← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-30 - Vidar/Unknown malware/ClearFake
Automated OSINT sweep from ThreatFox. Top malware: Vidar(24), Unknown malware(23), ClearFake(20), Cobalt Strike(15), Lumma Stealer(15). Source: abuse.ch ThreatFox API. SSL enriched: 32 IPs with HTTPS, 18 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/gf22 | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | http://5.175.192.109/login | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| hostname | accounts.booking.ciberseguridad-eia.xyz | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| domain | fandmc.cn | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | oxygen.fandmc.cn | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | docs.fandmc.cn | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | status.fandmc.cn | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| URL | https://captolls.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-30 | |
| domain | vitoboy.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-30 | |
| URL | http://45.93.20.205/ce11694fbb78411c.php | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| domain | captolls.com | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/auth-fetch.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/settings-core.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| domain | innstantily.top | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/settings-controller.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| hostname | www.ski-snowboardvancouver.ca | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://www.ski-snowboardvancouver.ca/d.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | http://45.93.20.205 | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| URL | http://158.94.211.84 | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| URL | https://aliengp.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | mini-zmoto.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | arsenmarkaruyn.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | cotlesgengeral.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| hostname | hqej69yf.v0xenharvest.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| hostname | wydannc6.v0xenharvest.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | bargeshipping.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | gosemobi.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | njtankservices.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | laderbaj.net | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| URL | https://stobminipinporl.com/api/bot/heartbeat | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| URL | http://evervisionicd.com/xquat/fre.php | ThreatFox: Loki Password Stealer (PWS) - botnet_cc | 2026-01-30 | |
| domain | stobminipinporl.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| hostname | www.355bet.com.br | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | rentals-hidden.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| hostname | trabahando.theworkpc.com | ThreatFox: Mirai - botnet_cc | 2026-01-30 | |
| hostname | octazo.gb.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | fb888.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | communications.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| domain | hobefork.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | clearwaterfishingcompany.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | taxnearme.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | kd62.casino | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 | |
| domain | 337788bet.site | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 | |
| domain | handsonatwork.co.uk | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | cansti.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| domain | foamfasfkkfkfkfa.com | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | ofofoalalaladjrkrka.com | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://tannypro.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| domain | tannypro.com | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| URL | https://tannypro.com/5l8k.js | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/st85 | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | tdrdomainnew.com | ThreatFox: CastleRAT - botnet_cc | 2026-01-30 | |
| URL | http://8.217.97.238:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| domain | unmindv.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | genussy.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | studfdu.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | aliengp.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | vetchir.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | menopjc.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | stathas.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | odovakmc.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | mummifjn.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | offseti.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | interrg.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| URL | https://interrg.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| URL | https://stathas.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| URL | https://menopjc.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| hostname | sni.ptbaconsulting.com | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-30 | |
| URL | https://98.142.251.59/method | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://irforgoten.com/name | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | http://98.142.251.59/name | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/auth-fetch.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/settings-core.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| domain | utahindelevere.top | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/settings-controller.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://cpajoliette.com/meta.google.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| hostname | vyy.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 | |
| hostname | nog.jp.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 | |
| hostname | license.eu.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 | |
| hostname | luvxcide.duckdns.org | ThreatFox: Nanocore RAT - botnet_cc | 2026-01-30 | |
| hostname | dohinukss.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-30 | |
| hostname | boosterman22q1-33740.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| hostname | hebasix.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| hostname | boosterman22q1-42479.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| hostname | egornigga-61525.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/zr0 | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/das | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | rousedonkibure.us | ThreatFox: Havoc - botnet_cc | 2026-01-30 | |
| hostname | evil.azuretest.fr | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| URL | http://cb042722.tw1.ru/b4e69250.php | ThreatFox: DCRat - botnet_cc | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/tor | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/hex | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/bra | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | kakapupuneww.com | ThreatFox: CastleRAT - botnet_cc | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/zec | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | midlandaudio.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/var | ThreatFox: ClearFake - payload_delivery | 2026-01-30 |