Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Maltrail IOC for 2026-02-19

0
Medium
Malwaretlp:clearmalwaremisp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osintosint:lifetime="perpetual"osint:source-type="manual-collection"
Published: Thu Feb 19 2026 (02/19/2026, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: tlp
Product: clear

Description

This entry describes a Maltrail Indicator of Compromise (IOC) dated February 19, 2026, categorized as malware with a medium risk level. The information is sourced from the CIRCL OSINT feed and is labeled as an unsupervised, manual collection of network activity observations. No specific affected versions, exploits in the wild, or patches are noted, and no detailed technical indicators or vulnerabilities are provided. The threat is primarily an OSINT observation without concrete actionable details or known active exploitation. Given the lack of detailed technical data, the threat appears to be of medium severity, reflecting potential but unconfirmed risk. Organizations should remain vigilant for related network anomalies but no immediate critical action is mandated. The threat's global impact is uncertain due to the absence of affected products or sectors. Countries with significant use of network monitoring tools and high cyber threat exposure may be more attentive to such IOC feeds. Overall, this represents a medium-level malware-related network activity observation without direct exploit evidence.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 03/13/2026, 20:02:39 UTC

Technical Analysis

The provided information pertains to a Maltrail IOC dated February 19, 2026, sourced from the CIRCL OSINT feed. Maltrail is a network traffic detection system that identifies suspicious or malicious network activity by monitoring traffic and comparing it against known indicators of compromise. This IOC is classified as malware-related with a medium threat level but lacks detailed technical indicators such as specific malware signatures, affected software versions, or exploit mechanisms. The data is tagged as an unsupervised manual collection, indicating it was gathered through open-source intelligence methods rather than automated detection or confirmed incident response. No patches or mitigations are available, and no known exploits in the wild have been reported. The absence of CWE identifiers and technical details limits the ability to analyze the exact nature of the malware or its attack vectors. The IOC serves primarily as an alert or observation to network defenders to be aware of potential malicious network activity patterns detected by Maltrail systems. The timestamp and UUID provide tracking references but do not add technical context. Overall, this is an intelligence feed entry highlighting potential malware-related network activity without concrete exploit or vulnerability data.

Potential Impact

Given the lack of specific affected products, exploit details, or active attacks, the direct impact of this IOC is limited. However, it signals the presence or detection of suspicious network activity that could indicate malware infections or reconnaissance attempts within monitored networks. Organizations relying on network traffic analysis tools like Maltrail may use this IOC to enhance their detection capabilities and identify potential compromises early. The medium severity suggests a moderate risk of confidentiality or integrity breaches if the underlying malware is active, but no immediate widespread disruption or critical system compromise is indicated. The absence of known exploits reduces the urgency, but the potential for undetected malware presence means organizations should maintain vigilance. The impact is primarily on network security monitoring and incident response readiness rather than direct operational disruption or data loss at this stage.

Mitigation Recommendations

Organizations should integrate this IOC into their existing network monitoring and intrusion detection systems, particularly if using Maltrail or similar tools, to improve detection of suspicious traffic patterns. Regularly update threat intelligence feeds and correlate this IOC with internal logs to identify any matching network activity. Conduct thorough network traffic analysis and endpoint investigations if suspicious indicators arise. Enhance network segmentation and restrict unnecessary outbound connections to limit malware communication channels. Employ behavioral analytics to detect anomalies beyond signature-based detection. Maintain updated endpoint protection and conduct regular vulnerability assessments to reduce infection vectors. Since no patches are available, focus on detection, containment, and response capabilities. Share findings with relevant cybersecurity communities to enrich collective threat awareness. Finally, ensure incident response teams are prepared to investigate and remediate potential malware infections indicated by such IOCs.

Affected Countries

United StatesUnited States
GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
JapanJapan
South KoreaSouth Korea
AustraliaAustralia
CanadaCanada
SingaporeSingapore
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid
4fe4a80e-39cb-43f1-9e95-9ce5ddd98907
Original Timestamp
1771512608

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/11b8e64ee8f1179d3a57ed9d6acb04b6db98685f
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1abcb0daf207436d840b79aa6a03dae8685b06dc
urlhttps://api.github.com/repos/stamparm/maltrail/commits/32a76ddc120c0277d847fbcbc9288d61621c6ada
urlhttps://api.github.com/repos/stamparm/maltrail/commits/891b85778a0dca163aab9a0357d4ad0070f1dde7
urlhttps://www.virustotal.com/gui/ip-address/172.86.68.175/relations
urlhttps://api.github.com/repos/stamparm/maltrail/commits/38a0e5323dfab3c52d49e9a5ebc378a77613c2e4
urlhttps://www.malware-traffic-analysis.net/2026/02/02/index.html
urlhttps://api.github.com/repos/stamparm/maltrail/commits/161165f924c2d4f0f724c560e8a61be490c2a32f
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cad8eeb78d9aaff26917877b09d8299c53d45955
urlhttps://www.linkedin.com/posts/any-run_moonrise-anyrun-anyrun-activity-7429889782744338432-m2TU
urlhttps://app.any.run/tasks/d3e5e733-3b0d-4cf7-a7a8-ea1553cd16b9
urlhttps://www.virustotal.com/gui/file/082fdd964976afa6f9c5d8239f74990b24df3dfa0c95329c6e9f75d33681b9f4/detection
urlhttps://www.virustotal.com/gui/file/7609c7ab10f9ecc08824db6e3c3fa5cbdd0dff2555276e216abe9eebfb80f59b/detection
urlhttps://www.virustotal.com/gui/file/8a422b8c4c6f9a183848f8d3d95ace69abb870549b593c080946eaed9e5457ad/detection
urlhttps://www.virustotal.com/gui/file/8d7c1bbdb6a8bf074db7fc1185ffd59af0faffb08e0eb46a373c948147787268/detection
urlhttps://www.virustotal.com/gui/file/c7fd265b23b2255729eed688a211f8c3bd2192834c00e4959d1f17a0b697cd5e/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5cf8515fc2730f3beeedd68b9aa02b55a22bb4e1
urlhttps://x.com/skocherhan/status/2024182714924982367
urlhttps://www.virustotal.com/gui/file/0d68b73230590dd26702695e55035bea909f3ecb1819d271f97ebb91fd5be2a9/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d3b98338d832376da067a62d39c8da81f39f01c5
urlhttps://x.com/smica83/status/2024247296766939341
urlhttps://www.virustotal.com/gui/file/c71e7135b7b1398ec8e265eb23ccb19d955d7eb93c8fd302f621b1709083d071/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4e6c0e7c8e900923044847b7fa25aae262e121ce
urlhttps://www.virustotal.com/gui/file/72b42b0a3f81f87a57de68a85073507e31a2396a7fb43229b4a087aec1d32817/detection
urlhttps://www.virustotal.com/gui/file/6d42dc19f4b0a8d12316b1956afd3a75aaacefe6ee9a0b1f5a6226514d85d946/detection
urlhttps://www.virustotal.com/gui/file/675288f2acf488cdae11d6473910ee11407ccaee87e9692d279cd694381f6e30/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/13a13f3a1e0c8510cc97eedc8167746327398917
urlhttps://x.com/SarlackLab/status/2024106705055863014
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e250fc689c07a26cfd5fafce79d2bfb829880db1
urlhttps://x.com/skocherhan/status/2024248493037015409
urlhttps://www.virustotal.com/gui/file/3f62db0ff8ee1ce8cb2015c5bd2af8dbcc8089bb349192ee8b8d5a923476af71/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f289cf60e764c067a2fd6fe0ea966a5b60155a9f
urlhttps://api.github.com/repos/stamparm/maltrail/commits/80c7c9a543b65a50d12bca1dd6689b8109441ecf
urlhttps://x.com/skocherhan/status/2024194564605579358
urlhttps://www.virustotal.com/gui/file/4885affbac1695037c5fbfc000ff54021406c5da58a14fca96dd34f6de499220/detection
urlhttps://www.virustotal.com/gui/file/5a98b05cff064c3884c689e4f4fb991533cf631de39299a924d69d8376661b0c/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d1d77abefe9c47bce37e1cbcd85c910b765c841e
urlhttps://api.github.com/repos/stamparm/maltrail/commits/be925348dd8e47bc81ccddf988a96929fd3ad4cc
urlhttps://api.github.com/repos/stamparm/maltrail/commits/378a356b50d0a204246efa8b473ab3ddda9d0fe5
urlhttps://x.com/unmaskparasites/status/2024231565711060994
urlhttps://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer
urlhttps://api.github.com/repos/stamparm/maltrail/commits/561909b7dc91fffdf76505a278492dc2d1789ca3
urlhttps://x.com/suyog41/status/2024363333680582877
urlhttps://www.virustotal.com/gui/file/ea349ae658ce24fdb994d8a2726314873b306a4c9714e8c66393a8154547c4a3/detection
urlhttps://api.github.com/repos/stamparm/maltrail/commits/313aecbbb8dc413b1c2c18b6f90d6fc8aef0a283
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e90cfa69a74534db6fe794e488e52b6604f64df0
urlhttps://api.github.com/repos/stamparm/maltrail/commits/872f4fce15d8d60a302d48967e0b405d92d67b4a
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1d8976086d74637ce1cc99c999b9c9347309ddda
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6da10d1bbf5604f7a67f29aa7ed06053a5f07720
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fa144a4811964b61569d4887fd83a67a8d9639b9
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9cc28131a555a104cb978a5ac8c1d9b6f23703f7
urlhttps://www.virustotal.com/gui/ip-address/144.31.1.133/relations
urlhttps://www.virustotal.com/gui/ip-address/144.31.90.119/relations
urlhttps://api.github.com/repos/stamparm/maltrail/commits/40f69b93dd093dfc13eb22df9b086d7d59388fb6
urlhttps://x.com/volrant136/status/2024478284982210852
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a53f7c8e0661fb0a05b322733fde9bed83213bee
urlhttps://x.com/suyog41/status/2024479497224147390
urlhttps://www.virustotal.com/gui/file/359391bbed3585cac881d3e0cb1c5d3143f14381a676560dbda2e8d3317f1426/detection

Domain

ValueDescriptionCopy
domainkoover.org
domaintributj.cyou
domainactivebrain.conscious86jag.coupons
domainallu7eho1a.ru
domaincensure47contr.coupons
domainchecknode.censure47contr.coupons
domainconscious86jag.coupons
domainmagicbook.overdue13wizard.coupons
domainmagiclook.allu7eho1a.ru
domainmentalpulse.conscious86jag.coupons
domainmindwave.conscious86jag.coupons
domainmysticpoint.overdue13wizard.coupons
domainoldscroll.overdue13wizard.coupons
domainoverdue13wizard.coupons
domainsafeguard.censure47contr.coupons
domainschonefrau.allu7eho1a.ru
domainshieldpath.censure47contr.coupons
domainthoughtsync.conscious86jag.coupons
domaintopazyduper.ru
domainnelavohomet.com
domainabjmamnaaecgfmd.top
domainaddmkkajhebcbem.top
domainafiniljgdmdgimb.top
domainagcnfjkcjlcddfk.top
domainahegbcanlikmall.top
domainahyw2fb2.top
domainaimgmacjdijjjeg.top
domainaldhkakgnbkmdmk.top
domainbaifegjcmijlifc.top
domainbasy3f.top
domainbfbkidlkalaelfj.top
domainbhflgeggjeciean.top
domainbinlcchccebfagh.top
domainbkbemjmaebjnkmi.top
domainbljejhnjkaikgfd.top
domainbnafhhhggikannh.top
domainbnbfyw1.top
domainccldeaegnbjckae.top
domaincdfdbmgcfainfgn.top
domaincegklfkahlchcna.top
domainchhkejhdlifgjkg.top
domainclljajecjlagkhf.top
domaincmmckcjalhibhag.top
domaindbncdggdbemaalm.top
domaindeibchbgghidgbb.top
domaindfcbmfdcmhhabhk.top
domaindkcjdldgclckbbk.top
domaineinnjmacfngcmjh.top
domainemahaeagjebllch.top
domainenihlcbccdaihic.top
domainey267te.top
domainfblflllgckanide.top
domainfcffijmcjknkdjn.top
domainfgfnnangnahfdcn.top
domainfnjnbehjangelkd.top
domainfyvw2oiv.top
domaingdidjeigjdnbeeb.top
domaingecdfcjcbcmmakk.top
domainghhedcenlkabhfa.top
domaingibeaafjeknmclj.top
domaingjclkhkgghhhnek.top
domaingkklhflcmggeikf.top
domaingmbmfgfniahicei.top
domainhbmkcncnbghjmfg.top
domainhbsayv7a2.top
domainhchknlejhgggila.top
domainhdyvgtz2.top
domainhhnbdjhcijlnklh.top
domainhince21.top
domainhkmclhcjlcmanmg.top
domainhlnjhahgnngjkfh.top
domainhmijemicfnffflc.top
domainhyfhgvz2.top
domainialhfhehggfkgge.top
domainibfhbffdmfehbmn.top
domainidkinganingljgd.top
domainieeikebjanfiemm.top
domainiffbgkfhckndbfn.top
domainijecbjbnednddgl.top
domainjdlhmlbkkcjjndk.top
domainjfyvhz23.top
domainjghglmlnbgfnfha.top
domainjhbghlmjhfejbaj.top
domainjicnddchjcmelgk.top
domainjjknacedbclbhnf.top
domainjlbamcmnljnfahi.top
domainjldnlhnknnbdfec.top
domainjnjajanjdjlcjnd.top
domainkammjjjnecmhkig.top
domainkbgmghkjkcldgaa.top
domainkjmeeejjamdllbg.top
domainlcjkhcgnljlihjd.top
domainldekdaijdikfcbm.top
domainlieeifinimeacjl.top
domainmgbiahfjkbjhncj.top
domainmjakjgacmikhbdh.top
domainmlbcfmfnbfecmki.top
domainmmjcclgjhfdnicd.top
domainnaganedjalcbeda.top
domainnay3fva.top
domainnclblemgkfeelle.top
domainndiva2k.top
domainnefbicnccfdbhdn.top
domainnfhiejdnebkkdka.top
domainnfuwtcv.top
domainnmlhgnlcfbjjmef.top
domainnnmacfcnhmdejlg.top
domainnter313.top
domainnueyrtp21.top
domainsbwur1.top
domainsug6224.top
domainsyzv21d.top
domainalexisfargo425.myvnc.com
domainstillalivemot.com
domainisof63umlw.loclx.io
domainpremrera.com
domainvpn.premrera.com
domainfilecloudtunnel.com
domainfilefilecompass.com
domainfilefilekeystone.com
domainfilefilespindle.com
domainofficesignature.info
domainaccount.parlnershubc.com
domainexoduspay.cfd
domainmeverintu.cc
domainparlnershubc.com
domainprimary-device-default.com
domainvolksbank-tan.com
domainvolskbank-tan.com
domainchromium-report-tech-331as-2s1-tcd-h143.cryp-board-raz.com
domainchromium-report-tech-331as-2s1-tcd-h143.linkfort-razvdkk.com
domainchromium-report-tech-331as-2s1-tcd-h143.price-raz-app.com
domaincryp-board-raz.com
domainprice-raz-app.com
domain3s7r79db.workers.dev
domain3wccvy5o.workers.dev
domain6bx6q6ey.workers.dev
domain8kwfaa30jtlnwi.com
domaincloud-pool-ae5.guc7wbsy.workers.dev
domaincloud-tech-8c4.pn8hzydg.workers.dev
domaincloud-tech-a74.3s7r79db.workers.dev
domaincollab-asset-land.com
domaincollab-dao-land.com
domaincollab-dash-land.com
domaincollab-gn-land.com
domaincollab-lands.com
domaincollab-layer0-land.com
domaincollab-mpc-land.com
domaincollab-sol-land.com
domaincollab-xlm-land.com
domaincollab.fork-land.com
domaincollab.land-verifys.com
domaincollab.land-wl.com
domaincollabland-eth.com
domaincz53l1or.workers.dev
domaindfuykhndfkhjdfnkdfhbdfkjhdbhkf.com
domaindopdopdddewdoideoijdioedwioj.com
domaingdfgodfgkodfvx.com
domaingreen-hub-a93.vt3y2et5.workers.dev
domainguc7wbsy.workers.dev
domainivx9ctza.workers.dev
domainjdfkgkgkfkjjkfkffdkfdkdfkdkdk.com
domainkhslx07s.workers.dev
domainkjfckckvnkcjfnkfkgjcn.com
domainkjnfdkjndsliurriuvlndvlijsndlij.com
domainland-verifys.com
domainland-wl.com
domainmwpt9h-gc0d1q-shutter-88a0609b.koyeb.app
domainnjc21n-vi8z47-jaatcom822-eb36cf51.koyeb.app
domainoifosdusnczxywq.com
domainorg.redirect-302.com
domainpn8hzydg.workers.dev
domainpxc4kghr.workers.dev
domainquick-net-6bd.cz53l1or.workers.dev
domainquick-net-ba8.khslx07s.workers.dev
domainredirect-302.com
domainrhfhfhffgkllvfdklfvl.com
domainroles-collab.com
domainsharp-dev-40d.ivx9ctza.workers.dev
domainsharp-tech-bcd.pxc4kghr.workers.dev
domainsmart-code-952.6bx6q6ey.workers.dev
domainsmart-dev-e5f.zqvxx68r.workers.dev
domainswift-box-3c8.xm7kk31l.workers.dev
domainswift-lab-2f6.3wccvy5o.workers.dev
domainvt3y2et5.workers.dev
domainxm7kk31l.workers.dev
domainzqvxx68r.workers.dev
domainpressureulcerlawyer.com
domainhungrymungry.com
domaindbefmnmeigiccje.top
domainilagnmedhkiemjj.top
domaindebank-api.cc
domainc2.th4ntis.com
domainzbzb.ypsecurity.fr
domaingamebaaaaat.xyz
domainlmvitrkd.icu
domainquickbaaaat.xyz
domainxvfntjngi.icu
domainmarpowers.com
domainpuigs.info
domainrvtm.pw
domain2simpledownload.com
domaingolden2ap0.com
domainmac-instruction.2simpledownload.com
domainsilveraplleapps.com
domainwestarranch.com
domainmail-navy-lk-43897fyi78945tr78945uio89045iuort89045prt054k.pages.dev
domainvirtualspeechtherapists.com

Ip

ValueDescriptionCopy
ip144.31.238.37
ip85.137.253.64
ip193.23.199.88
ip206.123.132.160
ip185.208.159.245
ip158.94.210.166

Threat ID: 69972c74732724e9dc48b620

Added to database: 2/19/2026, 3:29:56 PM

Last enriched: 3/13/2026, 8:02:39 PM

Last updated: 4/6/2026, 7:59:20 AM

Views: 298

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses