivery 2026-01-09
domain frttsch.com ThreatFox: KongTuke - payload_delivery 2026-01-09
URL https://frttsch.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-09
URL http://144.31.221.60/a ThreatFox: KongTuke - payload_delivery 2026-01-09
hostname roadmap.lifeinsurancemasters.net ThreatFox: FAKEUPDATES - payload_delivery 2026-01-09
URL http://65.109.93.171:1476/update.sh ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://foresposition.com/profile/redirect-hook.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
domain foresposition.com ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://foresposition.com/profile/router-request.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL http://89.46.38.5/rest ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://foresposition.com/profile/profile-effect.php ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://buldiakogroup.com/rest ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://mercedesheritage.com/j.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://89.46.38.5/soap ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://pippyheydguide.com/profile/profile-effect.php ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://pippyheydguide.com/profile/router-request.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
domain mercedesheritage.com ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://pippyheydguide.com/profile/redirect-hook.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
domain vdsturkiye.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain farforshop.cfd ThreatFox: Aura Stealer - botnet_cc 2026-01-09
URL https://ru.moneyjungle.ch/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://alfenjan.iq/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://msg-booking.com/utm_term=structured&utm_source=messaging&utm_campaign=pf_guest_request&utm_medium=email&utm_content=booknr&res_id=5155216308&hotel_id=2052987/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://hupe-wa.dz/fifa.php?page= ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://www.fitnesslife24.ch/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://gavinmakesapps-sys.github.io/Runbox2.0/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL http://103.27.157.193/jsUpdateprocessorsqlwindowsgeneratordle.php ThreatFox: DCRat - botnet_cc 2026-01-09
hostname zobyyog3nyah123-35769.portmap.host ThreatFox: XWorm - botnet_cc 2026-01-09
hostname bbb.flash-china.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-09
hostname wey.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname hhz.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname www.gangotri.edu.np ThreatFox: Havoc - botnet_cc 2026-01-09
hostname henry.xx.kg ThreatFox: Cobalt Strike - botnet_cc 2026-01-09
hostname sxwa.nxjwl.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-09
hostname login.ciberseguridad-eia.xyz ThreatFox: Unknown malware - botnet_cc 2026-01-09
hostname join.ciberseguridad-eia.xyz ThreatFox: Unknown malware - botnet_cc 2026-01-09
hostname outlook.ciberseguridad-eia.xyz ThreatFox: Unknown malware - botnet_cc 2026-01-09
domain sonbaharindirimi.sbs ThreatFox: Hook - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-cfg-sys-x/dla ThreatFox: ClearFake - payload_delivery 2026-01-09
hostname ewaewaeawwe-47532.portmap.host ThreatFox: XWorm - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/fabriziovigna11/mn-authz-x7-cdn140-br/te-ba ThreatFox: ClearFake - payload_delivery 2026-01-09
domain arvrestbnkonline.top ThreatFox: Unknown RAT - botnet_cc 2026-01-09
hostname vci.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname bbq.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain sdancecompany.in.net ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain royalweddingcars.in.net ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname cce.co.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain antiglare.in.net ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname www.luongsontv3.tv ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname www.luongsontv1.tv ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname www.luongsontv.tv ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain luongsontv2.tv ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain luongsontv.io ThreatFox: AsyncRAT - botnet_cc 2026-01-09
domain afonoditrixdxcomplany.com ThreatFox: Latrodectus - botnet_cc 2026-01-09
domain oasioncounertstrike.com ThreatFox: Latrodectus - botnet_cc 2026-01-09
hostname gti.azl.one ThreatFox: Vidar - botnet_cc 2026-01-09
hostname gti.mir-massage.kiev.ua ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://gti.azl.one/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://gti.mir-massage.kiev.ua/ ThreatFox: Vidar - botnet_cc 2026-01-09
domain wewekikilopsterstakan.com ThreatFox: Latrodectus - botnet_cc 2026-01-09
hostname relays.zyabozadpap.top ThreatFox: Unknown RAT - botnet_cc 2026-01-09
domain barbermoo.top ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain ballfrank.top ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain argoflyleens.coupons ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain groovyfox.top ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain ballfrank.fun ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain groovyfox.fun ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain barbermoo.fun ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain foldexmoon.top ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain clausdoom.co.za ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain jmpbowl.top ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain foldexmoon.space ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain foldexmoon.xyz ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch