← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-19 - Unknown malware/AsyncRAT/Stealc
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(66), AsyncRAT(26), Stealc(19), Sliver(14), Meterpreter(11). Source: abuse.ch ThreatFox API. SSL enriched: 21 IPs with HTTPS, 5 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | tr88.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | onus.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | default.company.io | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-19 | |
| URL | https://51.79.204.217/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| domain | vn168a.link | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77 | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| hostname | api.loseallyour.money | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| URL | http://etvidanueva.com/photos/images/WebPanel/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | etvidanueva.com | ThreatFox: Agent Tesla - botnet_cc | 2026-01-19 | |
| hostname | zqqhyp.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | titth.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| domain | shbet-casino.co | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| domain | mb66znet.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | granitfliesen.de.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | 78win.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | 2co7rrv.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | 2c48hup.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| domain | cepkutapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | cepcutproapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | thecupcut.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | capocutapk.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | capcutmoda.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | capcutproz.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | capcut.to | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | cyberplg.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | theorca-finance.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1 | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| hostname | incelcuck.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-19 | |
| domain | buildnetcrew.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| hostname | fgwqojpr.buildnetcrew.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| URL | https://threenetragroup.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://tylerbosch.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://zelenograd.logomebel.ru/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| domain | asphoau.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| URL | https://wp.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| domain | galleqi.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | crossat.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | hanggxx.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | traumadj.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | requieiy.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| domain | sakuratea.cfd | ThreatFox: Aura Stealer - botnet_cc | 2026-01-19 | |
| hostname | v9oe2nsym.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | aet2fkdj7.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | dxp4s2ibc.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | brodyy-39471.portmap.host | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | hytagow69.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | pymrweslf.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | 181.ip.gl.ply.gg | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | yxtu8a6fk.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | slze8kkuh.localto.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-19 | |
| hostname | quasarrat220-24487.portmap.io | ThreatFox: Quasar RAT - botnet_cc | 2026-01-19 | |
| hostname | jlgwbfxtol.a.pinggy.link | ThreatFox: XWorm - botnet_cc | 2026-01-19 | |
| hostname | abdulraheem6-50903.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500 | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| domain | borinakis.fun | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| URL | http://astrologickeconoablos.cc:8080/updater?for=0AA6B9F07A5B27B2069C137C69EC91EB | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75 | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| hostname | yrbaidu.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | xszcuj.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | wwc.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | stileunico.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | nqxuvd.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | keramogranit.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| domain | hz88-bet.vip | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | haf.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | forums.uk.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | bfcg5.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | ba.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| URL | https://ownvitality.xsrv.jp/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://qualitylivingpm.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://polbath.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://primaveraveiculos.com.imagineweb.dev.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://planocreativo.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://residencialgolapa.com.br/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://ramyjuicy-109c437.ingress-haven.ewp.live/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://pola-koko288.baby/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://private.kusherp.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://ppsac.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://service.master-ok.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://robertevans.retirevillage.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://sleeve.diamantflex.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://safridi.ictclients.site/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://ragdoll-blog.online/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://shop.intermusica.pe/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://stephan-mielke.de/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://tinklapiuprieziura.lt/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://tottenhamtraders.co.uk/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://sushilanepal.com.np.nepalpaymentshub.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://theapptrix.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://toolspro.su/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://traqc.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://web.serenichron.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://website-927187ff.khl.exm.mybluehost.me/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | https://toyama-housenavi.net/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 |