ThreatFox IOCs for 2026-02-12
ThreatFox IOCs for 2026-02-12
AI Analysis
Technical Summary
The ThreatFox IOCs entry dated 2026-02-12 relates to malware activity identified through open-source intelligence (OSINT) and network activity analysis, specifically focusing on payload delivery mechanisms. The report does not list specific affected software versions or products, indicating that the threat is more about observed malicious network behaviors and associated indicators rather than a vulnerability in a particular product. No patches or fixes are available, and there are no known exploits actively used in the wild, suggesting this is an intelligence feed intended to aid detection rather than a report of an ongoing attack campaign. The threat level is rated medium, reflecting moderate risk based on the potential for payload delivery via network vectors. The absence of detailed technical indicators or CWEs limits the ability to pinpoint exact attack vectors or malware families involved. The TLP:white classification indicates the information is intended for wide distribution, supporting broad defensive measures. The technical details such as threatLevel=2 and distribution=3 imply moderate threat presence and dissemination. Overall, this intelligence supports enhanced monitoring and proactive defense rather than immediate emergency response.
Potential Impact
For European organizations, the primary impact of this threat lies in the potential for network-based malware payload delivery, which could lead to unauthorized access, data exfiltration, or disruption of services if successfully executed. Since no specific software vulnerabilities are identified, the risk is more about exposure to malicious network traffic and the ability to detect and respond to it. Organizations heavily reliant on networked infrastructure, especially those involved in critical sectors such as finance, energy, and government, could face increased risk if their network defenses are insufficient. The lack of known exploits in the wild reduces immediate urgency but does not eliminate the risk of future exploitation attempts. The medium severity rating suggests that while the threat is not critical, it warrants attention to prevent escalation. Failure to detect or mitigate such payload delivery attempts could result in compromise of confidentiality, integrity, and availability of systems and data.
Mitigation Recommendations
European organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. Network segmentation should be enforced to limit the lateral movement potential of any delivered payloads. Regular network traffic analysis and anomaly detection can help identify suspicious activities related to payload delivery. Endpoint detection and response (EDR) tools should be configured to monitor for unusual behaviors consistent with malware execution. Since no patches are available, emphasis should be placed on proactive threat hunting and incident response readiness. Security teams should also ensure that OSINT and threat intelligence feeds are continuously updated and correlated with internal logs. User training on recognizing phishing or social engineering attempts remains important, even though user interaction is not explicitly required here, as payload delivery often involves initial compromise vectors. Finally, collaboration with national cybersecurity centers and sharing of threat intelligence can improve collective defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 38.134.148.152
- hash: 9999
- domain: hubjimfoodsales.shop
- domain: futureentrepreneurhub.com
- domain: blazingtigerpower.com
- domain: stormfurycommandhqex.com
- domain: netrovalixsystems.com
- domain: silverlilysummer.com
- domain: energyefficienttools.com
- domain: administrator.corepulseworks.com
- domain: primeaiinfrastructure.com
- domain: nexustelecomltd.com
- domain: brightmorningsunrise.com
- domain: abqdealershipsnew.com
- domain: futureinnovationlab.com
- domain: administrator.smartlaunchzone.com
- domain: proactiveitinfrastructure.com
- file: 91.160.139.68
- hash: 27015
- file: 45.88.186.98
- hash: 9739
- file: 198.244.201.139
- hash: 8535
- file: 90.0.231.39
- hash: 4444
- file: 82.102.23.139
- hash: 42830
- file: 185.208.156.187
- hash: 8770
- file: 147.185.221.31
- hash: 21803
- url: http://64.188.79.242/installerr/api/endpoint.php
- file: 173.211.46.215
- hash: 7788
- file: 34.88.31.95
- hash: 8080
- file: 128.90.108.111
- hash: 4433
- domain: opal57x.savvy3spree.coupons
- file: 144.31.203.91
- hash: 80
- file: 94.156.152.67
- hash: 80
- file: 159.203.114.198
- hash: 7072
- domain: femboyservicesapi.xyz
- file: 199.101.111.23
- hash: 3790
- domain: tundra803.savvy3spree.coupons
- domain: sierra14.bonus7basket.coupons
- domain: cinder930.bonus7basket.coupons
- domain: nylon6burst.bonus7basket.coupons
- url: https://captioz.shop/
- domain: marlin204.promoportal4.coupons
- domain: garnet88.promoportal4.coupons
- domain: plasma707.promoportal4.coupons
- file: 164.92.167.237
- hash: 80
- file: 27.124.30.18
- hash: 8080
- file: 23.236.64.252
- hash: 8888
- file: 193.161.193.99
- hash: 3399
- domain: raven31.valuevault8.coupons
- domain: atlas906.valuevault8.coupons
- file: 185.229.225.122
- hash: 1234
- file: 8.141.114.67
- hash: 8888
- file: 148.66.11.10
- hash: 5178
- domain: mango72k.valuevault8.coupons
- file: 64.89.163.7
- hash: 8888
- domain: cobalt911.offer6orchard.coupons
- url: http://nonny11.xyz/sol/fre.php
- domain: zenith44.offer6orchard.coupons
- file: 45.192.213.15
- hash: 8088
- file: 45.192.213.15
- hash: 443
- file: 45.192.213.15
- hash: 80
- file: 103.8.27.52
- hash: 7221
- domain: fjord305.offer6orchard.coupons
- domain: saffron63.bargainbridge1.coupons
- domain: ironwood812.bargainbridge1.coupons
- domain: mindabusiness.duckdns.org
- domain: mattersthatmatters.duckdns.org
- domain: greatmatteronly.duckdns.org
- file: 193.161.193.99
- hash: 39262
- file: 138.68.47.225
- hash: 7443
- file: 69.62.125.171
- hash: 7443
- file: 182.123.79.228
- hash: 8888
- file: 3.141.20.153
- hash: 443
- file: 116.102.228.216
- hash: 7000
- file: 158.94.208.143
- hash: 35630
- domain: acscervice.com
- file: 83.229.17.74
- hash: 443
- domain: saborizerefeicoes34.store
- url: https://saborizerefeicoes34.store/donldpats/receptor.php
- domain: throneback.xyz
- domain: onlinekings.cyou
- file: 45.87.153.148
- hash: 9802
- file: 117.72.97.155
- hash: 80
- file: 8.152.205.177
- hash: 8888
- file: 202.95.17.140
- hash: 16688
- domain: polar9dash.bargainbridge1.coupons
- domain: nebula501.discount5den.coupons
- file: 86.54.42.53
- hash: 56001
- domain: cedar27.discount5den.coupons
- domain: a2achannel.com
- domain: share2e2git.yachts
- file: 104.250.169.119
- hash: 3010
- file: 188.119.148.125
- hash: 7443
- file: 170.187.205.218
- hash: 8081
- file: 45.8.47.24
- hash: 8000
- file: 94.237.63.254
- hash: 8082
- file: 16.62.211.218
- hash: 41604
- file: 16.62.211.218
- hash: 554
- file: 199.101.111.43
- hash: 3790
- url: https://gts.emiraride.com/
- url: https://gts.megaexdistribuidora.com.br/
- url: https://mtg.emiraride.com/
- url: https://mtg.megaexdistribuidora.com.br/
- url: https://89.167.68.164/
- url: https://65.109.252.105/
- url: https://65.109.245.121/
- url: https://65.21.182.91/
- url: https://77.42.49.62/
- url: https://89.167.8.65/
- url: https://65.109.254.225/
- domain: mtg.emiraride.com
- domain: mtg.megaexdistribuidora.com.br
- domain: gts.emiraride.com
- domain: gts.megaexdistribuidora.com.br
- file: 65.109.252.105
- hash: 443
- file: 65.109.245.121
- hash: 443
- file: 65.21.182.91
- hash: 443
- file: 77.42.49.62
- hash: 443
- file: 89.167.8.65
- hash: 443
- file: 65.109.254.225
- hash: 443
- domain: echo918.discount5den.coupons
- file: 151.101.171.182
- hash: 443
- file: 3.33.196.131
- hash: 443
- domain: solstice77.reward2rocket.coupons
- domain: 5osnse1q.dozerebelt.digital
- domain: m1w1mwdm.dozerebelt.digital
- domain: riptide306.reward2rocket.coupons
- domain: rhythmbottle.xyz
- domain: ticketteaching.info
- domain: aftermathmonkey.info
- domain: mittenselection.xyz
- domain: tutions.bhavitutors.com
- domain: store.xinnomix.net
- domain: strimex.de
- domain: staging.alaincasault.com
- domain: developmentsite1.bestchoiceitwebsites.com
- domain: mijnvriendinenik.nl
- domain: metmuseum.wordt-ontwikkeld.be
- domain: kmhospital.info.digitaljaydeep.in
- domain: healthyhabitpath.com
- domain: carlosjuniorleite.agencialegalads.com
- domain: stratospb.com
- domain: thiagoanselmo.oraculodosorixas.com.br
- domain: youtubethumbnaildownloadhd.com
- domain: youthviolenceproject.com
- domain: yoshinari-raita.com
- domain: weiler.signo.dev.br
- domain: vncomi.com
- domain: tattes.ch
- domain: retirementmaxradio.southernsummits.com
- domain: 8050.jp
- domain: aiboxs.click
- domain: smokefreehousinginfo.com
- domain: g-terrace.net
- domain: sureclear.com.au
- domain: trimed.com.au
- domain: travelmix.ch
- domain: karminis.ch
- domain: suketiawan.com
- domain: 1c-bitrix-perenos.adm-center.ru
- domain: tizambia.org.zm
- domain: fidestecnologias.com.ve
- domain: nsgrafica.ao
- domain: clinicasdorim.com.br
- domain: munichmotorsport.com
- domain: krishnawebservices.com
- domain: www-youtube-com-watchvideo.cfd
- domain: lowcountrygrapevines.com
- domain: sentidoseguros.com.br
- domain: aspirefoundationinc.org
- domain: sandyrelief.aurovine.com
- domain: giooga.com
- domain: mail.geo-home.rw
- domain: coinmarketsap.com
- domain: theharadamethod.com
- domain: smokingantrecords.com
- domain: thealphain.com
- domain: spark-news.xyz
- domain: ilingering-verify-clouds.pages.dev
- domain: indiasproperty.com
- domain: lingering-verify-cloud-86ee.pages.dev
- domain: kjarz.com
- domain: cryptoportalhub.com
- domain: cryptoinfa.com
- domain: dmmediacamp.com
- domain: pharmacygletsos.com
- domain: aslidomino.info
- domain: linkmore.info
- domain: planb.ph
- domain: solscan.is
- domain: cld.hashes.today
- domain: title-car.info
- domain: hotelthilanka.com
- domain: petersandorf.com
- domain: xerovent.org
- domain: 360-carview.com
- domain: 4vspvs.com
- domain: upsistem32dat.com
- domain: rankieng.com
- domain: cih.vbk.temporary.site
- domain: b.pendantkart.in
- domain: verificationsbycapcha.center
- domain: egyeditalpbetet.batz.hu
- domain: updatesbrows.app
- domain: jftl.co.in
- domain: pawprintspublishingllc.com
- domain: pbcustomercare.com
- domain: addisartist.com
- domain: birdranktop.com
- domain: birdrepopt.com
- domain: bebirdrank.com
- domain: bitbirdrep.com
- domain: birdrepnet.com
- domain: birdrepcorp.com
- domain: birdrepfx.com
- domain: birdrepinc.com
- domain: birdrepsys.com
- domain: birdrepup.com
- domain: birdrepinfo.com
- domain: birdreppro.com
- domain: birdrankapp.com
- domain: birdrepfix.com
- domain: birdrepwin.com
- domain: birdrepuse.com
- domain: birdrepbit.com
- domain: birdrepusa.com
- domain: acebirdrep.com
- domain: birdrankopt.com
- domain: tapbirdrank.com
- domain: sysbirdrep.com
- domain: dyshpt.com
- domain: coronadopreppreschool.com
- domain: fresheralerts.com
- domain: bonus33.info
- domain: javsenpaiii.pages.dev
- domain: javsenpai.pages.dev
- domain: captaincoin.io
- domain: tenkif.com
- domain: educatorshub.org
- domain: myminicabin.com
- domain: abbeysorchids.com
- domain: 68gamewin7.shop
- domain: circleebuildings.net
- domain: mail.kabarpangan.id
- domain: tools-booster.com
- domain: onlinelearning.efcde.com
- domain: htglobalcircuits.com
- domain: booking.com-admin.com
- domain: ideacatcher.com
- domain: lilypainexperts.com
- domain: birdrankbox.com
- domain: womensfitnessplans.com
- domain: aceimaging.in
- domain: tripvoyagehub.org
- domain: cbtechnic.com
- domain: accessbullx.com
- domain: cpdendorsed.com
- domain: blancosettlement.com
- domain: shopifycpatch.com
- domain: clickuhome.com.hk
- domain: 365-docs.cfd
- domain: escortseohizmetleri.com
- domain: email.closeoutstocks.com
- domain: fixbirdrank.com
- domain: fixbirdrep.com
- domain: firingpinjournal.com
- domain: captcha-verification.digital
- domain: documenti-drive.com
- domain: dieticianruniakolkata.com
- domain: kantinas.gr
- domain: laengconsulting.ch
- domain: dcnmjewels.com
- domain: rockettcg.cl
- domain: cloudflare-captcha.net
- domain: piworfolo.com
- domain: staging.ferreiraco.com
- domain: booking.com-reactivate.de
- domain: shreejayjalaramgroup.com
- domain: guard-google.com
- domain: traitement-anti-fourmis.fr
- domain: memorialgreenturf.com
- domain: metronomie.com
- domain: qr.emedia.ae
- domain: stu.edu.iq
- domain: google-security-bypass-v-usfnskwkn666.pages.dev
- domain: nashamuktijabalpur.com
- domain: google-security-bypass-v-bckdpsdeuw.pages.dev
- domain: google-security-bypass-v-sflepznfhwys3.pages.dev
- domain: booking-verif.com
- domain: google-security-bypass-v-hsdiwnxdsndknw.pages.dev
- domain: google-security-bypass-v-03100dc.pages.dev
- domain: solidnews.pro
- domain: cuanasekali.xyz
- domain: google-security-bypass-v-021004.pages.dev
- domain: google-security-bypass-v-021003.pages.dev
- domain: google-security-bypass-v-021002.pages.dev
- domain: google-security-bypass-v-021001.pages.dev
- domain: google-security-bypass-v-011005.pages.dev
- domain: google-security-bypass-v-011003.pages.dev
- domain: google-security-bypass-v-011002.pages.dev
- domain: shop.stil.co.ug
- domain: rootsems.com
- domain: google-security-bypass-v-udk3nbdbw842.pages.dev
- domain: booking-verification.click
- domain: africanhillslodge.co.za
- domain: gecal.com.br
- domain: gclouds.icu
- domain: zeta-financial.com
- domain: gcloudfs.icu
- domain: yourishikesh.com
- domain: google-security-bypass.pages.dev
- domain: 365-docs.online
- domain: pub-31a7ccb7d5264101a447a2914e357e5f.r2.dev
- domain: babybauchblog.de
- domain: reachbirdrank.com
- domain: balbharatischool.in
- domain: cloudflare.cheahpartners.com
- domain: easygoldtrading.com
- domain: birdrankhelp.com
- domain: sindangkasihnews.com
- domain: cuanahebat.xyz
- domain: booking-verify-check-number1883.com
- domain: pub-f00f6c74748b448cad437351a835c6cf.r2.dev
- domain: booking.com-sign-in.world
- domain: mail.journalultv.edu.vn
- domain: glynneathdental.com
- domain: termal.bailetusnad.de
- domain: probirdrank.com
- domain: moro-mie.com
- domain: tickets-sarstedt.365-portal.net
- domain: theamoralists.com
- domain: comolube.com
- domain: cryptocompass.dev
- domain: minhajautorepair-ae.oam.pgs.mybluehostin.me
- domain: pub-b4e149870eb044c2b0d90459885821f9.r2.dev
- domain: careerslumen.com
- domain: hglawyers.com
- domain: dongfeng-uae.com
- domain: northamptonorthopaedics.co.uk
- domain: elternrat-bezaarau.ch
- domain: tradesync.dev
- domain: avanteoficina.com.br
- domain: pub-75942411e32842ff9c7c36752d5fbba8.r2.dev
- domain: eastwestglassexpert.com
- domain: constructionsmcl.com
- domain: birdrankex.com
- domain: www.thebrainworkshop.com
- domain: elcomltd.com
- domain: os.clinic
- domain: birdrankup.com
- domain: pub-2149a070e76f4ccabd67228f754768dc.r2.dev
- domain: ipmmasterclass.com
- domain: ashigaruwallet.rs
- domain: marineeducational.com
- domain: paok24.com
- domain: chillimanis.com.sg
- domain: energy-ts.com
- domain: clarionschooldubai.com
- domain: newsouthhomes.com.au
- domain: pub-2889d605e08246e4846fd7d50b9f7673.r2.dev
- domain: stakesol.pro
- domain: m-t.gov.gr
- domain: chemistnotes.com
- domain: www.alampat.com
- domain: pub-4ecf9dbb36b14a6ca5cc2edda94239c8.r2.dev
- domain: floralsupply.com
- domain: www.lntrealty.com
- domain: rjccabinets.com.au
- domain: sunlook.fun
- domain: aticusllc.com
- domain: thoseguysepoxyandmore.com
- domain: ardiellifornasa.ge
- domain: piworfolo.com.theplatinumguesthouse.com
- domain: eetools.com
- domain: jzs86.com
- domain: pub-a8c70268707f403c889fb3370abffd68.r2.dev
- domain: luminateclinic.com
- domain: wtaindia.com
- domain: xytelindia.com
- domain: spinedoctors.md
- domain: mondossierrenov.com
- domain: adult.cheahpartners.com
- domain: warmembraceshop.com
- domain: update-ccleaner.run.place
- domain: dubaiexpertplumber.com
- domain: dat.claims
- domain: unclewileys.com
- domain: nontonfilm.us
- domain: sidelinesports.com
- domain: corporateofficehq.com
- domain: akademiawalki.com
- domain: hhpms.com
- domain: aiolocksmithstpetersburg.com
- domain: cloud-file-explorer.netlify.app
- domain: gtl.ci
- domain: akwatic-hotel.ci
- domain: rafelink.life
- domain: clipacc.com
- domain: senevie.com
- domain: pub-f3584a9197da4a3ab7b71a89ef92a1c7.r2.dev
- domain: capgokil.xyz
- domain: upfilenew.cc
- domain: topbirdrank.com
- domain: tonnsfabrication.com
- domain: bharatnamkeens.com
- domain: skipgorman.com
- domain: fd1c2342-e679-4d72-8d6c-14188a0889f5.journalultv.edu.vn
- domain: capazmente.com
- domain: infobirdrep.com
- domain: eu2.contabostorage.com
- domain: martinpintado.com
- domain: testshop.thermeeins.de
- domain: setenews.com
- domain: cloudflare-app.mooo.com
- domain: otticaramoni.com
- domain: birdreplab.com
- domain: mmm-intranet-document-explorer.netlify.app
- domain: revistadiversidadcultural.com
- domain: rootsmacaronesia.com
- domain: cuanauntung.xyz
- domain: robobotics.eu
- domain: scillarodriguez.com
- domain: gesundeswasser.co
- domain: pub-dce4815fde8f4b84a55fe31ab7cf28c3.r2.dev
- domain: maheshwaree.com
- domain: www.dorper.com.au
- domain: picsera.com
- file: 91.92.240.114
- hash: 20000
- domain: sable14x.reward2rocket.coupons
- domain: xerpa.flint09marko.coupons
- domain: m2-q8v.flint09marko.coupons
- file: 37.120.199.54
- hash: 4781
- file: 45.130.164.228
- hash: 1177
- url: http://89.208.106.114/7e1669c87b2a4f93.php
- domain: r5k0t.flint09marko.coupons
- domain: benn4x.brisk7dento.coupons
- domain: qem2a.brisk7dento.coupons
- domain: buhlfp.ru.com
- domain: hoathinh3d.to
- domain: japetuxaliq.sa.com
- domain: jemaco.ch
- domain: kind.co.com
- domain: klubblyftet.ru.com
- domain: npzfh.ru.com
- domain: nrp.co.com
- file: 103.106.228.129
- hash: 443
- domain: t0veek.brisk7dento.coupons
- domain: hass-8r3p.plax482verdi.coupons
- domain: carry.plax482verdi.coupons
- domain: numbers-23.plax482verdi.coupons
- domain: wish-carefully.gl.at.ply.gg
- file: 122.114.10.199
- hash: 8080
- file: 34.88.149.206
- hash: 8443
- file: 91.187.138.61
- hash: 443
- domain: aivo.sa.com
- domain: vlxx.co.za
- file: 199.101.111.101
- hash: 3790
- file: 51.48.163.208
- hash: 29281
- file: 43.204.22.133
- hash: 8080
- url: http://85.137.252.19/g8hrs4f4vh/index.php
- file: 103.119.3.160
- hash: 443
- domain: pdd-6m8a.tronk6vesta.coupons
- domain: z4kt1r.tronk6vesta.coupons
- domain: k9x5nff.tronk6vesta.coupons
- domain: w7c2q.glint39parko.coupons
- file: 8.219.53.200
- hash: 5001
- domain: a6mm9t.glint39parko.coupons
- url: https://zor.emiraride.com/
- url: https://zor.megaexdistribuidora.com.br/
- domain: zor.emiraride.com
- domain: zor.megaexdistribuidora.com.br
- domain: reppox.glint39parko.coupons
- file: 156.247.41.106
- hash: 6666
- domain: t8aak3m.prong8tatsky.coupons
- domain: h3wwqgbo.caretouched.digital
- domain: 655rd9or.caretouched.digital
- file: 156.247.41.106
- hash: 8888
- url: https://netzhit.com/5s8h.js
- domain: netzhit.com
- url: https://netzhit.com/js.php
- domain: x1-n9q.prong8tatsky.coupons
- domain: b5rr7a.prong8tatsky.coupons
- domain: mmm4x8p.kolos56tomat.coupons
- file: 18.194.217.191
- hash: 443
- file: 154.86.19.86
- hash: 14994
- file: 64.188.65.166
- hash: 443
- file: 149.28.227.64
- hash: 31337
- file: 85.158.108.55
- hash: 7443
- domain: numerito.asuscomm.com
- url: https://sonyj.com/auth/endpoint-cache.php
- domain: sonyj.com
- url: https://sonyj.com/auth/redirect-xml.js
- url: http://79.141.162.183/file1
- url: https://awakeningd.com/file1
- url: https://79.141.162.183/zip1
- domain: booking.lastminutebusinessclass.com
- domain: web-q9t2n.kolos56tomat.coupons
- domain: ark7r5k.kolos56tomat.coupons
- file: 178.81.14.217
- hash: 4444
- file: 147.185.221.29
- hash: 61938
- file: 147.185.221.180
- hash: 19481
- file: 112.126.56.105
- hash: 4434
- file: 103.149.93.152
- hash: 443
- file: 151.243.109.99
- hash: 7001
- file: 212.193.31.183
- hash: 9000
- file: 175.192.75.105
- hash: 443
- file: 159.65.202.204
- hash: 8888
- file: 16.112.128.183
- hash: 9641
- file: 43.216.211.111
- hash: 10261
- domain: nssss6p3t.buckshot3hha.coupons
- file: 109.164.56.92
- hash: 4782
- domain: x49k7m.buckshot3hha.coupons
- domain: r332a8q.buckshot3hha.coupons
- domain: pass5x1m.favour128influen.coupons
- url: https://beer2p.com/auth/principal-effect.js
- domain: beer2p.com
- url: https://beer2p.com/auth/endpoint-cache.php
- url: https://beer2p.com/auth/redirect-xml.js
- url: http://193.201.82.142:3389/register
- domain: inspire-moi.com
- domain: gardenscup.com
- domain: ted9q6r.favour128influen.coupons
- url: https://mzg.emiraride.com/
- url: https://mzg.megaexdistribuidora.com.br/
- domain: mzg.emiraride.com
- domain: mzg.megaexdistribuidora.com.br
- domain: k4n7a3n.favour128influen.coupons
- domain: x77r44p.rye93shishaty.coupons
- domain: ynumdzg6a.localto.net
- domain: hisoftsfnrq.ru.com
- domain: gablewize.ru.com
- domain: diva.ru.com
- domain: idi-nahuy.net
- url: http://endlessgrumbler.cc:8080/updater?for=eee084a32dc313b18304be69a2ae44d9
- domain: mag1q9t.rye93shishaty.coupons
- file: 103.149.93.152
- hash: 8888
- file: 138.2.121.207
- hash: 443
- file: 149.28.227.64
- hash: 443
- file: 172.236.231.9
- hash: 80
- file: 180.76.103.69
- hash: 4321
- domain: assin6k7n.rye93shishaty.coupons
- file: 68.221.173.33
- hash: 443
- file: 154.86.19.110
- hash: 14994
- file: 188.166.160.90
- hash: 80
- file: 197.204.246.83
- hash: 443
- file: 206.189.213.116
- hash: 443
- file: 223.109.91.213
- hash: 10001
- file: 118.107.0.254
- hash: 2002
- file: 142.171.223.34
- hash: 19873
- file: 154.86.18.163
- hash: 14994
- file: 54.155.20.112
- hash: 443
- file: 58.244.43.233
- hash: 10001
- domain: battolka.sa.com
- domain: malware.battolka.sa.com
- domain: sseeo.org
- domain: v2.sseeo.org
- domain: v3.sseeo.org
- file: 79.137.194.178
- hash: 5412
- domain: ouryearofmoney001.duckdns.org
- url: http://endlessgrumbler.cc:8080/updater?for=f9c5ac442056a565c9f32e47f0a01ff6
- domain: kde-exe.with.playit.plus
- domain: discovery.brav7mon3ky.ru
- file: 3.66.38.117
- hash: 10859
- file: 3.69.157.220
- hash: 10859
- file: 3.69.115.178
- hash: 10859
- file: 18.197.239.109
- hash: 10859
- file: 3.68.171.119
- hash: 10859
- domain: sourire.brav7mon3ky.ru
- domain: greatthingshapppenthanku.duckdns.org
- domain: miraclemiracleoluwa.duckdns.org
- domain: glanz.trak8lin4zo.ru
- file: 128.90.108.148
- hash: 4433
- file: 194.187.122.190
- hash: 7777
- file: 130.61.237.253
- hash: 10001
- domain: beyond.trak8lin4zo.ru
ThreatFox IOCs for 2026-02-12
Description
ThreatFox IOCs for 2026-02-12
AI-Powered Analysis
Technical Analysis
The ThreatFox IOCs entry dated 2026-02-12 relates to malware activity identified through open-source intelligence (OSINT) and network activity analysis, specifically focusing on payload delivery mechanisms. The report does not list specific affected software versions or products, indicating that the threat is more about observed malicious network behaviors and associated indicators rather than a vulnerability in a particular product. No patches or fixes are available, and there are no known exploits actively used in the wild, suggesting this is an intelligence feed intended to aid detection rather than a report of an ongoing attack campaign. The threat level is rated medium, reflecting moderate risk based on the potential for payload delivery via network vectors. The absence of detailed technical indicators or CWEs limits the ability to pinpoint exact attack vectors or malware families involved. The TLP:white classification indicates the information is intended for wide distribution, supporting broad defensive measures. The technical details such as threatLevel=2 and distribution=3 imply moderate threat presence and dissemination. Overall, this intelligence supports enhanced monitoring and proactive defense rather than immediate emergency response.
Potential Impact
For European organizations, the primary impact of this threat lies in the potential for network-based malware payload delivery, which could lead to unauthorized access, data exfiltration, or disruption of services if successfully executed. Since no specific software vulnerabilities are identified, the risk is more about exposure to malicious network traffic and the ability to detect and respond to it. Organizations heavily reliant on networked infrastructure, especially those involved in critical sectors such as finance, energy, and government, could face increased risk if their network defenses are insufficient. The lack of known exploits in the wild reduces immediate urgency but does not eliminate the risk of future exploitation attempts. The medium severity rating suggests that while the threat is not critical, it warrants attention to prevent escalation. Failure to detect or mitigate such payload delivery attempts could result in compromise of confidentiality, integrity, and availability of systems and data.
Mitigation Recommendations
European organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. Network segmentation should be enforced to limit the lateral movement potential of any delivered payloads. Regular network traffic analysis and anomaly detection can help identify suspicious activities related to payload delivery. Endpoint detection and response (EDR) tools should be configured to monitor for unusual behaviors consistent with malware execution. Since no patches are available, emphasis should be placed on proactive threat hunting and incident response readiness. Security teams should also ensure that OSINT and threat intelligence feeds are continuously updated and correlated with internal logs. User training on recognizing phishing or social engineering attempts remains important, even though user interaction is not explicitly required here, as payload delivery often involves initial compromise vectors. Finally, collaboration with national cybersecurity centers and sharing of threat intelligence can improve collective defense.
Affected Countries
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- c8ce3977-41e7-442f-9a04-4489d7c07a94
- Original Timestamp
- 1770940986
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file38.134.148.152 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file91.160.139.68 | XWorm botnet C2 server (confidence level: 100%) | |
file45.88.186.98 | XWorm botnet C2 server (confidence level: 100%) | |
file198.244.201.139 | XWorm botnet C2 server (confidence level: 100%) | |
file90.0.231.39 | XWorm botnet C2 server (confidence level: 100%) | |
file82.102.23.139 | Remcos botnet C2 server (confidence level: 100%) | |
file185.208.156.187 | Remcos botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | Remcos botnet C2 server (confidence level: 100%) | |
file173.211.46.215 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file34.88.31.95 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.108.111 | DCRat botnet C2 server (confidence level: 100%) | |
file144.31.203.91 | Bashlite botnet C2 server (confidence level: 100%) | |
file94.156.152.67 | Bashlite botnet C2 server (confidence level: 100%) | |
file159.203.114.198 | Bashlite botnet C2 server (confidence level: 100%) | |
file199.101.111.23 | Meterpreter botnet C2 server (confidence level: 100%) | |
file164.92.167.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.30.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.236.64.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.229.225.122 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file8.141.114.67 | Meterpreter botnet C2 server (confidence level: 100%) | |
file148.66.11.10 | N-W0rm botnet C2 server (confidence level: 100%) | |
file64.89.163.7 | XWorm botnet C2 server (confidence level: 75%) | |
file45.192.213.15 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.213.15 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.213.15 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.8.27.52 | N-W0rm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file138.68.47.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.62.125.171 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.123.79.228 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.141.20.153 | Havoc botnet C2 server (confidence level: 100%) | |
file116.102.228.216 | Venom RAT botnet C2 server (confidence level: 100%) | |
file158.94.208.143 | DCRat botnet C2 server (confidence level: 100%) | |
file83.229.17.74 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.87.153.148 | XWorm botnet C2 server (confidence level: 100%) | |
file117.72.97.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.152.205.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.95.17.140 | Gh0stnet botnet C2 server (confidence level: 100%) | |
file86.54.42.53 | PureRAT botnet C2 server (confidence level: 100%) | |
file104.250.169.119 | Remcos botnet C2 server (confidence level: 100%) | |
file188.119.148.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.187.205.218 | Chaos botnet C2 server (confidence level: 100%) | |
file45.8.47.24 | MimiKatz botnet C2 server (confidence level: 100%) | |
file94.237.63.254 | MimiKatz botnet C2 server (confidence level: 100%) | |
file16.62.211.218 | Meterpreter botnet C2 server (confidence level: 100%) | |
file16.62.211.218 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.43 | Meterpreter botnet C2 server (confidence level: 100%) | |
file65.109.252.105 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.245.121 | Vidar botnet C2 server (confidence level: 100%) | |
file65.21.182.91 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.49.62 | Vidar botnet C2 server (confidence level: 100%) | |
file89.167.8.65 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.254.225 | Vidar botnet C2 server (confidence level: 100%) | |
file151.101.171.182 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file3.33.196.131 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file91.92.240.114 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file37.120.199.54 | STRRAT botnet C2 server (confidence level: 100%) | |
file45.130.164.228 | NjRAT botnet C2 server (confidence level: 100%) | |
file103.106.228.129 | Havoc botnet C2 server (confidence level: 100%) | |
file122.114.10.199 | Sliver botnet C2 server (confidence level: 100%) | |
file34.88.149.206 | Sliver botnet C2 server (confidence level: 100%) | |
file91.187.138.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file199.101.111.101 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.48.163.208 | Meterpreter botnet C2 server (confidence level: 100%) | |
file43.204.22.133 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file103.119.3.160 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.219.53.200 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file156.247.41.106 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.247.41.106 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file18.194.217.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.86.19.86 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file64.188.65.166 | Sliver botnet C2 server (confidence level: 90%) | |
file149.28.227.64 | Sliver botnet C2 server (confidence level: 90%) | |
file85.158.108.55 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.81.14.217 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.180 | XWorm botnet C2 server (confidence level: 100%) | |
file112.126.56.105 | GobRAT botnet C2 server (confidence level: 100%) | |
file103.149.93.152 | Sliver botnet C2 server (confidence level: 100%) | |
file151.243.109.99 | Sliver botnet C2 server (confidence level: 100%) | |
file212.193.31.183 | SectopRAT botnet C2 server (confidence level: 100%) | |
file175.192.75.105 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file159.65.202.204 | MimiKatz botnet C2 server (confidence level: 100%) | |
file16.112.128.183 | Meterpreter botnet C2 server (confidence level: 100%) | |
file43.216.211.111 | Meterpreter botnet C2 server (confidence level: 100%) | |
file109.164.56.92 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file103.149.93.152 | Sliver botnet C2 server (confidence level: 75%) | |
file138.2.121.207 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file149.28.227.64 | Sliver botnet C2 server (confidence level: 75%) | |
file172.236.231.9 | Sliver botnet C2 server (confidence level: 75%) | |
file180.76.103.69 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
file68.221.173.33 | Sliver botnet C2 server (confidence level: 75%) | |
file154.86.19.110 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file188.166.160.90 | Havoc botnet C2 server (confidence level: 100%) | |
file197.204.246.83 | Havoc botnet C2 server (confidence level: 100%) | |
file206.189.213.116 | Havoc botnet C2 server (confidence level: 100%) | |
file223.109.91.213 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file118.107.0.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.171.223.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.86.18.163 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file54.155.20.112 | Sliver botnet C2 server (confidence level: 100%) | |
file58.244.43.233 | Meterpreter botnet C2 server (confidence level: 100%) | |
file79.137.194.178 | Remcos botnet C2 server (confidence level: 100%) | |
file3.66.38.117 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.157.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.115.178 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.197.239.109 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.68.171.119 | NjRAT botnet C2 server (confidence level: 100%) | |
file128.90.108.148 | DCRat botnet C2 server (confidence level: 100%) | |
file194.187.122.190 | DCRat botnet C2 server (confidence level: 100%) | |
file130.61.237.253 | Xtreme RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash9999 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash27015 | XWorm botnet C2 server (confidence level: 100%) | |
hash9739 | XWorm botnet C2 server (confidence level: 100%) | |
hash8535 | XWorm botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash42830 | Remcos botnet C2 server (confidence level: 100%) | |
hash8770 | Remcos botnet C2 server (confidence level: 100%) | |
hash21803 | Remcos botnet C2 server (confidence level: 100%) | |
hash7788 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash7072 | Bashlite botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3399 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1234 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash8888 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5178 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash8888 | XWorm botnet C2 server (confidence level: 75%) | |
hash8088 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7221 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash39262 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash35630 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash9802 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash16688 | Gh0stnet botnet C2 server (confidence level: 100%) | |
hash56001 | PureRAT botnet C2 server (confidence level: 100%) | |
hash3010 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Chaos botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash8082 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash41604 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash554 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash20000 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash4781 | STRRAT botnet C2 server (confidence level: 100%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash29281 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8080 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash5001 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash61938 | XWorm botnet C2 server (confidence level: 100%) | |
hash19481 | XWorm botnet C2 server (confidence level: 100%) | |
hash4434 | GobRAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7001 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash9641 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash10261 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Sliver botnet C2 server (confidence level: 75%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash2002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash19873 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash10001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5412 | Remcos botnet C2 server (confidence level: 100%) | |
hash10859 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10859 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10859 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10859 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10859 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainhubjimfoodsales.shop | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainfutureentrepreneurhub.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainblazingtigerpower.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainstormfurycommandhqex.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainnetrovalixsystems.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainsilverlilysummer.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainenergyefficienttools.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainadministrator.corepulseworks.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainprimeaiinfrastructure.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainnexustelecomltd.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainbrightmorningsunrise.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainabqdealershipsnew.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainfutureinnovationlab.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainadministrator.smartlaunchzone.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainproactiveitinfrastructure.com | Unknown RAT botnet C2 domain (confidence level: 75%) | |
domainopal57x.savvy3spree.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainfemboyservicesapi.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintundra803.savvy3spree.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainsierra14.bonus7basket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaincinder930.bonus7basket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainnylon6burst.bonus7basket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainmarlin204.promoportal4.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaingarnet88.promoportal4.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainplasma707.promoportal4.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainraven31.valuevault8.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainatlas906.valuevault8.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainmango72k.valuevault8.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaincobalt911.offer6orchard.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainzenith44.offer6orchard.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainfjord305.offer6orchard.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainsaffron63.bargainbridge1.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainironwood812.bargainbridge1.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainmindabusiness.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainmattersthatmatters.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaingreatmatteronly.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainacscervice.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainsaborizerefeicoes34.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainthroneback.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainonlinekings.cyou | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainpolar9dash.bargainbridge1.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainnebula501.discount5den.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaincedar27.discount5den.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaina2achannel.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainshare2e2git.yachts | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmtg.emiraride.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmtg.megaexdistribuidora.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domaingts.emiraride.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaingts.megaexdistribuidora.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainecho918.discount5den.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolstice77.reward2rocket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domain5osnse1q.dozerebelt.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainm1w1mwdm.dozerebelt.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainriptide306.reward2rocket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainrhythmbottle.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainticketteaching.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainaftermathmonkey.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainmittenselection.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaintutions.bhavitutors.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstore.xinnomix.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstrimex.de | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstaging.alaincasault.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindevelopmentsite1.bestchoiceitwebsites.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmijnvriendinenik.nl | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmetmuseum.wordt-ontwikkeld.be | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkmhospital.info.digitaljaydeep.in | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhealthyhabitpath.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincarlosjuniorleite.agencialegalads.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstratospb.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainthiagoanselmo.oraculodosorixas.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainyoutubethumbnaildownloadhd.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainyouthviolenceproject.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainyoshinari-raita.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainweiler.signo.dev.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainvncomi.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintattes.ch | IClickFix botnet C2 domain (confidence level: 75%) | |
domainretirementmaxradio.southernsummits.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domain8050.jp | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaiboxs.click | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsmokefreehousinginfo.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaing-terrace.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsureclear.com.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintrimed.com.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintravelmix.ch | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkarminis.ch | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsuketiawan.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domain1c-bitrix-perenos.adm-center.ru | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintizambia.org.zm | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfidestecnologias.com.ve | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnsgrafica.ao | IClickFix botnet C2 domain (confidence level: 75%) | |
domainclinicasdorim.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmunichmotorsport.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkrishnawebservices.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwww-youtube-com-watchvideo.cfd | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlowcountrygrapevines.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsentidoseguros.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaspirefoundationinc.org | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsandyrelief.aurovine.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingiooga.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.geo-home.rw | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincoinmarketsap.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintheharadamethod.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsmokingantrecords.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainthealphain.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainspark-news.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domainilingering-verify-clouds.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainindiasproperty.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlingering-verify-cloud-86ee.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkjarz.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincryptoportalhub.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincryptoinfa.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindmmediacamp.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpharmacygletsos.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaslidomino.info | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlinkmore.info | IClickFix botnet C2 domain (confidence level: 75%) | |
domainplanb.ph | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsolscan.is | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincld.hashes.today | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintitle-car.info | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhotelthilanka.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpetersandorf.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainxerovent.org | IClickFix botnet C2 domain (confidence level: 75%) | |
domain360-carview.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domain4vspvs.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainupsistem32dat.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrankieng.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincih.vbk.temporary.site | IClickFix botnet C2 domain (confidence level: 75%) | |
domainb.pendantkart.in | IClickFix botnet C2 domain (confidence level: 75%) | |
domainverificationsbycapcha.center | IClickFix botnet C2 domain (confidence level: 75%) | |
domainegyeditalpbetet.batz.hu | IClickFix botnet C2 domain (confidence level: 75%) | |
domainupdatesbrows.app | IClickFix botnet C2 domain (confidence level: 75%) | |
domainjftl.co.in | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpawprintspublishingllc.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpbcustomercare.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaddisartist.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdranktop.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepopt.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbebirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbitbirdrep.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepnet.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepcorp.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepfx.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepinc.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepsys.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepup.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepinfo.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdreppro.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankapp.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepfix.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepwin.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepuse.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepbit.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrepusa.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainacebirdrep.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankopt.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintapbirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsysbirdrep.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindyshpt.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincoronadopreppreschool.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfresheralerts.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbonus33.info | IClickFix botnet C2 domain (confidence level: 75%) | |
domainjavsenpaiii.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainjavsenpai.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincaptaincoin.io | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintenkif.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaineducatorshub.org | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmyminicabin.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainabbeysorchids.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domain68gamewin7.shop | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincircleebuildings.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.kabarpangan.id | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintools-booster.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainonlinelearning.efcde.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhtglobalcircuits.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking.com-admin.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainideacatcher.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlilypainexperts.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankbox.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwomensfitnessplans.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaceimaging.in | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintripvoyagehub.org | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincbtechnic.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaccessbullx.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincpdendorsed.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainblancosettlement.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainshopifycpatch.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainclickuhome.com.hk | IClickFix botnet C2 domain (confidence level: 75%) | |
domain365-docs.cfd | IClickFix botnet C2 domain (confidence level: 75%) | |
domainescortseohizmetleri.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainemail.closeoutstocks.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfixbirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfixbirdrep.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfiringpinjournal.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincaptcha-verification.digital | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindocumenti-drive.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindieticianruniakolkata.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkantinas.gr | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlaengconsulting.ch | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindcnmjewels.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrockettcg.cl | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincloudflare-captcha.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpiworfolo.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstaging.ferreiraco.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking.com-reactivate.de | IClickFix botnet C2 domain (confidence level: 75%) | |
domainshreejayjalaramgroup.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainguard-google.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintraitement-anti-fourmis.fr | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmemorialgreenturf.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmetronomie.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainqr.emedia.ae | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstu.edu.iq | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-usfnskwkn666.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnashamuktijabalpur.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-bckdpsdeuw.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-sflepznfhwys3.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking-verif.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-hsdiwnxdsndknw.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-03100dc.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsolidnews.pro | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincuanasekali.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-021004.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-021003.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-021002.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-021001.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-011005.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-011003.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-011002.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainshop.stil.co.ug | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrootsems.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass-v-udk3nbdbw842.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking-verification.click | IClickFix botnet C2 domain (confidence level: 75%) | |
domainafricanhillslodge.co.za | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingecal.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingclouds.icu | IClickFix botnet C2 domain (confidence level: 75%) | |
domainzeta-financial.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingcloudfs.icu | IClickFix botnet C2 domain (confidence level: 75%) | |
domainyourishikesh.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoogle-security-bypass.pages.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domain365-docs.online | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-31a7ccb7d5264101a447a2914e357e5f.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbabybauchblog.de | IClickFix botnet C2 domain (confidence level: 75%) | |
domainreachbirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbalbharatischool.in | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincloudflare.cheahpartners.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaineasygoldtrading.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankhelp.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsindangkasihnews.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincuanahebat.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking-verify-check-number1883.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-f00f6c74748b448cad437351a835c6cf.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbooking.com-sign-in.world | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.journalultv.edu.vn | IClickFix botnet C2 domain (confidence level: 75%) | |
domainglynneathdental.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintermal.bailetusnad.de | IClickFix botnet C2 domain (confidence level: 75%) | |
domainprobirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmoro-mie.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintickets-sarstedt.365-portal.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintheamoralists.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincomolube.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincryptocompass.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainminhajautorepair-ae.oam.pgs.mybluehostin.me | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-b4e149870eb044c2b0d90459885821f9.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincareerslumen.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhglawyers.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindongfeng-uae.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnorthamptonorthopaedics.co.uk | IClickFix botnet C2 domain (confidence level: 75%) | |
domainelternrat-bezaarau.ch | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintradesync.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainavanteoficina.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-75942411e32842ff9c7c36752d5fbba8.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaineastwestglassexpert.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainconstructionsmcl.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankex.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwww.thebrainworkshop.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainelcomltd.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainos.clinic | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdrankup.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-2149a070e76f4ccabd67228f754768dc.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainipmmasterclass.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainashigaruwallet.rs | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmarineeducational.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpaok24.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainchillimanis.com.sg | IClickFix botnet C2 domain (confidence level: 75%) | |
domainenergy-ts.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainclarionschooldubai.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnewsouthhomes.com.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-2889d605e08246e4846fd7d50b9f7673.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainstakesol.pro | IClickFix botnet C2 domain (confidence level: 75%) | |
domainm-t.gov.gr | IClickFix botnet C2 domain (confidence level: 75%) | |
domainchemistnotes.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwww.alampat.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-4ecf9dbb36b14a6ca5cc2edda94239c8.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfloralsupply.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwww.lntrealty.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrjccabinets.com.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsunlook.fun | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaticusllc.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainthoseguysepoxyandmore.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainardiellifornasa.ge | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpiworfolo.com.theplatinumguesthouse.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaineetools.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainjzs86.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-a8c70268707f403c889fb3370abffd68.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainluminateclinic.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwtaindia.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainxytelindia.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainspinedoctors.md | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmondossierrenov.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainadult.cheahpartners.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwarmembraceshop.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainupdate-ccleaner.run.place | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindubaiexpertplumber.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindat.claims | IClickFix botnet C2 domain (confidence level: 75%) | |
domainunclewileys.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnontonfilm.us | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsidelinesports.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincorporateofficehq.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainakademiawalki.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhhpms.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaiolocksmithstpetersburg.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincloud-file-explorer.netlify.app | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingtl.ci | IClickFix botnet C2 domain (confidence level: 75%) | |
domainakwatic-hotel.ci | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrafelink.life | IClickFix botnet C2 domain (confidence level: 75%) | |
domainclipacc.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsenevie.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-f3584a9197da4a3ab7b71a89ef92a1c7.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincapgokil.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domainupfilenew.cc | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintopbirdrank.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintonnsfabrication.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbharatnamkeens.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainskipgorman.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfd1c2342-e679-4d72-8d6c-14188a0889f5.journalultv.edu.vn | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincapazmente.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaininfobirdrep.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaineu2.contabostorage.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmartinpintado.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintestshop.thermeeins.de | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsetenews.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincloudflare-app.mooo.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainotticaramoni.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbirdreplab.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmmm-intranet-document-explorer.netlify.app | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrevistadiversidadcultural.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrootsmacaronesia.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincuanauntung.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domainrobobotics.eu | IClickFix botnet C2 domain (confidence level: 75%) | |
domainscillarodriguez.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingesundeswasser.co | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpub-dce4815fde8f4b84a55fe31ab7cf28c3.r2.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmaheshwaree.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwww.dorper.com.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domainpicsera.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsable14x.reward2rocket.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainxerpa.flint09marko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainm2-q8v.flint09marko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainr5k0t.flint09marko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainbenn4x.brisk7dento.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainqem2a.brisk7dento.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainbuhlfp.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainhoathinh3d.to | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjapetuxaliq.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjemaco.ch | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkind.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainklubblyftet.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnpzfh.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnrp.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaint0veek.brisk7dento.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainhass-8r3p.plax482verdi.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaincarry.plax482verdi.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainnumbers-23.plax482verdi.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainwish-carefully.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainaivo.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvlxx.co.za | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpdd-6m8a.tronk6vesta.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainz4kt1r.tronk6vesta.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaink9x5nff.tronk6vesta.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainw7c2q.glint39parko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaina6mm9t.glint39parko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainzor.emiraride.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainzor.megaexdistribuidora.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainreppox.glint39parko.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domaint8aak3m.prong8tatsky.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainh3wwqgbo.caretouched.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domain655rd9or.caretouched.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainnetzhit.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainx1-n9q.prong8tatsky.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainb5rr7a.prong8tatsky.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainmmm4x8p.kolos56tomat.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainnumerito.asuscomm.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsonyj.com | SmartApeSG payload delivery domain (confidence level: 100%) | |
domainbooking.lastminutebusinessclass.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainweb-q9t2n.kolos56tomat.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainark7r5k.kolos56tomat.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainnssss6p3t.buckshot3hha.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainx49k7m.buckshot3hha.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainr332a8q.buckshot3hha.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainpass5x1m.favour128influen.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeer2p.com | SmartApeSG payload delivery domain (confidence level: 100%) | |
domaininspire-moi.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaingardenscup.com | Vidar payload delivery domain (confidence level: 100%) | |
domainted9q6r.favour128influen.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainmzg.emiraride.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmzg.megaexdistribuidora.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domaink4n7a3n.favour128influen.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainx77r44p.rye93shishaty.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainynumdzg6a.localto.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhisoftsfnrq.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingablewize.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindiva.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainidi-nahuy.net | SpyNote botnet C2 domain (confidence level: 100%) | |
domainmag1q9t.rye93shishaty.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainassin6k7n.rye93shishaty.coupons | ClearFake payload delivery domain (confidence level: 100%) | |
domainbattolka.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.battolka.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsseeo.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.sseeo.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.sseeo.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainouryearofmoney001.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkde-exe.with.playit.plus | XWorm botnet C2 domain (confidence level: 100%) | |
domaindiscovery.brav7mon3ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsourire.brav7mon3ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingreatthingshapppenthanku.duckdns.org | Remcos botnet C2 domain (confidence level: 75%) | |
domainmiraclemiracleoluwa.duckdns.org | Remcos botnet C2 domain (confidence level: 75%) | |
domainglanz.trak8lin4zo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeyond.trak8lin4zo.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://64.188.79.242/installerr/api/endpoint.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://captioz.shop/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://nonny11.xyz/sol/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://saborizerefeicoes34.store/donldpats/receptor.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://gts.emiraride.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gts.megaexdistribuidora.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mtg.emiraride.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mtg.megaexdistribuidora.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://89.167.68.164/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.252.105/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.245.121/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.21.182.91/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.49.62/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://89.167.8.65/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.254.225/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://89.208.106.114/7e1669c87b2a4f93.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://85.137.252.19/g8hrs4f4vh/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://zor.emiraride.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://zor.megaexdistribuidora.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://netzhit.com/5s8h.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://netzhit.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://sonyj.com/auth/endpoint-cache.php | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://sonyj.com/auth/redirect-xml.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttp://79.141.162.183/file1 | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://awakeningd.com/file1 | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://79.141.162.183/zip1 | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://beer2p.com/auth/principal-effect.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://beer2p.com/auth/endpoint-cache.php | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://beer2p.com/auth/redirect-xml.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttp://193.201.82.142:3389/register | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://mzg.emiraride.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mzg.megaexdistribuidora.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://endlessgrumbler.cc:8080/updater?for=eee084a32dc313b18304be69a2ae44d9 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://endlessgrumbler.cc:8080/updater?for=f9c5ac442056a565c9f32e47f0a01ff6 | Unknown malware botnet C2 (confidence level: 100%) |
Threat ID: 698e6dcac9e1ff5ad833f58a
Added to database: 2/13/2026, 12:18:18 AM
Last enriched: 2/13/2026, 12:33:30 AM
Last updated: 2/20/2026, 9:19:37 PM
Views: 297
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Android threats using GenAI usher in a new era
MediumMaltrail IOC for 2026-02-20
MediumFBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
MediumPromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
MediumThreatFox IOCs for 2026-02-19
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.