Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-09 - Unknown malware/GootLoader/Vidar

WHITE pduggusa 2026-01-09 Modified: 2026-02-08

157

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(6507), GootLoader(90), Vidar(29), Cobalt Strike(25), DeimosC2(25). Source: abuse.ch ThreatFox API. SSL enriched: 1176 IPs with HTTPS, 1154 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1105 T1555.003 T1539 T1005 T1041 T1059.001 T1055 T1027

MALWARE FAMILIES

Unknown malware GootLoader Vidar Cobalt Strike DeimosC2

Indicators of Compromise (157)

All URL hostname domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64	ThreatFox: ClearFake - payload_delivery	2026-01-09
hostname	www.80win.net	ThreatFox: Quasar RAT - botnet_cc	2026-01-09
hostname	www.0uyy41.com	ThreatFox: Quasar RAT - botnet_cc	2026-01-09
domain	motphimr.sh	ThreatFox: Quasar RAT - botnet_cc	2026-01-09
domain	motfimchill.com	ThreatFox: Quasar RAT - botnet_cc	2026-01-09
domain	motchillie.io	ThreatFox: Quasar RAT - botnet_cc	2026-01-09
URL	https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg	ThreatFox: ClearFake - payload_delivery	2026-01-09
hostname	www.ikukuomaproject2026backup2.com	ThreatFox: Remcos - botnet_cc	2026-01-09
hostname	www.ikukuomaproject2026backup1.com	ThreatFox: Remcos - botnet_cc	2026-01-09
hostname	www.ikukuomaproject2026.com	ThreatFox: Remcos - botnet_cc	2026-01-09
hostname	leehoi02.duckdns.org	ThreatFox: XWorm - botnet_cc	2026-01-09
URL	https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e	ThreatFox: ClearFake - payload_delivery	2026-01-09
URL	https://rcmceberio.net/	ThreatFox: Unknown malware - payload_delivery	2026-01-09
URL	https://phambilihighschool.co.za/	ThreatFox: Unknown malware - payload_delivery	2026-01-09
URL	https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49	ThreatFox: ClearFake - payload_delivery	2026-01-09
URL	https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61	ThreatFox: ClearFake - payload_delivery	2026-01-09
domain	fallbeginner.xyz	ThreatFox: Unknown Loader - botnet_cc	2026-01-09
domain	runhouses.xyz	ThreatFox: Unknown Loader - botnet_cc	2026-01-09
URL	https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh	ThreatFox: ClearFake - payload_delivery	2026-01-09
hostname	schedule.eznosdrivingschool.com	ThreatFox: FAKEUPDATES - payload_delivery	2026-01-09
URL	https://obsidianmidnight.top/endpoint/session-asset.php	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
domain	obsidianmidnight.top	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	http://89.46.38.5/micro	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	https://obsidianmidnight.top/endpoint/logout-script.js	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	https://buldiakogroup.com/micro	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	https://89.46.38.5/service	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	https://pippyheydguide.com/endpoint/session-asset.php	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	https://pippyheydguide.com/endpoint/logout-script.js	ThreatFox: NetSupportManager RAT - payload_delivery	2026-01-09
URL	http://69.164.242.27:3000	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
URL	https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13	ThreatFox: ClearFake - payload_delivery	2026-01-09
URL	https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl	ThreatFox: ClearFake - payload_delivery	2026-01-09
URL	https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang	ThreatFox: ClearFake - payload_delivery	2026-01-09
domain	folkwakes.com	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	furlabase.com	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	argoflyleens.world	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	ursamade.space	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	accindexer.space	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	foldexmoon.today	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	jmpbowl.today	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	jmpbowl.world	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	torducks.fun	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
domain	barbermoo.world	ThreatFox: Unknown Stealer - botnet_cc	2026-01-09
hostname	logs.gemwin.me	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	go88.se.net	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	download.gemwin.me	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	client.gemwin.me	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	api.gemwin.me	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	alexanderprojectmanagement.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
hostname	wto.azl.one	ThreatFox: Vidar - botnet_cc	2026-01-09
hostname	wto.mir-massage.kiev.ua	ThreatFox: Vidar - botnet_cc	2026-01-09
URL	https://wto.azl.one/	ThreatFox: Vidar - botnet_cc	2026-01-09
URL	https://wto.mir-massage.kiev.ua/	ThreatFox: Vidar - botnet_cc	2026-01-09
URL	https://winrler.com/7j7j.js	ThreatFox: KongTuke - payload_delivery	2026-01-09
domain	winrler.com	ThreatFox: KongTuke - payload_delivery	2026-01-09
URL	https://winrler.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-09
URL	http://144.31.221.144/a	ThreatFox: KongTuke - payload_delivery	2026-01-09
hostname	wde.azl.one	ThreatFox: Vidar - botnet_cc	2026-01-09
hostname	wde.mir-massage.kiev.ua	ThreatFox: Vidar - botnet_cc	2026-01-09
URL	https://wde.azl.one/	ThreatFox: Vidar - botnet_cc	2026-01-09
URL	https://wde.mir-massage.kiev.ua/	ThreatFox: Vidar - botnet_cc	2026-01-09
domain	27001-online.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
URL	https://blog.megalearning.com/	ThreatFox: Unknown malware - payload_delivery	2026-01-09
URL	http://185.132.53.18/pages/login.php	ThreatFox: Unknown malware - botnet_cc	2026-01-09
URL	https://tinavanleuven.com/	ThreatFox: Unknown malware - payload_delivery	2026-01-09
URL	http://45.141.117.162/maybe.exe	ThreatFox: SalatStealer - payload_delivery	2026-01-09
hostname	ssl.googletls.top	ThreatFox: Cobalt Strike - botnet_cc	2026-01-09
domain	tarabridals.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	tenforjustice.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	thefrugalengineers.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	theoutfield.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	unitscale.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	victorcrafter.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	wakeupcalltofarmers.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	wearecarne.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	worldofmerix.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	printeritsupport.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	recruiting-101.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	romconinc.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	sagesblogtours.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	sailportsmouthnh.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.scrabblestop.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	screenkeys.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	uw3some.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	sirensofsuspense.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	slackersline.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	slowrideguide.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	smashthefat.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	stephenkneale.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	sundayfundayfw.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	sunstaribike.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	lamarinalivinglab.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.lgmobilephones.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	loftinnovation.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.masonryofdenver.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	metalapolis.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	momragepodcast.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	mybakingadventures.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	nachomamasgrilledcheese.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	neighborhoodsquare.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	nicefashion.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.no-name-yet.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	nwrlibrary.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	oceanliteracydialogues.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.old-jewel.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	philosophy-forum.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.greatbritishdogwalk.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	greenann.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	gumbootrestaurant.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	hair-of-the-dog.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.hermeneuticchaosjournal.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	highprinttech.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	ijamworld.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	indiestickerpack.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	inkandglue.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	inkyfingersandribbon.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	interferenceinc.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	irchlb.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	jumpforcemods.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	k-1world.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	kbnetgearrouter.net	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	keykaloupatterns.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	lalasicecream.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	cherrypharm.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	chiangmaibest.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	chrislarkinguitars.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.chrom-art.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.chronicmomlife.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	crack-watch.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.dartmoor-railway-sa.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	databaserepair.net	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.delegatesunbound.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	digiskillsmap.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	districthardware.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	diversityinbrewing.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	doradaar.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	extraspecialpeople.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	flyuavi.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	s100-manuals.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	2c1c.net	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	4cats2.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	anambcn.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	arts-kids.org	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	arttwo50.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	as24220.net	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	bambootreerestaurants.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	banbaoworld.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	bestfreetraffic.net	ThreatFox: GootLoader - payload_delivery	2026-01-09
hostname	www.blog-growth.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	stuffimakemyhusband.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	boreidesign.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	businessguysonbusinesstrips.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	cambridgeprints.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	carltonforestgroup.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	chalkieandthechippy.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	changegout.com	ThreatFox: GootLoader - payload_delivery	2026-01-09
domain	riyaenterprises.in.net	ThreatFox: AsyncRAT - botnet_cc	2026-01-09
domain	kbbet.app	ThreatFox: AsyncRAT - botnet_cc	2026-01-09

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch