← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-31 - Unknown malware/AsyncRAT/Meterpreter
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(30), AsyncRAT(29), Meterpreter(18), Quasar RAT(12), Lumma Stealer(11). Source: abuse.ch ThreatFox API. SSL enriched: 20 IPs with HTTPS, 9 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | transfernow.website | ThreatFox: Havoc - botnet_cc | 2026-01-31 | |
| domain | diffusn.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| URL | https://16.58.157.121/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-31 | |
| URL | http://89.223.95.104:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-31 | |
| domain | offdutd.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | tragedj.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| hostname | zd4fai56.plancortex.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | kglzwkqk.plancortex.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | yoenacevedo7-42593.portmap.host | ThreatFox: Orcus RAT - botnet_cc | 2026-01-31 | |
| domain | d0ngz.icu | ThreatFox: ValleyRAT - botnet_cc | 2026-01-31 | |
| hostname | yoenacevedo7-52605.portmap.host | ThreatFox: NjRAT - botnet_cc | 2026-01-31 | |
| hostname | yoenacevedo7-62402.portmap.host | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| URL | http://104.238.177.164/03ec61a401e346be.php | ThreatFox: Stealc - botnet_cc | 2026-01-31 | |
| domain | derzkifrost-990.sbs | ThreatFox: MaskGramStealer - botnet_cc | 2026-01-31 | |
| hostname | 3uk9rba1.nexorhino.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | 08tk02ji.nexorhino.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| URL | http://77.110.103.209/api/logs | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| URL | https://adm-toolkit.live/api/logs | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| URL | http://77.110.103.209:3000/api/logs | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| URL | http://77.110.103.209:3000/api/hvnc/heartbeat | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| domain | foodservicer.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| URL | https://cdn.jsdelivr.net/gh/www1day7/msdn/flag | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| domain | adm-toolkit.live | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-31 | |
| hostname | chimdikeiheanyichukwu.ydns.eu | ThreatFox: Unknown malware - botnet_cc | 2026-01-31 | |
| domain | scirpvu.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | garnevf.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | elmtrce.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | liliiqo.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | shorted.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | yelloww.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | gaphmxpa.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| domain | telephoned.su | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-31 | |
| hostname | files.sandtagency.org | ThreatFox: FAKEUPDATES - botnet_cc | 2026-01-31 | |
| URL | http://hsk-new.com/XdFWQSP/login.php | ThreatFox: DarkCloud Stealer - botnet_cc | 2026-01-31 | |
| hostname | kapadocia.duckdns.org | ThreatFox: Mirai - botnet_cc | 2026-01-31 | |
| URL | https://45.93.20.141/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-31 | |
| URL | http://23.94.61.153:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-31 | |
| URL | http://45.88.91.156/pages/login.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/sd2.ps1 | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | http://94.247.42.253/index.php | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | http://94.247.42.253/pilot.php | ThreatFox: Koi Loader - botnet_cc | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/hemigastrectomySDur.php | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/bivalviaGrr.php | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/transhumanDAxj.exe | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/nephralgiaMsy.ps1 | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| URL | https://casettalecese.it/wp-content/uploads/2022/10/boomier10qD0.php | ThreatFox: Koi Loader - payload_delivery | 2026-01-31 | |
| hostname | yoenacevedo7-64431.portmap.host | ThreatFox: Orcus RAT - botnet_cc | 2026-01-31 | |
| URL | http://138.226.237.76 | ThreatFox: Stealc - botnet_cc | 2026-01-31 | |
| hostname | r7j-44928.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-31 | |
| URL | http://104.238.177.164 | ThreatFox: Stealc - botnet_cc | 2026-01-31 | |
| hostname | uxcpym.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| domain | romaniaprotv.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | nbwkmp.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | mfncnp.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | kzkxza.sa.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | dskzwf.za.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| URL | https://cdn.jsdelivr.net/gh/www1day7/msdn/das3 | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | img1.huorongsec.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-31 | |
| URL | https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/nm12 | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| domain | hsk-new.com | ThreatFox: DarkCloud Stealer - botnet_cc | 2026-01-31 | |
| hostname | tg.nm48.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-31 | |
| URL | http://45.151.91.164/10673afc1ae745f5.php | ThreatFox: Stealc - botnet_cc | 2026-01-31 | |
| hostname | dhjfgt4rzuu6tfdo85wfjj.followz.st | ThreatFox: Mirai - botnet_cc | 2026-01-31 | |
| URL | http://167.86.95.233/af45b4032b6d7f1f.php | ThreatFox: Stealc - botnet_cc | 2026-01-31 | |
| hostname | wickerwear.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | taihitclub.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | sunwin8.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | piscina.mex.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | piedra.mex.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | hitclubs.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | hitclubapk.it.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | fastloanapproval.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | e4gdb4pt.velostager.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | 49lwbineu.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-31 | |
| hostname | r2rr3y5p.velostager.digital | ThreatFox: ClearFake - payload_delivery | 2026-01-31 | |
| hostname | for1se-43493.portmap.host | ThreatFox: NjRAT - botnet_cc | 2026-01-31 | |
| domain | optrn.com | ThreatFox: XWorm - botnet_cc | 2026-01-31 | |
| hostname | wgo.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | suonerie.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | sunwinapp.us.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | penzance.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | mux.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | laufschuhe.de.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | hitclub88.eu.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-31 | |
| hostname | leteandco.de.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| hostname | iwv.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| hostname | go88vip.cn.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| hostname | fkt.us.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| hostname | firstblood.uk.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| hostname | bioplastics.us.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| domain | u888-co.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-31 | |
| domain | rickscribner.com | ThreatFox: KongTuke - payload_delivery | 2026-01-31 | |
| URL | https://rickscribner.com/5j9k.js | ThreatFox: KongTuke - payload_delivery | 2026-01-31 | |
| URL | https://rickscribner.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-31 |