← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-30 - Unknown Stealer/Unknown malware/IClickFix
WHITE pduggusa 2026-01-30 Modified: 2026-03-01
155
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(65), Unknown malware(46), IClickFix(46), Lumma Stealer(28), Cobalt Strike(18). Source: abuse.ch ThreatFox API. SSL enriched: 23 IPs with HTTPS, 13 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedunknown-stealerunknown-malwareiclickfixc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Unknown Stealer Unknown malware IClickFix Lumma Stealer Cobalt Strike
Indicators of Compromise (20 / 155 total)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://91.92.243.87:443/login/yluPi4iQ+gbMi4qb/DSlEbZ1vJ7zTJi2/udu ThreatFox: Eye Pyramid - payload_delivery 2026-01-30
URL http://54.38.94.225:8883/ ThreatFox: Eye Pyramid - payload_delivery 2026-01-30
URL http://cloud.uniprolaptimer.com:5042/ ThreatFox: Eye Pyramid - payload_delivery 2026-01-30
URL http://albionpirates.pro:444/login/3keXipGb5Rr+gpGO9CjsSfdz+of5 ThreatFox: Eye Pyramid - payload_delivery 2026-01-30
URL https://cpajoliette.com/meta.google.com ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/settings-controller.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/settings-core.php ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://utahindelevere.top/redirect/auth-fetch.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL http://98.142.251.59/name ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://irforgoten.com/name ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://98.142.251.59/method ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL http://8.217.97.238:8888/supershell/login/ ThreatFox: Unknown malware - botnet_cc 2026-01-30
URL https://tannypro.com/5l8k.js ThreatFox: KongTuke - payload_delivery 2026-01-30
URL https://tannypro.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-30
URL https://www.ski-snowboardvancouver.ca/d.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://innstantily.top/redirect/settings-controller.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://innstantily.top/redirect/settings-core.php ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://innstantily.top/redirect/auth-fetch.js ThreatFox: SmartApeSG - payload_delivery 2026-01-30
URL https://captolls.com/ ThreatFox: Unknown malware - payload_delivery 2026-01-30
URL http://5.175.192.109/login ThreatFox: Unknown malware - botnet_cc 2026-01-30
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch