← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-18 - Unknown malware/AsyncRAT/Sliver
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(72), AsyncRAT(27), Sliver(13), ClearFake(12), Meterpreter(12). Source: abuse.ch ThreatFox API. SSL enriched: 27 IPs with HTTPS, 5 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | api.loseallyour.money | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-18 | |
| URL | http://etvidanueva.com/photos/images/WebPanel/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | etvidanueva.com | ThreatFox: Agent Tesla - botnet_cc | 2026-01-18 | |
| hostname | zqqhyp.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | titth.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | shbet-casino.co | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | mb66znet.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | granitfliesen.de.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | 78win.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | 2co7rrv.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | 2c48hup.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | cepkutapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | cepcutproapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | thecupcut.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | capocutapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | capcutmoda.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | capcutproz.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | capcut.to | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| domain | cyberplg.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | theorca-finance.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| hostname | incelcuck.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| domain | buildnetcrew.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-18 | |
| hostname | fgwqojpr.buildnetcrew.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-18 | |
| URL | https://threenetragroup.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tylerbosch.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zelenograd.logomebel.ru/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| domain | asphoau.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| URL | https://wp.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| domain | galleqi.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | crossat.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | hanggxx.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | traumadj.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | requieiy.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-18 | |
| domain | sakuratea.cfd | ThreatFox: Aura Stealer - botnet_cc | 2026-01-18 | |
| hostname | v9oe2nsym.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | aet2fkdj7.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | dxp4s2ibc.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | brodyy-39471.portmap.host | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | hytagow69.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | pymrweslf.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | 181.ip.gl.ply.gg | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | yxtu8a6fk.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-18 | |
| hostname | slze8kkuh.localto.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-18 | |
| hostname | quasarrat220-24487.portmap.io | ThreatFox: Quasar RAT - botnet_cc | 2026-01-18 | |
| hostname | jlgwbfxtol.a.pinggy.link | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | abdulraheem6-50903.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| domain | borinakis.fun | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-18 | |
| URL | http://astrologickeconoablos.cc:8080/updater?for=0AA6B9F07A5B27B2069C137C69EC91EB | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| hostname | yrbaidu.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | xszcuj.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | wwc.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | stileunico.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | nqxuvd.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | keramogranit.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | hz88-bet.vip | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | haf.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | forums.uk.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | bfcg5.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | ba.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://ownvitality.xsrv.jp/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://qualitylivingpm.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://polbath.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://primaveraveiculos.com.imagineweb.dev.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://planocreativo.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://residencialgolapa.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ramyjuicy-109c437.ingress-haven.ewp.live/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://pola-koko288.baby/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://private.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ppsac.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://service.master-ok.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://robertevans.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://sleeve.diamantflex.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://safridi.ictclients.site/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://ragdoll-blog.online/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://shop.intermusica.pe/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://stephan-mielke.de/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tinklapiuprieziura.lt/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://tottenhamtraders.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://sushilanepal.com.np.nepalpaymentshub.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://theapptrix.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://toolspro.su/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://traqc.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://web.serenichron.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://website-927187ff.khl.exm.mybluehost.me/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://toyama-housenavi.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://videoo.fit/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zestsolar.pt/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://viraghagymafesztival.hu/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zoloh.starlandhotel.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://zoolatours.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://130.12.182.91/pages/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://petrozavodsk.logomebel.ru/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://103.233.8.39:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | http://91.92.243.254/young2/five/PvqDq929BSx_A_D_M1n_a.php | ThreatFox: LokiBot - botnet_cc | 2026-01-18 | |
| URL | http://91.92.243.254/young1/five/PvqDq929BSx_A_D_M1n_a.php | ThreatFox: LokiBot - botnet_cc | 2026-01-18 | |
| URL | http://103.246.247.118:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-18 | |
| URL | https://saboresdomalte.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | https://website-cd9a3473.khl.exm.mybluehost.me/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-18 | |
| URL | http://213.176.73.149 | ThreatFox: Stealc - botnet_cc | 2026-01-18 | |
| domain | ou6363.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | ou6262.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| domain | ou6161.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-18 | |
| hostname | matvey-41302.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| hostname | fljdslfjdsf-57814.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden | ThreatFox: ClearFake - payload_delivery | 2026-01-18 | |
| URL | http://173.214.162.172/e2c6d26eac3d49d5.php | ThreatFox: Stealc - botnet_cc | 2026-01-18 | |
| hostname | webcloudplt2.oss-cn-shanghai.aliyuncs.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-18 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1 | ThreatFox: ClearFake - payload_delivery | 2026-01-18 |