Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-30 - Unknown Stealer/Unknown malware/IClickFix

WHITE pduggusa 2026-01-30 Modified: 2026-03-01

134

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(61), Unknown malware(46), IClickFix(46), Cobalt Strike(18), ClearFake(16). Source: abuse.ch ThreatFox API. SSL enriched: 27 IPs with HTTPS, 12 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1105 T1059.001 T1055 T1027 T1189 T1204.002 T1566.002

MALWARE FAMILIES

Unknown Stealer Unknown malware IClickFix Cobalt Strike ClearFake

Indicators of Compromise (134)

All hostname domain URL

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	atro.wraithbot.net	ThreatFox: Unknown malware - botnet_cc	2026-01-30
domain	notmauserfizko.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	fnotusykakimao.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	otpnemoyjfh.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	pisikakimmmad.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	makimakiokina.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	atmospheredast.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	newgenlosehops.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	lastmychancetoss.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	losiposithankyou.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	nightlomsknies.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	notlimbobimboa.com	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	kalkgmbzfghq.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	undermymindops.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	bestiamos.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	bestieslos.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ldasldalsd.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	foflfalflafl.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ototaikfffkf.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	xxclglglglklgkxlc.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	zmzkdodudhdbdu.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	aksdaitkatktk.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dasdalksdkmasdas.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	kdkdaosdkalkdkdakd.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	caprofklfkzttripwith.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	kdfmmikfkafjikmfikfjhm.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	serviceverifcaptcho.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ototoqtklktzlk.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	pptpooalfkakktl.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	forfsakencoilddxga.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	overtimeforus.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	tripallmaljok.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	pqoqllalll.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ksdkgsdkgkgmgm.pro	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	fsdtiototoitweot.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	alsokdalsdkals.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ksaitkktkatfl.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	asdaotasktjastmnt.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	skldfjgsldkmfgsdfg.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	jdaklsjdklajsldkjd.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	fsdotiototakkaakkal.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ikfsdfksldkflsktoq.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ititoiaitoaitoiakkaka.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dasopdoaodoaoaoao.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	sdfikguoriqoir.cloud	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	sfadjfjfsjjsdjfoofof.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	mvjfkakfkfkaiai.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dkaksdaksortor.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dasktiitititit.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	ksfldfklskdmbxcvb.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	appasdmdamsdmasd.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	aasdtvcvchcvhhhhh.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dhdjisksnsbhssu.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	dlkgldkfngmlkdfnmg.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	daoodasdldldl.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	otoqsdfgvbvv.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	pototooqalal.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	doasootototota.com	ThreatFox: IClickFix - botnet_cc	2026-01-30
domain	lucifer.now	ThreatFox: NetSupportManager RAT - botnet_cc	2026-01-30
domain	soft4you.xyz	ThreatFox: Unknown Loader - botnet_cc	2026-01-30
domain	safetransfer4.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	sharemacrelay.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	syncport20.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	ultradatahost3.cfd	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfilex.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maciclouddock.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maclinkbox.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macprivateicloud.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macpush.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macsendcloud.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macsyncsend.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	mymacguides.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	primeshare33.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	quicksend0.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	safemacguard.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudarchive.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macclouddesk.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macclouddock.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudfiles.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudglide.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudjet.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudx.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	maccloudzip.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macdropnow.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfiledesk.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfilelinkdrop.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfilesafesend.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfilesharehub.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macfilesi.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacfilesafe.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacfolder.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacinstall.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacloop.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacsimplesend.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacturbosend.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imaczip.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	mac-file.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	mac-magnus.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	mac-tours.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macabooart.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macauway.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	macbackuppro.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	classicmacfiles.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	cloudgate29.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	dropport49.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	fileshadowtransfer87.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	icloudmacs.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	icloudmacsend.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
domain	imacdrivedock.com	ThreatFox: Unknown Stealer - payload_delivery	2026-01-30
hostname	new-endpoints.byteconnect.io	ThreatFox: Unknown malware - botnet_cc	2026-01-30
URL	https://cpajoliette.com/meta.google.com	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://utahindelevere.top/redirect/settings-controller.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
domain	utahindelevere.top	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://utahindelevere.top/redirect/settings-core.php	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://utahindelevere.top/redirect/auth-fetch.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	http://98.142.251.59/name	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://irforgoten.com/name	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://98.142.251.59/method	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
hostname	sni.ptbaconsulting.com	ThreatFox: FAKEUPDATES - botnet_cc	2026-01-30
URL	http://8.217.97.238:8888/supershell/login/	ThreatFox: Unknown malware - botnet_cc	2026-01-30
URL	https://tannypro.com/5l8k.js	ThreatFox: KongTuke - payload_delivery	2026-01-30
domain	tannypro.com	ThreatFox: KongTuke - payload_delivery	2026-01-30
URL	https://tannypro.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-30
hostname	trabahando.theworkpc.com	ThreatFox: Mirai - botnet_cc	2026-01-30
URL	https://www.ski-snowboardvancouver.ca/d.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
hostname	www.ski-snowboardvancouver.ca	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://innstantily.top/redirect/settings-controller.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
domain	innstantily.top	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://innstantily.top/redirect/settings-core.php	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://innstantily.top/redirect/auth-fetch.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-30
URL	https://captolls.com/	ThreatFox: Unknown malware - payload_delivery	2026-01-30
URL	http://5.175.192.109/login	ThreatFox: Unknown malware - botnet_cc	2026-01-30
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/dav	ThreatFox: ClearFake - payload_delivery	2026-01-30
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/gf22	ThreatFox: ClearFake - payload_delivery	2026-01-30

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch