← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-18 - Unknown Stealer/Unknown malware/AsyncRAT
Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(162), Unknown malware(63), AsyncRAT(34), Sliver(16), DeimosC2(16). Source: abuse.ch ThreatFox API. SSL enriched: 35 IPs with HTTPS, 10 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://threenetragroup.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tylerbosch.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zelenograd.logomebel.ru/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://ownvitality.xsrv.jp/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://qualitylivingpm.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://polbath.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://primaveraveiculos.com.imagineweb.dev.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://planocreativo.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://residencialgolapa.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ramyjuicy-109c437.ingress-haven.ewp.live/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://pola-koko288.baby/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://private.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ppsac.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://service.master-ok.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://robertevans.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://sleeve.diamantflex.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://safridi.ictclients.site/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ragdoll-blog.online/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://shop.intermusica.pe/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://stephan-mielke.de/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tinklapiuprieziura.lt/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tottenhamtraders.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://sushilanepal.com.np.nepalpaymentshub.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://theapptrix.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://toolspro.su/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://traqc.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://web.serenichron.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://website-927187ff.khl.exm.mybluehost.me/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://toyama-housenavi.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://videoo.fit/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zestsolar.pt/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://viraghagymafesztival.hu/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zoloh.starlandhotel.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zoolatours.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://130.12.182.91/pages/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://petrozavodsk.logomebel.ru/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://103.233.8.39:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | http://91.92.243.254/young2/five/PvqDq929BSx_A_D_M1n_a.php | ThreatFox: LokiBot - botnet_cc | 2026-01-18 | |
| URL | http://91.92.243.254/young1/five/PvqDq929BSx_A_D_M1n_a.php | ThreatFox: LokiBot - botnet_cc | 2026-01-18 | |
| URL | http://103.246.247.118:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://saboresdomalte.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://website-cd9a3473.khl.exm.mybluehost.me/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://213.176.73.149 | ThreatFox: Stealc - botnet_cc | 2026-01-18 | |
| domain | ou6363.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | ou6262.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | ou6161.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | matvey-41302.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | fljdslfjdsf-57814.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | http://173.214.162.172/e2c6d26eac3d49d5.php | ThreatFox: Stealc - botnet_cc | 2026-01-18 | |
| hostname | webcloudplt2.oss-cn-shanghai.aliyuncs.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/state-cb44-sp9 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| hostname | deterministic-physics.api-cloud-dispatch-core.in.net | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| hostname | latency-compensation-lyr.rt-sim-ws-repl-clstr.in.net | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| hostname | gameplay-event-date.data-plane-api-gateway.in.net | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://masteringjscode.com/7eRAGApMluLWavKFFh1zyi92GBX79PO7a-1f1JfsH4c | ThreatFox: FAKEUPDATES - payload_delivery | 2026-01-18 | |
| URL | https://fetchapiutility.com/ZrrVDxJ3ZU7awaVIgi8uNoO0x5s7wrpGXB44XmfWQbZ5-t | ThreatFox: FAKEUPDATES - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/entity-replication-v2-4 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | http://138.124.108.212 | ThreatFox: Stealc - botnet_cc | 2026-01-18 | |
| hostname | a2.auaacc2.vip | ThreatFox: ValleyRAT - botnet_cc | 2026-01-18 | |
| hostname | a2.auaadd1.vip | ThreatFox: ValleyRAT - botnet_cc | 2026-01-18 | |
| hostname | anbui7.ddns.net | ThreatFox: CyberGate - botnet_cc | 2026-01-18 | |
| hostname | www.noggrtea.cyou | ThreatFox: ValleyRAT - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timestep-sim20 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| domain | vmaxso.uk | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | vmax.so | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | vmax-link.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | 26.tcp.cpolar.top | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | 1.tcp.cpolar.cn | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | 2011-57970.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | family.hk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | bitconnect.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | 58winn.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | voeazul.br.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | open88-2.site | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | open88-1.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | m.cm88.casino | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | fly88bi.jp.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | ecatcu.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | cm88casino.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | cm88.casino | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | cm88-game.site | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | cloudfeebacks.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | sc88top1.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | sc88nv.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | sc88game.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | jdzvdi.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | 1ott.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | zoolatours.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-18 | |
| hostname | website-927187ff.khl.exm.mybluehost.me | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-18 | |
| hostname | website-cd9a3473.khl.exm.mybluehost.me | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-18 | |
| hostname | webmail.beverlyhillmanor.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-18 | |
| domain | viraghagymafesztival.hu | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-18 |