← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-09 - Unknown malware/GootLoader/Vidar
WHITE pduggusa 2026-01-09 Modified: 2026-02-08
154
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(6509), GootLoader(90), Vidar(29), DeimosC2(28), Cobalt Strike(25). Source: abuse.ch ThreatFox API. SSL enriched: 1173 IPs with HTTPS, 1153 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedunknown-malwaregootloadervidarc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Unknown malware GootLoader Vidar DeimosC2 Cobalt Strike
Indicators of Compromise (154)
All domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
domain mintyfang2026.cyou ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
hostname relay.trankor.online ThreatFox: Unknown RAT - botnet_cc 2026-01-09
URL http://154.201.65.97:8888/supershell/login/ ThreatFox: Unknown malware - botnet_cc 2026-01-09
hostname bielzingl-59529.portmap.host ThreatFox: NjRAT - botnet_cc 2026-01-09
URL https://reveiley.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-09
hostname api.alexanderprojectmanagement.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname logs.go88.se.net ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname proud-dawn-88929.pktriot.net ThreatFox: XWorm - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/64gs65th ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64 ThreatFox: ClearFake - payload_delivery 2026-01-09
hostname www.80win.net ThreatFox: Quasar RAT - botnet_cc 2026-01-09
hostname www.0uyy41.com ThreatFox: Quasar RAT - botnet_cc 2026-01-09
domain motphimr.sh ThreatFox: Quasar RAT - botnet_cc 2026-01-09
domain motfimchill.com ThreatFox: Quasar RAT - botnet_cc 2026-01-09
domain motchillie.io ThreatFox: Quasar RAT - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg ThreatFox: ClearFake - payload_delivery 2026-01-09
hostname www.ikukuomaproject2026backup2.com ThreatFox: Remcos - botnet_cc 2026-01-09
hostname www.ikukuomaproject2026backup1.com ThreatFox: Remcos - botnet_cc 2026-01-09
hostname www.ikukuomaproject2026.com ThreatFox: Remcos - botnet_cc 2026-01-09
hostname leehoi02.duckdns.org ThreatFox: XWorm - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://rcmceberio.net/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://phambilihighschool.co.za/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49 ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61 ThreatFox: ClearFake - payload_delivery 2026-01-09
domain fallbeginner.xyz ThreatFox: Unknown Loader - botnet_cc 2026-01-09
domain runhouses.xyz ThreatFox: Unknown Loader - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh ThreatFox: ClearFake - payload_delivery 2026-01-09
hostname schedule.eznosdrivingschool.com ThreatFox: FAKEUPDATES - payload_delivery 2026-01-09
URL https://obsidianmidnight.top/endpoint/session-asset.php ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
domain obsidianmidnight.top ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL http://89.46.38.5/micro ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://obsidianmidnight.top/endpoint/logout-script.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://buldiakogroup.com/micro ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://89.46.38.5/service ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://pippyheydguide.com/endpoint/session-asset.php ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL https://pippyheydguide.com/endpoint/logout-script.js ThreatFox: NetSupportManager RAT - payload_delivery 2026-01-09
URL http://69.164.242.27:3000 ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
URL https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13 ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl ThreatFox: ClearFake - payload_delivery 2026-01-09
URL https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang ThreatFox: ClearFake - payload_delivery 2026-01-09
domain folkwakes.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain furlabase.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain argoflyleens.world ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain ursamade.space ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain accindexer.space ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain foldexmoon.today ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain jmpbowl.today ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain jmpbowl.world ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain torducks.fun ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
domain barbermoo.world ThreatFox: Unknown Stealer - botnet_cc 2026-01-09
hostname logs.gemwin.me ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname go88.se.net ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname download.gemwin.me ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname client.gemwin.me ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname api.gemwin.me ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname alexanderprojectmanagement.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-09
hostname wto.azl.one ThreatFox: Vidar - botnet_cc 2026-01-09
hostname wto.mir-massage.kiev.ua ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://wto.azl.one/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://wto.mir-massage.kiev.ua/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://winrler.com/7j7j.js ThreatFox: KongTuke - payload_delivery 2026-01-09
domain winrler.com ThreatFox: KongTuke - payload_delivery 2026-01-09
URL https://winrler.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-09
URL http://144.31.221.144/a ThreatFox: KongTuke - payload_delivery 2026-01-09
hostname wde.azl.one ThreatFox: Vidar - botnet_cc 2026-01-09
hostname wde.mir-massage.kiev.ua ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://wde.azl.one/ ThreatFox: Vidar - botnet_cc 2026-01-09
URL https://wde.mir-massage.kiev.ua/ ThreatFox: Vidar - botnet_cc 2026-01-09
domain 27001-online.com ThreatFox: GootLoader - payload_delivery 2026-01-09
URL https://blog.megalearning.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL http://185.132.53.18/pages/login.php ThreatFox: Unknown malware - botnet_cc 2026-01-09
URL https://tinavanleuven.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-09
URL http://45.141.117.162/maybe.exe ThreatFox: SalatStealer - payload_delivery 2026-01-09
hostname ssl.googletls.top ThreatFox: Cobalt Strike - botnet_cc 2026-01-09
domain tarabridals.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain tenforjustice.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain thefrugalengineers.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain theoutfield.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain unitscale.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain victorcrafter.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain wakeupcalltofarmers.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain wearecarne.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain worldofmerix.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain printeritsupport.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain recruiting-101.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain romconinc.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain sagesblogtours.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain sailportsmouthnh.org ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.scrabblestop.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain screenkeys.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain uw3some.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain sirensofsuspense.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain slackersline.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain slowrideguide.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain smashthefat.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain stephenkneale.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain sundayfundayfw.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain sunstaribike.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain lamarinalivinglab.com ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.lgmobilephones.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain loftinnovation.org ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.masonryofdenver.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain metalapolis.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain momragepodcast.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain mybakingadventures.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain nachomamasgrilledcheese.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain neighborhoodsquare.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain nicefashion.org ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.no-name-yet.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain nwrlibrary.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain oceanliteracydialogues.com ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.old-jewel.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain philosophy-forum.org ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.greatbritishdogwalk.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain greenann.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain gumbootrestaurant.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain hair-of-the-dog.com ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.hermeneuticchaosjournal.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain highprinttech.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain ijamworld.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain indiestickerpack.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain inkandglue.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain inkyfingersandribbon.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain interferenceinc.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain irchlb.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain jumpforcemods.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain k-1world.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain kbnetgearrouter.net ThreatFox: GootLoader - payload_delivery 2026-01-09
domain keykaloupatterns.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain lalasicecream.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain cherrypharm.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain chiangmaibest.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain chrislarkinguitars.com ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.chrom-art.org ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.chronicmomlife.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain crack-watch.com ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.dartmoor-railway-sa.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain databaserepair.net ThreatFox: GootLoader - payload_delivery 2026-01-09
hostname www.delegatesunbound.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain digiskillsmap.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain districthardware.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain diversityinbrewing.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain doradaar.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain extraspecialpeople.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain flyuavi.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain s100-manuals.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain 2c1c.net ThreatFox: GootLoader - payload_delivery 2026-01-09
domain 4cats2.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain anambcn.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain arts-kids.org ThreatFox: GootLoader - payload_delivery 2026-01-09
domain arttwo50.com ThreatFox: GootLoader - payload_delivery 2026-01-09
domain as24220.net ThreatFox: GootLoader - payload_delivery 2026-01-09
domain bambootreerestaurants.com ThreatFox: GootLoader - payload_delivery 2026-01-09
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch