← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-31 - Unknown malware/Unknown Stealer/IClickFix
WHITE pduggusa 2026-01-31 Modified: 2026-03-02
110
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(59), Unknown Stealer(59), IClickFix(46), AsyncRAT(23), Cobalt Strike(17). Source: abuse.ch ThreatFox API. SSL enriched: 26 IPs with HTTPS, 13 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedunknown-malwareunknown-stealericlickfixc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Unknown malware Unknown Stealer IClickFix AsyncRAT Cobalt Strike
Indicators of Compromise (110)
All hostname URL domain
TYPEINDICATORDESCRIPTIONCREATED
hostname img1.huorongsec.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-31
URL https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/nm12 ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname kapadocia.duckdns.org ThreatFox: Mirai - botnet_cc 2026-01-31
URL http://hsk-new.com/XdFWQSP/login.php ThreatFox: DarkCloud Stealer - botnet_cc 2026-01-31
domain hsk-new.com ThreatFox: DarkCloud Stealer - botnet_cc 2026-01-31
hostname tg.nm48.com ThreatFox: ValleyRAT - botnet_cc 2026-01-31
URL http://45.151.91.164/10673afc1ae745f5.php ThreatFox: Stealc - botnet_cc 2026-01-31
hostname dhjfgt4rzuu6tfdo85wfjj.followz.st ThreatFox: Mirai - botnet_cc 2026-01-31
URL http://167.86.95.233/af45b4032b6d7f1f.php ThreatFox: Stealc - botnet_cc 2026-01-31
hostname wickerwear.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname taihitclub.it.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname sunwin8.it.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname piscina.mex.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname piedra.mex.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname hitclubs.it.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname hitclubapk.it.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname fastloanapproval.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname files.sandtagency.org ThreatFox: FAKEUPDATES - botnet_cc 2026-01-31
hostname e4gdb4pt.velostager.digital ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname 49lwbineu.localto.net ThreatFox: SpyNote - botnet_cc 2026-01-31
hostname r2rr3y5p.velostager.digital ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname for1se-43493.portmap.host ThreatFox: NjRAT - botnet_cc 2026-01-31
domain optrn.com ThreatFox: XWorm - botnet_cc 2026-01-31
hostname wgo.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname suonerie.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname sunwinapp.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname penzance.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname mux.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname laufschuhe.de.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname hitclub88.eu.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname leteandco.de.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname iwv.uk.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname go88vip.cn.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname fkt.us.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname firstblood.uk.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname bioplastics.us.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
domain u888-co.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
URL https://u888-co.com/no-hu/ ThreatFox: Quasar RAT - botnet_cc 2026-01-31
domain rickscribner.com ThreatFox: KongTuke - payload_delivery 2026-01-31
URL https://rickscribner.com/5j9k.js ThreatFox: KongTuke - payload_delivery 2026-01-31
URL https://rickscribner.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-31
hostname com.airportsock.xyz ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
domain robincompany.xyz ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
hostname cpanel.mvsea-usa.com ThreatFox: FAKEUPDATES - botnet_cc 2026-01-31
URL https://goldenring.live/pages/login.html ThreatFox: Unknown malware - botnet_cc 2026-01-31
domain microsoftpoller20.com ThreatFox: Unknown malware - botnet_cc 2026-01-31
URL http://microsoftpoller20.com/gt.php ThreatFox: Unknown malware - botnet_cc 2026-01-31
domain vetscommunityconnections.org ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname dgstore24.ru.com ThreatFox: Quasar RAT - botnet_cc 2026-01-31
hostname xx4z5ilx.agingfrugally.digital ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname 88unxy7x.agingfrugally.digital ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname zhidao.cn.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
domain smartroots.in.net ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname buyonlinepar.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-31
hostname www.zyedu.sbs ThreatFox: Cobalt Strike - botnet_cc 2026-01-31
URL https://jenmartini.com/6b7n.js ThreatFox: KongTuke - payload_delivery 2026-01-31
domain jenmartini.com ThreatFox: KongTuke - payload_delivery 2026-01-31
URL https://jenmartini.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-31
URL http://cloud.uniprolaptimer.com:5042/ ThreatFox: Eye Pyramid - payload_delivery 2026-01-31
URL http://albionpirates.pro:444/login/3keXipGb5Rr+gpGO9CjsSfdz+of5 ThreatFox: Eye Pyramid - payload_delivery 2026-01-31
URL http://91.92.243.87:443/login/yluPi4iQ+gbMi4qb/DSlEbZ1vJ7zTJi2/udu ThreatFox: Eye Pyramid - payload_delivery 2026-01-31
URL http://54.38.94.225:8883/ ThreatFox: Eye Pyramid - payload_delivery 2026-01-31
domain goldenring.live ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
URL https://goldenring.live/api/logs/check ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
hostname kkx90jas.v0xenharvest.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname 8p3sykdy.v0xenharvest.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname iiak3udi.graptagreeve.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname syfs0mz4.graptagreeve.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname same8239-32253.portmap.host ThreatFox: Quasar RAT - botnet_cc 2026-01-31
URL https://cdn.jsdelivr.net/gh/www1day7/msdn/ltc ThreatFox: ClearFake - payload_delivery 2026-01-31
domain playavalon.org ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
domain socifiapp.com ThreatFox: Unknown Stealer - botnet_cc 2026-01-31
domain wilsoni.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain exchank.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain lineduz.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain catabar.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain backsan.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain amerimq.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain miserzb.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain transdx.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain sanicue.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain snakezl.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain depthbx.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain condelx.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
domain botanyh.cyou ThreatFox: Lumma Stealer - botnet_cc 2026-01-31
hostname ieuxq29f.phyretools.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
hostname mvd0hzob.phyretools.ru ThreatFox: ClearFake - payload_delivery 2026-01-31
domain mymacanswers.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-31
domain imacguide.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-31
domain mac-backup.com ThreatFox: Unknown Stealer - payload_delivery 2026-01-31
domain ultradatahost2.cfd ThreatFox: Unknown Stealer - payload_delivery 2026-01-31
hostname atro.wraithbot.net ThreatFox: Unknown malware - botnet_cc 2026-01-31
domain notmauserfizko.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain fnotusykakimao.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain otpnemoyjfh.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain pisikakimmmad.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain makimakiokina.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain atmospheredast.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain newgenlosehops.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain lastmychancetoss.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain losiposithankyou.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain nightlomsknies.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain notlimbobimboa.com ThreatFox: NetSupportManager RAT - botnet_cc 2026-01-31
domain kalkgmbzfghq.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain undermymindops.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain bestiamos.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain bestieslos.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain ldasldalsd.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain foflfalflafl.com ThreatFox: IClickFix - botnet_cc 2026-01-31
domain ototaikfffkf.com ThreatFox: IClickFix - botnet_cc 2026-01-31
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch