← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-30 - Unknown Stealer/Unknown malware/Cobalt Strike
Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(62), Unknown malware(44), Cobalt Strike(18), ClearFake(17), Lumma Stealer(15). Source: abuse.ch ThreatFox API. SSL enriched: 27 IPs with HTTPS, 12 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | safetransfer4.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | sharemacrelay.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | syncport20.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | ultradatahost3.cfd | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfilex.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maciclouddock.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maclinkbox.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macprivateicloud.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macpush.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macsendcloud.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macsyncsend.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | mymacguides.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | primeshare33.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | quicksend0.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | safemacguard.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudarchive.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macclouddesk.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macclouddock.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudfiles.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudglide.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudjet.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudx.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | maccloudzip.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macdropnow.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfiledesk.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfilelinkdrop.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfilesafesend.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfilesharehub.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macfilesi.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacfilesafe.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacfolder.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacinstall.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacloop.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacsimplesend.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacturbosend.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imaczip.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | mac-file.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | mac-magnus.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | mac-tours.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macabooart.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macauway.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | macbackuppro.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | classicmacfiles.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | cloudgate29.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | dropport49.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | fileshadowtransfer87.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | icloudmacs.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | icloudmacsend.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| domain | imacdrivedock.com | ThreatFox: Unknown Stealer - payload_delivery | 2026-01-30 | |
| hostname | new-endpoints.byteconnect.io | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| URL | https://cpajoliette.com/meta.google.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/settings-controller.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| domain | utahindelevere.top | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/settings-core.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://utahindelevere.top/redirect/auth-fetch.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | http://98.142.251.59/name | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://irforgoten.com/name | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://98.142.251.59/method | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| hostname | sni.ptbaconsulting.com | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-30 | |
| URL | http://8.217.97.238:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| URL | https://tannypro.com/5l8k.js | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| domain | tannypro.com | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| URL | https://tannypro.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-30 | |
| hostname | trabahando.theworkpc.com | ThreatFox: Mirai - botnet_cc | 2026-01-30 | |
| URL | https://www.ski-snowboardvancouver.ca/d.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| hostname | www.ski-snowboardvancouver.ca | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/settings-controller.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| domain | innstantily.top | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/settings-core.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://innstantily.top/redirect/auth-fetch.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-30 | |
| URL | https://captolls.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-30 | |
| URL | http://5.175.192.109/login | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/dav | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | https://cdn.jsdelivr.net/gh/web3call/ws014/gf22 | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| hostname | accounts.booking.ciberseguridad-eia.xyz | ThreatFox: Unknown malware - botnet_cc | 2026-01-30 | |
| domain | vitoboy.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-30 | |
| URL | http://45.93.20.205/ce11694fbb78411c.php | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| domain | captolls.com | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| URL | http://45.93.20.205 | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| URL | http://158.94.211.84 | ThreatFox: Stealc - botnet_cc | 2026-01-30 | |
| URL | https://aliengp.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-30 | |
| domain | mini-zmoto.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | arsenmarkaruyn.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | cotlesgengeral.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| hostname | hqej69yf.v0xenharvest.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| hostname | wydannc6.v0xenharvest.ru | ThreatFox: ClearFake - payload_delivery | 2026-01-30 | |
| domain | bargeshipping.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | gosemobi.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | njtankservices.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | laderbaj.net | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| URL | https://stobminipinporl.com/api/bot/heartbeat | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| URL | http://evervisionicd.com/xquat/fre.php | ThreatFox: Loki Password Stealer (PWS) - botnet_cc | 2026-01-30 | |
| domain | stobminipinporl.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| hostname | www.355bet.com.br | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | rentals-hidden.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-30 | |
| hostname | octazo.gb.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | fb888.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| hostname | communications.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-30 | |
| domain | hobefork.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | clearwaterfishingcompany.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | taxnearme.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-30 | |
| domain | kd62.casino | ThreatFox: Quasar RAT - botnet_cc | 2026-01-30 |