← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-25 - Meterpreter/Unknown Stealer/AsyncRAT
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(100), Unknown Stealer(86), AsyncRAT(54), Quasar RAT(39), Stealc(31). Source: abuse.ch ThreatFox API. SSL enriched: 34 IPs with HTTPS, 16 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at | ThreatFox: ClearFake - payload_delivery | 2026-01-25 | |
| URL | http://ldark.nm.ru/ind | ThreatFox: Berbew - botnet_cc | 2026-01-25 | |
| URL | http://devx.nm.ru/inde | ThreatFox: Berbew - botnet_cc | 2026-01-25 | |
| hostname | enemy1.no-ip.info | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | genetichax.no-ip.biz | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | kc15.no-ip.info | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | poisonivy1.no-ip.org | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | tcp-free.tunnel4.com | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | nicedudesmoke.ddns.net | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| URL | https://streamable.com/xf0twu | ThreatFox: DarkComet - botnet_cc | 2026-01-25 | |
| hostname | botnet.nigassculo23.shop | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | sumrak2026.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | realityv3.redirectme.net | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| domain | dmss888.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| hostname | nb-1.muhanfrp.cn | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| domain | 7323.pw | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| hostname | aguang.yuxuanow.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| hostname | zz-1.muhanfrp.cn | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| domain | apostrwz.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-25 | |
| domain | absoluod.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-25 | |
| domain | haeccee.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-25 | |
| domain | vesicak.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-25 | |
| domain | glider.cfd | ThreatFox: Aura Stealer - botnet_cc | 2026-01-25 | |
| hostname | agitex.africa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| domain | yandishuangshang6789.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| domain | yandishuang1234.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-25 | |
| hostname | winoutin.mywire.org | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| URL | http://159.69.114.128/b5caa8f188054fc8.php | ThreatFox: Stealc - botnet_cc | 2026-01-25 | |
| URL | https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/net-19-77-21 | ThreatFox: ClearFake - payload_delivery | 2026-01-25 | |
| domain | officegrow.in.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | kotabansal.in.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | iop5.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | go88.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | wah.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | paperaeroplane.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | nnk.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | netdoctor.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | gxm.us.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | slotscatteremas.jp.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | tagbilarandiocese.mex.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | roblox.gr.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | iso.za.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | fastlovesolutions.in.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | duo.us.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au888.surf | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au88-au88.shop | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | uotahi.za.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | vn-au88.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | testseriesbymadhavi.in.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | mqdfpy.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | erogen.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au88vietnam.pro | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | consultrade.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| hostname | au88.it.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au88kitty.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au88-binb.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | au88-top.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-25 | |
| domain | return-network.icu | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| domain | bbos.homes | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | f6m8.chickenkiller.com | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | on81.crabdance.com | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | nkn7.mooo.com | ThreatFox: Mirai - botnet_cc | 2026-01-25 | |
| hostname | ubdecp.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| domain | playercodes.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | lxzzyb.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | gro.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| domain | ecom.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | dwuxon.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | rfk.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | lxbqgh.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | iqzomxh.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| domain | hailorachiy.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | 6247.cn.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| domain | skybridgeconstructions.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | vva.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | unl.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 | |
| hostname | technest.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-25 |