← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-25 - Meterpreter/AsyncRAT/Unknown malware
WHITE pduggusa 2026-01-25 Modified: 2026-02-24
87
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(94), AsyncRAT(64), Unknown malware(48), Quasar RAT(39), ValleyRAT(18). Source: abuse.ch ThreatFox API. SSL enriched: 33 IPs with HTTPS, 12 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedmeterpreterasyncratunknown-malwarec2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Meterpreter AsyncRAT Unknown malware Quasar RAT ValleyRAT
Indicators of Compromise (87)
All domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
domain vf6cttllpzkiklvpmvj5ihtnqb4e4v3ki6oizt3vhifd3q7pg6oz36qd.onion ThreatFox: BitRAT - botnet_cc 2026-01-25
hostname jefafe2169-35904.portmap.host ThreatFox: Quasar RAT - botnet_cc 2026-01-25
URL http://gardenhub-fitlife3.com ThreatFox: Amadey - botnet_cc 2026-01-25
URL http://gardenhub-fitlife2.com ThreatFox: Amadey - botnet_cc 2026-01-25
URL http://moviecentral-petparade3.com ThreatFox: Amadey - botnet_cc 2026-01-25
URL http://moviecentral-petparade2.com ThreatFox: Amadey - botnet_cc 2026-01-25
domain canadaamournoixthrum.com ThreatFox: DeerStealer - botnet_cc 2026-01-25
domain marrueye.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
URL https://marrueye.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
URL http://45.87.43.148:443/visit.js ThreatFox: Cobalt Strike - botnet_cc 2026-01-25
URL http://45.87.43.148:443/UuHK ThreatFox: Cobalt Strike - botnet_cc 2026-01-25
URL https://mail.smartbowls.co.za/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.qbb.nmi.mybluehost.me/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.mo-ag.co.uk/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.hostwala.in/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.domonova.co.ao/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.panorama-g.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.optimumfl.org/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://meimeilab.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://pulsebeatrecords.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mail.talkagency.com.br/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://sitepapelaria.edsure.com.br/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://san-antonio.concretestampingandstaining.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://surecomforts.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://v1.estismail.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://uggtrade.ru/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://visuapex.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://treat.kusherp.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://wurk.africa/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://vellenso.ru/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://visitbundala.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://evolvedesign.co.za/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://bo.cerisecosmetique.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://partner.naturigin.hu/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://concretestampingandstaining.brandonwyatt.website/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://mrsillucia.de/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://www.release-notes.us/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://pauloeduardodemelo1744295722000.kbral.com.br/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://yalta.logomebel.ru/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://translator.isotoop.be/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://yvngvualr.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://seminariodiocesedejanauba.com.br.agenciadelivearte.com.br/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://senioryuyu.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL http://212.135.38.87/ssh.sh ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://velikieluki.logomebel.ru/ ThreatFox: Unknown malware - payload_delivery 2026-01-25
URL https://unchewq.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
URL http://45.156.87.65 ThreatFox: Stealc - botnet_cc 2026-01-25
domain goaenergy.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-25
URL https://ultra4ktool.com ThreatFox: Stealc - botnet_cc 2026-01-25
hostname 57c42474b0ea.ofalias.net ThreatFox: Quasar RAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:4782 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:2096 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:2087 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:2083 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:2053 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:8888 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:80 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:8080 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:443 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
URL https://www.agitex.africa.com/:8848 ThreatFox: AsyncRAT - botnet_cc 2026-01-25
hostname garellla-30563.portmap.host ThreatFox: XWorm - botnet_cc 2026-01-25
URL http://178.16.54.140/4c716ef724024c23.php ThreatFox: Stealc - botnet_cc 2026-01-25
URL https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at ThreatFox: ClearFake - payload_delivery 2026-01-25
URL http://ldark.nm.ru/ind ThreatFox: Berbew - botnet_cc 2026-01-25
URL http://devx.nm.ru/inde ThreatFox: Berbew - botnet_cc 2026-01-25
hostname enemy1.no-ip.info ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname genetichax.no-ip.biz ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname kc15.no-ip.info ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname poisonivy1.no-ip.org ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname tcp-free.tunnel4.com ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname nicedudesmoke.ddns.net ThreatFox: DarkComet - botnet_cc 2026-01-25
URL https://streamable.com/xf0twu ThreatFox: DarkComet - botnet_cc 2026-01-25
hostname botnet.nigassculo23.shop ThreatFox: Mirai - botnet_cc 2026-01-25
hostname sumrak2026.duckdns.org ThreatFox: Mirai - botnet_cc 2026-01-25
hostname realityv3.redirectme.net ThreatFox: Mirai - botnet_cc 2026-01-25
domain dmss888.com ThreatFox: ValleyRAT - botnet_cc 2026-01-25
hostname nb-1.muhanfrp.cn ThreatFox: ValleyRAT - botnet_cc 2026-01-25
domain 7323.pw ThreatFox: ValleyRAT - botnet_cc 2026-01-25
hostname aguang.yuxuanow.com ThreatFox: ValleyRAT - botnet_cc 2026-01-25
hostname zz-1.muhanfrp.cn ThreatFox: ValleyRAT - botnet_cc 2026-01-25
domain apostrwz.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
domain absoluod.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
domain haeccee.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
domain vesicak.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-25
domain glider.cfd ThreatFox: Aura Stealer - botnet_cc 2026-01-25
hostname agitex.africa.com ThreatFox: AsyncRAT - botnet_cc 2026-01-25
domain yandishuangshang6789.com ThreatFox: ValleyRAT - botnet_cc 2026-01-25
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch