← Back to Pulse Feed
PULSE DETAIL
Automated OSINT sweep from ThreatFox. Top malware: Vidar(41), Unknown malware(26), Stealc(20), AsyncRAT(16), DeimosC2(16). Source: abuse.ch ThreatFox API. SSL enriched: 33 IPs with HTTPS, 16 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://a1219978.xsph.ru/1c268c1c.php | ThreatFox: DCRat - botnet_cc | 2026-01-19 | |
| domain | upbit.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | thetrust-w-llet.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | hyperliquid-v2.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | aly-online.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | kaminofinance.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | cake-wallet-web.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | simpleswapp.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | aave-protocol.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | simplesvvap.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | pancakeswap.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | chainlist.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | skinport-cs2.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | aster-crypto.at | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| URL | https://79.141.163.155/tech | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| URL | https://sammremix.com/summit | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| URL | http://79.141.163.155/summit | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| URL | https://touchkasablanka.com/logout/user-effect.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| domain | touchkasablanka.com | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| URL | https://touchkasablanka.com/logout/profile-core.php | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/ws-code-sync | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| URL | https://lom.make-lnk.com/sugqgzlavsjvmmrq | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| URL | http://113.30.151.250/panel/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| hostname | api.fanataxservices.com | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-19 | |
| URL | https://t.me/keeper_ideology | ThreatFox: SantaStealer - botnet_cc | 2026-01-19 | |
| domain | enigma-locket.info | ThreatFox: SantaStealer - botnet_cc | 2026-01-19 | |
| hostname | utoigzdol.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | cyqahoxnt.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| hostname | xnd4x3ezm.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-19 | |
| URL | http://77.42.83.71 | ThreatFox: Stealc - botnet_cc | 2026-01-19 | |
| URL | https://westerrd.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| URL | https://whooptm.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-19 | |
| hostname | kokymrgy.hopto.org | ThreatFox: XWorm - botnet_cc | 2026-01-19 | |
| hostname | rer.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | hoe.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | res.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | poc.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | poc.yago.fun | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | res.yago.fun | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | tretor.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | onetto.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | twettor.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://poc.yago.fun/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://res.yago.fun/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://tretor.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://onetto.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://twettor.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://138.226.237.1/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://195.201.249.240/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://49.13.35.238/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://rer.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://hoe.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://res.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://poc.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://49.13.39.105/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://116.203.0.214/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://193.221.201.185/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://138.226.237.204/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://49.13.38.165/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://138.226.236.182/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://116.202.188.70/ | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://steamcommunity.com/profiles/76561198747567141 | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://telegram.me/Skialt3 | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| URL | https://t.me/clepfort | ThreatFox: Vidar - botnet_cc | 2026-01-19 | |
| hostname | sweetbonanzaslot.jp.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-19 | |
| hostname | fenixcentr.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-19 | |
| hostname | campari.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-19 | |
| URL | https://socketapiupdates.com/KXq5q2Ty_Tc5X0ObdJG2ohd6ePoTMM7i34PdNYsZdld | ThreatFox: FAKEUPDATES - payload_delivery | 2026-01-19 | |
| hostname | matsau.noip.me | ThreatFox: CyberGate - botnet_cc | 2026-01-19 | |
| hostname | 10jqka.ec.cc | ThreatFox: ValleyRAT - botnet_cc | 2026-01-19 | |
| hostname | qq-88.co.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | www.resrei.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | xgpviv.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | fly88.gr.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | mythicserver.eastus.cloudapp.azure.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| domain | appolobase.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| domain | ultradatahost1.baby | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| hostname | visit.bombauthority.website | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-19 | |
| URL | https://cdn.jsdelivr.net/gh/strict-knoll-interface/ubiquitous-garbanzo/ba5e | ThreatFox: ClearFake - payload_delivery | 2026-01-19 | |
| URL | http://etvidanueva.com/photos/images/WebPanel/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-19 | |
| URL | https://51.79.204.217/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-19 | |
| hostname | tr88.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 | |
| hostname | onus.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-19 |