← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-27 - Meterpreter/Vidar/Unknown malware
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(68), Vidar(58), Unknown malware(32), Cobalt Strike(30), AsyncRAT(15). Source: abuse.ch ThreatFox API. SSL enriched: 41 IPs with HTTPS, 21 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://138.226.237.6 | ThreatFox: Stealc - botnet_cc | 2026-01-27 | |
| hostname | winterfall102.ddns.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| hostname | million-acc.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| hostname | niggerinmybuthole-56571.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| domain | lionsmanetech.shop | ThreatFox: Stealc - botnet_cc | 2026-01-27 | |
| URL | https://18.216.144.67/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-27 | |
| hostname | www.officedirectorqsecondbackup.com | ThreatFox: Remcos - botnet_cc | 2026-01-27 | |
| hostname | www.officedirectorqbackup.com | ThreatFox: Remcos - botnet_cc | 2026-01-27 | |
| hostname | www.officedirectorq.com | ThreatFox: Remcos - botnet_cc | 2026-01-27 | |
| URL | http://lionsmanetech.shop/1f66bbb8fea047c0.php | ThreatFox: Stealc - botnet_cc | 2026-01-27 | |
| hostname | www.lootlify.ch | ThreatFox: Havoc - botnet_cc | 2026-01-27 | |
| hostname | humanmeat.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| domain | gotour.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| URL | https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/4635461563546876 | ThreatFox: ClearFake - payload_delivery | 2026-01-27 | |
| domain | sporttip-partner.ch | ThreatFox: Havoc - botnet_cc | 2026-01-27 | |
| hostname | se-2.ironhide.su | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| hostname | chat-stg.smartdocapp.com | ThreatFox: Nimplant - botnet_cc | 2026-01-27 | |
| hostname | api.qjweb.xyz | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-27 | |
| URL | http://ingov.myartsonline.com/login9875.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| URL | https://modaaura.store/image.jpg | ThreatFox: Unknown malware - payload_delivery | 2026-01-27 | |
| domain | modaaura.store | ThreatFox: Unknown malware - payload_delivery | 2026-01-27 | |
| hostname | guce.onetime-authentication.cruiserscrib.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| domain | cyberperficient.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-27 | |
| domain | zx888.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| domain | theheavenofjoy.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| domain | sufa.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| hostname | 777x.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| domain | 777x.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| URL | http://138.226.236.67 | ThreatFox: Stealc - botnet_cc | 2026-01-27 | |
| hostname | eu-central-7075.packetriot.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | 2av9bxno.sn1pglacier.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-27 | |
| hostname | j1820wh3.sn1pglacier.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-27 | |
| hostname | cool-hose.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| hostname | h-j.jp.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-27 | |
| hostname | wri.uk.com | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| hostname | cloudshape.us.com | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| domain | 58winvina.com | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| hostname | 1hitclub.eu.com | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| hostname | xxx.caoxxip.top | ThreatFox: Mirai - botnet_cc | 2026-01-27 | |
| domain | thitandaeru.top | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| hostname | onetime-authentication.cruiserscrib.com | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| hostname | dno.cdcmn.edu.bd | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| hostname | dno.lidiia.com.ua | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| URL | https://dno.cdcmn.edu.bd/ | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| URL | https://dno.lidiia.com.ua/ | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| URL | http://151.242.20.14:7788/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| URL | https://heismanscholarship.com/j.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| domain | heismanscholarship.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| domain | miabiollen.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | https://miabiollen.com/middleware/settings-script.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | https://miabiollen.com/middleware/settings-controller.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | https://miabiollen.com/middleware/router-server.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | http://193.42.38.49/query | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | https://optoexist.com/query | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | https://193.42.38.49/mutate | ThreatFox: SmartApeSG - payload_delivery | 2026-01-27 | |
| URL | http://109.120.137.123/ | ThreatFox: SmokeLoader - botnet_cc | 2026-01-27 | |
| hostname | special.blainrealtor.net | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-27 | |
| URL | http://109.120.137.73/ | ThreatFox: SmokeLoader - botnet_cc | 2026-01-27 | |
| hostname | lmd.cdcmn.edu.bd | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| hostname | lmd.lidiia.com.ua | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| URL | https://lmd.cdcmn.edu.bd/ | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| URL | https://lmd.lidiia.com.ua/ | ThreatFox: Vidar - botnet_cc | 2026-01-27 | |
| hostname | hqnq.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| domain | 777x.us.org | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | 777x.uk.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | 777x.de.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | 777x.cn.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| URL | https://fluraresto.me/live/ | ThreatFox: Latrodectus - botnet_cc | 2026-01-27 | |
| URL | https://mastralakkot.live/live/ | ThreatFox: Latrodectus - botnet_cc | 2026-01-27 | |
| URL | http://109.120.137.75/ | ThreatFox: SmokeLoader - botnet_cc | 2026-01-27 | |
| URL | http://109.120.137.129/ | ThreatFox: SmokeLoader - botnet_cc | 2026-01-27 | |
| URL | https://trebblay.com/5h5h.js | ThreatFox: KongTuke - payload_delivery | 2026-01-27 | |
| domain | trebblay.com | ThreatFox: KongTuke - payload_delivery | 2026-01-27 | |
| URL | https://trebblay.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-27 | |
| URL | http://185.132.132.82 | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| URL | http://185.132.132.192 | ThreatFox: Unknown malware - botnet_cc | 2026-01-27 | |
| URL | http://109.120.137.78/ | ThreatFox: SmokeLoader - botnet_cc | 2026-01-27 | |
| hostname | xlge.sa.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | xjjvf.ru.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | ovinb.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-27 | |
| hostname | xxblessingsbreakthroughs.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-27 | |
| URL | https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/oven-s24ubprime | ThreatFox: ClearFake - payload_delivery | 2026-01-27 |
