← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-30 - Vidar/Unknown malware/ClearFake
WHITE pduggusa 2026-01-30 Modified: 2026-03-01
97
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Vidar(24), Unknown malware(23), ClearFake(20), Cobalt Strike(15), AsyncRAT(15). Source: abuse.ch ThreatFox API. SSL enriched: 32 IPs with HTTPS, 18 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedvidarunknown-malwareclearfakec2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar Unknown malware ClearFake Cobalt Strike AsyncRAT
Indicators of Compromise (35 / 97 total)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://cdn.jsdelivr.net/gh/web3call/ws014/gf22 ThreatFox: ClearFake - payload_delivery 2026-01-30
URL http://5.175.192.109/login ThreatFox: Unknown malware - botnet_cc 2026-01-30
URL https://captolls.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-30
URL http://45.93.20.205/ce11694fbb78411c.php ThreatFox: Stealc - botnet_cc 2026-01-30
URL https://innstantily.top/redirect/auth-fetch.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://innstantily.top/redirect/settings-core.php ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://innstantily.top/redirect/settings-controller.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://www.ski-snowboardvancouver.ca/d.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL http://45.93.20.205 ThreatFox: Stealc - botnet_cc 2026-01-30
URL http://158.94.211.84 ThreatFox: Stealc - botnet_cc 2026-01-30
URL https://aliengp.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-30
URL https://stobminipinporl.com/api/bot/heartbeat ThreatFox: Unknown Stealer - botnet_cc 2026-01-30
URL http://evervisionicd.com/xquat/fre.php ThreatFox: Loki Password Stealer (PWS) - botnet_cc 2026-01-30
URL https://tannypro.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-30
URL https://tannypro.com/5l8k.js ThreatFox: KongTuke - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/st85 ThreatFox: ClearFake - payload_delivery 2026-01-30
URL http://8.217.97.238:8888/supershell/login/ ThreatFox: Unknown malware - botnet_cc 2026-01-30
URL https://interrg.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-30
URL https://stathas.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-30
URL https://menopjc.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-30
URL https://98.142.251.59/method ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://irforgoten.com/name ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL http://98.142.251.59/name ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/auth-fetch.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/settings-core.php ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/settings-controller.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://cpajoliette.com/meta.google.com ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/zr0 ThreatFox: ClearFake - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/das ThreatFox: ClearFake - payload_delivery 2026-01-30
URL http://cb042722.tw1.ru/b4e69250.php ThreatFox: DCRat - botnet_cc 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/tor ThreatFox: ClearFake - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/hex ThreatFox: ClearFake - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/bra ThreatFox: ClearFake - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/zec ThreatFox: ClearFake - payload_delivery 2026-01-30
URL https://cdn.jsdelivr.net/gh/web3call/ws014/var ThreatFox: ClearFake - payload_delivery 2026-01-30
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch