← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-19 - AsyncRAT/Unknown malware/Stealc
WHITE pduggusa 2026-01-19 Modified: 2026-02-18
62
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: AsyncRAT(26), Unknown malware(21), Stealc(17), Sliver(14), Meterpreter(12). Source: abuse.ch ThreatFox API. SSL enriched: 22 IPs with HTTPS, 6 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedasyncratunknown-malwarestealcc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AsyncRAT Unknown malware Stealc Sliver Meterpreter
Indicators of Compromise (62)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://cdn.jsdelivr.net/gh/strict-knoll-interface/ubiquitous-garbanzo/ba5e ThreatFox: ClearFake - payload_delivery 2026-01-19
URL http://etvidanueva.com/photos/images/WebPanel/login.php ThreatFox: Unknown malware - botnet_cc 2026-01-19
URL https://51.79.204.217/ ThreatFox: Unknown malware - payload_delivery 2026-01-19
hostname tr88.sa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname onus.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
domain vn168a.link ThreatFox: AsyncRAT - botnet_cc 2026-01-19
URL https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77 ThreatFox: ClearFake - payload_delivery 2026-01-19
hostname api.loseallyour.money ThreatFox: Unknown Stealer - botnet_cc 2026-01-19
domain etvidanueva.com ThreatFox: Agent Tesla - botnet_cc 2026-01-19
hostname zqqhyp.sa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname titth.za.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
domain shbet-casino.co ThreatFox: AsyncRAT - botnet_cc 2026-01-19
domain mb66znet.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname granitfliesen.de.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname 78win.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname 2co7rrv.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname 2c48hup.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
domain cyberplg.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
URL https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1 ThreatFox: ClearFake - payload_delivery 2026-01-19
hostname incelcuck.duckdns.org ThreatFox: XWorm - botnet_cc 2026-01-19
domain buildnetcrew.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-19
hostname fgwqojpr.buildnetcrew.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-19
URL https://threenetragroup.kusherp.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-19
URL https://tylerbosch.retirevillage.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-19
URL https://zelenograd.logomebel.ru/ ThreatFox: Unknown malware - payload_delivery 2026-01-19
domain asphoau.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
URL https://wp.retirevillage.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-19
domain galleqi.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
domain crossat.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
domain hanggxx.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
domain traumadj.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
domain requieiy.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-19
domain sakuratea.cfd ThreatFox: Aura Stealer - botnet_cc 2026-01-19
hostname v9oe2nsym.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname aet2fkdj7.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname dxp4s2ibc.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname brodyy-39471.portmap.host ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname hytagow69.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname pymrweslf.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname 181.ip.gl.ply.gg ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname yxtu8a6fk.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-19
hostname slze8kkuh.localto.net ThreatFox: Quasar RAT - botnet_cc 2026-01-19
hostname quasarrat220-24487.portmap.io ThreatFox: Quasar RAT - botnet_cc 2026-01-19
hostname jlgwbfxtol.a.pinggy.link ThreatFox: XWorm - botnet_cc 2026-01-19
hostname abdulraheem6-50903.portmap.host ThreatFox: XWorm - botnet_cc 2026-01-19
URL https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500 ThreatFox: ClearFake - payload_delivery 2026-01-19
domain borinakis.fun ThreatFox: Unknown Stealer - botnet_cc 2026-01-19
URL http://astrologickeconoablos.cc:8080/updater?for=0AA6B9F07A5B27B2069C137C69EC91EB ThreatFox: Unknown malware - botnet_cc 2026-01-19
URL https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75 ThreatFox: ClearFake - payload_delivery 2026-01-19
URL https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink ThreatFox: ClearFake - payload_delivery 2026-01-19
hostname yrbaidu.za.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname xszcuj.sa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname wwc.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname stileunico.it.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname nqxuvd.za.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname keramogranit.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
domain hz88-bet.vip ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname haf.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname forums.uk.net ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname bfcg5.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
hostname ba.za.com ThreatFox: AsyncRAT - botnet_cc 2026-01-19
URL https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 ThreatFox: ClearFake - payload_delivery 2026-01-19
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch