← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-21 - Unknown malware/Vidar/Cobalt Strike
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(66), Vidar(22), Cobalt Strike(19), AsyncRAT(17), DeimosC2(15). Source: abuse.ch ThreatFox API. SSL enriched: 38 IPs with HTTPS, 18 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://medhrrst.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| domain | medhrrst.com | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| URL | https://medhrrst.com/1h6f.js | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| hostname | zx88.ae.org | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| hostname | vibrations.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| hostname | mfd.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| hostname | kaf.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| domain | fastandfastairconditioner.in.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| hostname | a9wi86h.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| URL | http://118.31.168.221:80/IQQr | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-21 | |
| URL | https://www.appleslicesllc.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-21 | |
| hostname | xxblessing2026now.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-21 | |
| hostname | panel.kalygenesis.xyz | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-21 | |
| hostname | gl1g7tts-5500.euw.devtunnels.ms | ThreatFox: Agent Tesla - payload_delivery | 2026-01-21 | |
| URL | https://mebelinki.ru/xamster.html | ThreatFox: Unknown malware - payload_delivery | 2026-01-21 | |
| URL | https://kinugort.ru/xhamster.html | ThreatFox: Unknown malware - payload_delivery | 2026-01-21 | |
| URL | https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare | ThreatFox: ClearFake - payload_delivery | 2026-01-21 | |
| hostname | atlretf7m.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-21 | |
| URL | http://172.86.66.132 | ThreatFox: Stealc - botnet_cc | 2026-01-21 | |
| URL | http://159.198.75.187 | ThreatFox: Stealc - botnet_cc | 2026-01-21 | |
| hostname | us-neuroquiet.co.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| hostname | losespadadz.myftp.biz | ThreatFox: XWorm - botnet_cc | 2026-01-21 | |
| URL | http://astrologickeconoablos.cc:8080/updater?for=E0CD6A53D52A08539A9787E388FF1D3B | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | tosifu.jp.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| hostname | nuestraboda.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| hostname | dc2.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| hostname | chl.ru.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| URL | https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11 | ThreatFox: ClearFake - payload_delivery | 2026-01-21 | |
| URL | http://thesavvyplayer.com/images/view.php | ThreatFox: Pony - botnet_cc | 2026-01-21 | |
| hostname | 1.ooocyber.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | 2.ooocyber.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | 3.ooocyber.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| domain | cdn-css-framework.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | cpass.verf-secu4u.art | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| domain | js-framework.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| domain | cdn-js-connection.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | update211.security-ssa-gov.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| domain | winiks.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://cdn-js-connection.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://cpass.verf-secu4u.art/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://js-framework.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://update211.security-ssa-gov.com/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://winiks.com/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://cdn-css-framework.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://cpass.verf-secu4u.art/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://js-framework.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://1.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://2.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://3.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://cdn-css-framework.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://1.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://2.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | http://3.ooocyber.cfd/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-rt-net-sync-exp/v65-sd45-asd102 | ThreatFox: ClearFake - payload_delivery | 2026-01-21 | |
| URL | https://31.13.208.13/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://144.31.14.196/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://89.110.75.193/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://45.8.93.242/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| URL | https://64.188.66.221/admin/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-21 | |
| hostname | otraprueba.ddnsfree.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-21 | |
| hostname | wsergoijnrjewgewr.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| hostname | boats.kaisenc2.online | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| domain | cooldockmantoo.men | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| hostname | prime6.idmkt.info | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| domain | dsfasdfasdfasd.online | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| domain | oosdfewugsd.online | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| domain | rrsadtfusdf.online | ThreatFox: Mirai - botnet_cc | 2026-01-21 | |
| hostname | shzkagxdv.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-21 | |
| hostname | 0p7wfcoia.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-21 | |
| hostname | gtour26.myftp.org | ThreatFox: Quasar RAT - botnet_cc | 2026-01-21 | |
| hostname | adobecreativecloud.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-21 | |
| hostname | edition-pulled.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-21 | |
| domain | wilknnson.com | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| URL | https://wilknnson.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| URL | https://touchkasablanka.com/api/public-server.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | https://touchkasablanka.com/api/api-module.php | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | https://touchkasablanka.com/api/handler-service.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | http://79.141.162.189/web | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | https://minaretish.com/web | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | https://79.141.162.189/socket | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| hostname | dl.zeekitchenandbathdesign.com | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-21 | |
| URL | https://operiteons.com/api/api-module.php | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| domain | operiteons.com | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| URL | https://operiteons.com/api/handler-service.js | ThreatFox: NetSupportManager RAT - payload_delivery | 2026-01-21 | |
| hostname | static.urgaacoffeeroastery.com | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-21 | |
| URL | https://wilknnson.com/6j6s.js | ThreatFox: KongTuke - payload_delivery | 2026-01-21 | |
| domain | filipsesperanto.com | ThreatFox: DeerStealer - botnet_cc | 2026-01-21 | |
| domain | seramyuthrenodycollect.com | ThreatFox: DeerStealer - botnet_cc | 2026-01-21 | |
| URL | https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/net-pred-rollback-testbed/scene9-strm3-16 | ThreatFox: ClearFake - payload_delivery | 2026-01-21 | |
| URL | http://103.101.85.56/a9a8e5e72d1378b6.php | ThreatFox: Stealc - botnet_cc | 2026-01-21 | |
| URL | http://103.101.85.56 | ThreatFox: Stealc - botnet_cc | 2026-01-21 | |
| hostname | d2d.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| hostname | severo.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| hostname | zak.agfoodpos.com | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| hostname | sixoro.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| hostname | fettorer.mobilefoundationrepair.com | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://116.202.184.153/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://77.42.49.39/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://193.221.201.197/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://49.13.37.244/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://77.42.49.40/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://zak.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://sixoro.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://d2d.agfoodpos.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://severo.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://78.47.103.17/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| URL | https://fettorer.mobilefoundationrepair.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-21 | |
| hostname | costactspreadinf.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-21 |