Reconnecting to live updates…

ThreatFox IOCs for 2026-02-14

Severity: mediumType: malware

AI Analysis

Technical Summary

This entry from the ThreatFox MISP feed dated 2026-02-14 provides a collection of Indicators of Compromise (IOCs) related to malware activity, specifically focusing on OSINT (Open Source Intelligence) and network activity associated with payload delivery. The data lacks detailed technical specifics such as affected software versions, concrete indicators, or exploit mechanisms. No known exploits are reported in the wild, and no patches or remediation links are available, indicating this is likely an intelligence update or preparatory information rather than an active or imminent threat. The threat level is medium, reflecting a moderate concern primarily due to the potential for payload delivery via network vectors. The absence of CWE identifiers and detailed technical analysis limits the ability to assess the exact nature of the malware or its attack vectors. The threat is tagged with TLP:white, indicating it is intended for wide distribution and awareness. The technical metadata suggests moderate distribution but low analysis depth, implying that while the threat is recognized, it is not yet fully understood or actively exploited. This type of intelligence is valuable for security teams to update detection capabilities and monitor for emerging threats but does not indicate an immediate vulnerability or compromise scenario.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of active exploitation and specific targeting information. However, the potential for payload delivery through network activity means that if leveraged, it could lead to unauthorized access, data exfiltration, or disruption of services. Organizations relying heavily on OSINT tools or exposed network services should be vigilant. The medium severity suggests a moderate risk to confidentiality and integrity if the malware payloads are successfully delivered and executed. Availability impact appears minimal at this stage. Since no patches or direct mitigations are available, the primary impact is on detection and response capabilities. Failure to incorporate these IOCs into security monitoring could delay identification of related malicious activity, increasing risk exposure. Overall, the threat underscores the importance of proactive threat intelligence integration and network monitoring within European enterprises.

Mitigation Recommendations

European organizations should integrate the provided IOCs from the ThreatFox feed into their security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection capabilities. Regularly update threat intelligence feeds and correlate alerts with network traffic to identify potential payload delivery attempts. Conduct thorough network segmentation to limit lateral movement if a payload is delivered. Employ strict egress filtering and monitor outbound traffic for anomalies. Maintain up-to-date endpoint protection with behavioral analysis to detect unknown malware payloads. Since no patches are available, focus on hardening network perimeters, enforcing least privilege access, and conducting regular security awareness training to reduce the risk of social engineering or phishing that could facilitate payload delivery. Additionally, perform periodic threat hunting exercises using the latest OSINT indicators to identify early signs of compromise. Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 185.177.57.70
hash: 23
file: 85.120.81.158
hash: 18916
file: 104.156.155.94
hash: 80
file: 156.247.41.106
hash: 8000
file: 124.198.132.104
hash: 80
file: 64.190.113.206
hash: 79
file: 43.228.157.33
hash: 3778
url: https://74.0.48.100/
domain: cpanel.terriberrynj.com
domain: cyrex.cc
domain: displaysecurity.com
domain: fxplay.in
domain: liveworkplaylkn.com
domain: ranchernandez.store
domain: sportsstories.gr
domain: constructora-alpigroup.com
domain: territoriodoagro.com
domain: thewigdoctorshop.com
domain: razzledazzlejewelrystore.com
domain: meguri-toroge.com
domain: storehouseholdingsinc.com
domain: campbrainstorm.com
domain: ajedrezchiletorneos.cl
domain: anotherroadtutoring.com
domain: protectormexico.com.mx
domain: bekaskantor.com
domain: shreeshyammotors.in
domain: creators--cloud.com
domain: arnaelevators.com
domain: thewrightgiftstore.com
domain: tentori.cloud
domain: buckscountytaxattorney.com
domain: wiki.webitfactory.io
domain: cuve-fioul-services.fr
domain: divinedirectory.com
domain: thekeyfactor.org
domain: prospectorplumbing.com
domain: translator.isotoop.be
domain: smtp.bldg-restoration.com
file: 144.172.105.225
hash: 4001
file: 141.94.23.83
hash: 14433
file: 54.38.55.91
hash: 14433
file: 147.185.221.211
hash: 60581
file: 78.29.43.89
hash: 1488
file: 158.94.210.195
hash: 3778
file: 52.84.143.48
hash: 443
domain: uqhjqliqb4shjkmd.frostapi.com
domain: upload.frostapi.com
file: 78.29.43.89
hash: 40544
domain: evasivestars.com
file: 185.208.159.174
hash: 1337
file: 104.168.7.222
hash: 15407
file: 193.187.91.209
hash: 54073
file: 198.244.201.139
hash: 3964
file: 104.250.167.52
hash: 9095
domain: 176.65.148.31.ptr.pfcloud.network
file: 176.65.148.31
hash: 51321
file: 172.235.171.65
hash: 40639
file: 146.70.226.138
hash: 5103
file: 43.249.175.83
hash: 37812
file: 149.50.96.57
hash: 2404
file: 172.93.222.219
hash: 2404
file: 149.28.254.111
hash: 443
file: 213.142.151.94
hash: 1337
file: 45.227.253.115
hash: 9000
file: 199.101.111.55
hash: 3790
file: 168.245.203.77
hash: 3790
file: 43.201.5.24
hash: 443
file: 199.101.111.60
hash: 3790
file: 147.185.221.181
hash: 9539
domain: top-angebot.blaukraft.coupons
domain: blitz-deal.blaukraft.coupons
file: 155.117.44.130
hash: 1337
domain: vent-frais.ventdoux.coupons
file: 169.224.4.4
hash: 37625
domain: www.koga.ar
file: 156.234.56.34
hash: 19273
file: 156.234.94.210
hash: 37812
domain: ckvyonlulzcjnleiknrmvmwouqvjkgaijcagpspr.duckdns.org
domain: gwdvcxhfzaplyiyvcpfbdepelkxnegdnjnywopeb.duckdns.org
domain: promo-libre.ventdoux.coupons
domain: qkoyfenxbyimpvnbsoibyfovpdydxjghovpqzxys.duckdns.org
domain: ragxggbbhytljtuxtdkltyucygeyvegfctbsurnz.duckdns.org
file: 172.96.137.80
hash: 31337
file: 194.164.96.98
hash: 1803
file: 169.40.135.7
hash: 8808
file: 195.66.215.248
hash: 8808
file: 128.90.115.3
hash: 4433
file: 192.144.211.249
hash: 60000
file: 212.28.186.94
hash: 7004
file: 107.163.241.194
hash: 6520
domain: 7mgtwzocu.localto.net
domain: webxio1231-40781.portmap.host
domain: uhadenozoowgoxokqgjvctlehtjmhwyocirfrjcg.duckdns.org
file: 107.152.32.98
hash: 2557
file: 152.89.162.5
hash: 50987
file: 172.111.213.110
hash: 2404
domain: mond-schein.stolzmond.coupons
url: http://91.196.33.68
file: 192.252.181.120
hash: 448
file: 192.252.181.116
hash: 447
file: 192.252.181.116
hash: 448
domain: stern-fahrt.stolzmond.coupons
file: 23.226.58.249
hash: 28713
file: 196.251.107.159
hash: 2222
file: 160.191.77.61
hash: 8443
domain: bois-vert.clairforet.coupons
domain: eco-nature.clairforet.coupons
domain: eis-bahn.winterzug.coupons
domain: kalt-start.winterzug.coupons
domain: grand-reve.revesage.coupons
hash: 510a87871053e239479f28101f013d0f
hash: 0ec7d167c7ee8764e21c792d6a65d059
hash: fb42dec2c39cd7884ca4cb6b76308f51
hash: 370fbcc6711fb983ae4679f02c5ac461
hash: 29144c2f5acd859adf08d42ffcd74f50
hash: 0f7d721e4e5e2ce0a5c629f2fd4ac572
hash: e80e683b7d37acd47afa66919145ecf4
file: 89.124.67.107
hash: 9000
file: 91.92.242.165
hash: 8090
file: 195.177.94.132
hash: 8443
domain: hotehotehotel123.dynuddns.com
domain: nuit-douce.revesage.coupons
file: 13.115.210.186
hash: 443
file: 163.181.123.15
hash: 4506
file: 23.235.179.118
hash: 28713
file: 46.148.231.117
hash: 587
file: 65.153.151.24
hash: 8800
domain: odayrifaii-37201.portmap.host
domain: ggmenp120-43957.portmap.host
domain: t72k-30675.portmap.host
domain: gold-zeit.herbstlauf.coupons
domain: boscodellabella.ch
file: 104.21.7.84
hash: 1604
file: 104.21.7.84
hash: 4782
file: 104.21.70.134
hash: 1604
file: 104.21.70.134
hash: 4782
file: 172.67.135.231
hash: 1604
file: 172.67.135.231
hash: 4782
file: 172.67.223.20
hash: 1604
file: 172.67.223.20
hash: 4782
domain: wald-lauf.herbstlauf.coupons
domain: vn-vlxx.com
domain: mon-tresor.noitresor.coupons
file: 198.244.201.139
hash: 3913
domain: coffre-fort.noitresor.coupons
domain: brekaz.shop
url: https://brekaz.shop/api/css.js
domain: gruen-blatt.waldlied.coupons
file: 34.41.139.193
hash: 5202
domain: natur-klang.waldlied.coupons
domain: nhl.it.com
domain: securityalarms.us.com
file: 156.234.94.213
hash: 28713
file: 213.64.72.46
hash: 80
file: 80.97.160.68
hash: 443
file: 107.172.31.102
hash: 8881
url: https://portuge.cyou/api
domain: portuge.cyou
domain: x8p3a.blint8darvo.coupons
domain: harvest.blint8darvo.coupons
domain: b1int-rnix.blint8darvo.coupons
domain: q7m9v.crint3valko.coupons
domain: www.xoilaczzasz.tv
file: 141.227.129.198
hash: 14433
file: 45.151.236.233
hash: 3765
file: 210.87.69.224
hash: 8888
file: 18.180.199.50
hash: 80
url: https://drawnbe.cyou/api
file: 147.185.221.29
hash: 34986
file: 47.237.82.83
hash: 520
file: 151.242.152.131
hash: 1234
file: 151.242.152.131
hash: 2345
file: 151.242.152.131
hash: 79
domain: saffron.crint3valko.coupons
domain: cr1nt-vvay.crint3valko.coupons
domain: t4k2n.flint1zarco.coupons
domain: ns1.bbcbook.net
domain: ns2.bbcbook.net
domain: cascade.flint1zarco.coupons
file: 185.196.8.2
hash: 53
domain: f1int-0rb.flint1zarco.coupons
domain: m6r8p.prisk7tarvo.coupons
domain: outpost.prisk7tarvo.coupons
domain: pr1sk-rnate.prisk7tarvo.coupons
domain: z3n7a.nabokov30slam.coupons
domain: verbatim.nabokov30slam.coupons
file: 147.185.221.29
hash: 3765
domain: nab0k0v-llnk.nabokov30slam.coupons
domain: qhqkhnsg.websphere.digital
domain: bju1b4zl.websphere.digital
file: 161.35.110.36
hash: 24598
file: 138.252.132.50
hash: 8808
file: 95.31.213.79
hash: 8000
domain: task.osmagnatas.net
domain: captiort.shop
domain: zjrhp8su2.localto.net
file: 101.200.193.211
hash: 8086
url: http://endlessgrumbler.cc:8080/updater?for=365bcb25a26273ddb4f98d8d4b16a4c2
file: 45.74.19.28
hash: 443
domain: c9t5q.kozhevnik6lan.coupons
file: 23.226.52.148
hash: 27981
file: 45.88.186.230
hash: 1000
file: 46.151.28.66
hash: 9000
file: 69.167.10.162
hash: 443
file: 102.98.205.122
hash: 443
file: 105.68.228.221
hash: 80
file: 150.109.63.68
hash: 64443
file: 199.101.111.135
hash: 3790
domain: glacier.kozhevnik6lan.coupons
domain: k0zhev-rnix.kozhevnik6lan.coupons
domain: p8x1m.homo483geneous.coupons
domain: artifact.homo483geneous.coupons
domain: h0m0-vvex.homo483geneous.coupons
domain: gomabkiruna.ru.com
domain: hoathinh3d.la
file: 38.76.193.175
hash: 6666
file: 38.76.193.175
hash: 8888
file: 38.76.193.175
hash: 7777
file: 107.172.31.101
hash: 8891
file: 165.245.130.101
hash: 8080
file: 27.221.15.199
hash: 4506
file: 156.234.94.218
hash: 28713
file: 217.91.52.249
hash: 2404
file: 119.167.205.169
hash: 10001
file: 91.89.111.120
hash: 6000
domain: gologpoint.com
file: 62.164.177.230
hash: 80
file: 43.243.191.254
hash: 28713
file: 95.85.244.160
hash: 8888
file: 134.199.219.201
hash: 4444
file: 103.177.46.26
hash: 3790
file: 199.101.111.99
hash: 3790
domain: r2k6d.plea36slavneck.coupons
domain: lantern.plea36slavneck.coupons
domain: p1ea-rnask.plea36slavneck.coupons
domain: cqebzhel.cyberlane.digital
domain: 7wgxbccc.cyberlane.digital
file: 103.37.2.25
hash: 28713
file: 23.235.179.125
hash: 28713
file: 103.37.2.20
hash: 28713
file: 69.148.168.199
hash: 25565
file: 18.142.177.189
hash: 80
domain: www.xoilaciu.tv
file: 135.125.188.227
hash: 5090
file: 45.142.44.125
hash: 7777
domain: cptoptious.com
domain: fssop-77-91-148-5.a.free.pinggy.link
domain: v3.cielsombre.coupons
domain: secure-login-area.cielsombre.coupons
url: http://144.31.139.187

ThreatFox IOCs for 2026-02-14

Severity: medium

Type: malware

ThreatFox IOCs for 2026-02-14

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 185.177.57.70
hash: 23
file: 85.120.81.158
hash: 18916
file: 104.156.155.94
hash: 80
file: 156.247.41.106
hash: 8000
file: 124.198.132.104
hash: 80
file: 64.190.113.206
hash: 79
file: 43.228.157.33
hash: 3778
url: https://74.0.48.100/
domain: cpanel.terriberrynj.com
domain: cyrex.cc
domain: displaysecurity.com
domain: fxplay.in
domain: liveworkplaylkn.com
domain: ranchernandez.store
domain: sportsstories.gr
domain: constructora-alpigroup.com
domain: territoriodoagro.com
domain: thewigdoctorshop.com
domain: razzledazzlejewelrystore.com
domain: meguri-toroge.com
domain: storehouseholdingsinc.com
domain: campbrainstorm.com
domain: ajedrezchiletorneos.cl
domain: anotherroadtutoring.com
domain: protectormexico.com.mx
domain: bekaskantor.com
domain: shreeshyammotors.in
domain: creators--cloud.com
domain: arnaelevators.com
domain: thewrightgiftstore.com
domain: tentori.cloud
domain: buckscountytaxattorney.com
domain: wiki.webitfactory.io
domain: cuve-fioul-services.fr
domain: divinedirectory.com
domain: thekeyfactor.org
domain: prospectorplumbing.com
domain: translator.isotoop.be
domain: smtp.bldg-restoration.com
file: 144.172.105.225
hash: 4001
file: 141.94.23.83
hash: 14433
file: 54.38.55.91
hash: 14433
file: 147.185.221.211
hash: 60581
file: 78.29.43.89
hash: 1488
file: 158.94.210.195
hash: 3778
file: 52.84.143.48
hash: 443
domain: uqhjqliqb4shjkmd.frostapi.com
domain: upload.frostapi.com
file: 78.29.43.89
hash: 40544
domain: evasivestars.com
file: 185.208.159.174
hash: 1337
file: 104.168.7.222
hash: 15407
file: 193.187.91.209
hash: 54073
file: 198.244.201.139
hash: 3964
file: 104.250.167.52
hash: 9095
domain: 176.65.148.31.ptr.pfcloud.network
file: 176.65.148.31
hash: 51321
file: 172.235.171.65
hash: 40639
file: 146.70.226.138
hash: 5103
file: 43.249.175.83
hash: 37812
file: 149.50.96.57
hash: 2404
file: 172.93.222.219
hash: 2404
file: 149.28.254.111
hash: 443
file: 213.142.151.94
hash: 1337
file: 45.227.253.115
hash: 9000
file: 199.101.111.55
hash: 3790
file: 168.245.203.77
hash: 3790
file: 43.201.5.24
hash: 443
file: 199.101.111.60
hash: 3790
file: 147.185.221.181
hash: 9539
domain: top-angebot.blaukraft.coupons
domain: blitz-deal.blaukraft.coupons
file: 155.117.44.130
hash: 1337
domain: vent-frais.ventdoux.coupons
file: 169.224.4.4
hash: 37625
domain: www.koga.ar
file: 156.234.56.34
hash: 19273
file: 156.234.94.210
hash: 37812
domain: ckvyonlulzcjnleiknrmvmwouqvjkgaijcagpspr.duckdns.org
domain: gwdvcxhfzaplyiyvcpfbdepelkxnegdnjnywopeb.duckdns.org
domain: promo-libre.ventdoux.coupons
domain: qkoyfenxbyimpvnbsoibyfovpdydxjghovpqzxys.duckdns.org
domain: ragxggbbhytljtuxtdkltyucygeyvegfctbsurnz.duckdns.org
file: 172.96.137.80
hash: 31337
file: 194.164.96.98
hash: 1803
file: 169.40.135.7
hash: 8808
file: 195.66.215.248
hash: 8808
file: 128.90.115.3
hash: 4433
file: 192.144.211.249
hash: 60000
file: 212.28.186.94
hash: 7004
file: 107.163.241.194
hash: 6520
domain: 7mgtwzocu.localto.net
domain: webxio1231-40781.portmap.host
domain: uhadenozoowgoxokqgjvctlehtjmhwyocirfrjcg.duckdns.org
file: 107.152.32.98
hash: 2557
file: 152.89.162.5
hash: 50987
file: 172.111.213.110
hash: 2404
domain: mond-schein.stolzmond.coupons
url: http://91.196.33.68
file: 192.252.181.120
hash: 448
file: 192.252.181.116
hash: 447
file: 192.252.181.116
hash: 448
domain: stern-fahrt.stolzmond.coupons
file: 23.226.58.249
hash: 28713
file: 196.251.107.159
hash: 2222
file: 160.191.77.61
hash: 8443
domain: bois-vert.clairforet.coupons
domain: eco-nature.clairforet.coupons
domain: eis-bahn.winterzug.coupons
domain: kalt-start.winterzug.coupons
domain: grand-reve.revesage.coupons
hash: 510a87871053e239479f28101f013d0f
hash: 0ec7d167c7ee8764e21c792d6a65d059
hash: fb42dec2c39cd7884ca4cb6b76308f51
hash: 370fbcc6711fb983ae4679f02c5ac461
hash: 29144c2f5acd859adf08d42ffcd74f50
hash: 0f7d721e4e5e2ce0a5c629f2fd4ac572
hash: e80e683b7d37acd47afa66919145ecf4
file: 89.124.67.107
hash: 9000
file: 91.92.242.165
hash: 8090
file: 195.177.94.132
hash: 8443
domain: hotehotehotel123.dynuddns.com
domain: nuit-douce.revesage.coupons
file: 13.115.210.186
hash: 443
file: 163.181.123.15
hash: 4506
file: 23.235.179.118
hash: 28713
file: 46.148.231.117
hash: 587
file: 65.153.151.24
hash: 8800
domain: odayrifaii-37201.portmap.host
domain: ggmenp120-43957.portmap.host
domain: t72k-30675.portmap.host
domain: gold-zeit.herbstlauf.coupons
domain: boscodellabella.ch
file: 104.21.7.84
hash: 1604
file: 104.21.7.84
hash: 4782
file: 104.21.70.134
hash: 1604
file: 104.21.70.134
hash: 4782
file: 172.67.135.231
hash: 1604
file: 172.67.135.231
hash: 4782
file: 172.67.223.20
hash: 1604
file: 172.67.223.20
hash: 4782
domain: wald-lauf.herbstlauf.coupons
domain: vn-vlxx.com
domain: mon-tresor.noitresor.coupons
file: 198.244.201.139
hash: 3913
domain: coffre-fort.noitresor.coupons
domain: brekaz.shop
url: https://brekaz.shop/api/css.js
domain: gruen-blatt.waldlied.coupons
file: 34.41.139.193
hash: 5202
domain: natur-klang.waldlied.coupons
domain: nhl.it.com
domain: securityalarms.us.com
file: 156.234.94.213
hash: 28713
file: 213.64.72.46
hash: 80
file: 80.97.160.68
hash: 443
file: 107.172.31.102
hash: 8881
url: https://portuge.cyou/api
domain: portuge.cyou
domain: x8p3a.blint8darvo.coupons
domain: harvest.blint8darvo.coupons
domain: b1int-rnix.blint8darvo.coupons
domain: q7m9v.crint3valko.coupons
domain: www.xoilaczzasz.tv
file: 141.227.129.198
hash: 14433
file: 45.151.236.233
hash: 3765
file: 210.87.69.224
hash: 8888
file: 18.180.199.50
hash: 80
url: https://drawnbe.cyou/api
file: 147.185.221.29
hash: 34986
file: 47.237.82.83
hash: 520
file: 151.242.152.131
hash: 1234
file: 151.242.152.131
hash: 2345
file: 151.242.152.131
hash: 79
domain: saffron.crint3valko.coupons
domain: cr1nt-vvay.crint3valko.coupons
domain: t4k2n.flint1zarco.coupons
domain: ns1.bbcbook.net
domain: ns2.bbcbook.net
domain: cascade.flint1zarco.coupons
file: 185.196.8.2
hash: 53
domain: f1int-0rb.flint1zarco.coupons
domain: m6r8p.prisk7tarvo.coupons
domain: outpost.prisk7tarvo.coupons
domain: pr1sk-rnate.prisk7tarvo.coupons
domain: z3n7a.nabokov30slam.coupons
domain: verbatim.nabokov30slam.coupons
file: 147.185.221.29
hash: 3765
domain: nab0k0v-llnk.nabokov30slam.coupons
domain: qhqkhnsg.websphere.digital
domain: bju1b4zl.websphere.digital
file: 161.35.110.36
hash: 24598
file: 138.252.132.50
hash: 8808
file: 95.31.213.79
hash: 8000
domain: task.osmagnatas.net
domain: captiort.shop
domain: zjrhp8su2.localto.net
file: 101.200.193.211
hash: 8086
url: http://endlessgrumbler.cc:8080/updater?for=365bcb25a26273ddb4f98d8d4b16a4c2
file: 45.74.19.28
hash: 443
domain: c9t5q.kozhevnik6lan.coupons
file: 23.226.52.148
hash: 27981
file: 45.88.186.230
hash: 1000
file: 46.151.28.66
hash: 9000
file: 69.167.10.162
hash: 443
file: 102.98.205.122
hash: 443
file: 105.68.228.221
hash: 80
file: 150.109.63.68
hash: 64443
file: 199.101.111.135
hash: 3790
domain: glacier.kozhevnik6lan.coupons
domain: k0zhev-rnix.kozhevnik6lan.coupons
domain: p8x1m.homo483geneous.coupons
domain: artifact.homo483geneous.coupons
domain: h0m0-vvex.homo483geneous.coupons
domain: gomabkiruna.ru.com
domain: hoathinh3d.la
file: 38.76.193.175
hash: 6666
file: 38.76.193.175
hash: 8888
file: 38.76.193.175
hash: 7777
file: 107.172.31.101
hash: 8891
file: 165.245.130.101
hash: 8080
file: 27.221.15.199
hash: 4506
file: 156.234.94.218
hash: 28713
file: 217.91.52.249
hash: 2404
file: 119.167.205.169
hash: 10001
file: 91.89.111.120
hash: 6000
domain: gologpoint.com
file: 62.164.177.230
hash: 80
file: 43.243.191.254
hash: 28713
file: 95.85.244.160
hash: 8888
file: 134.199.219.201
hash: 4444
file: 103.177.46.26
hash: 3790
file: 199.101.111.99
hash: 3790
domain: r2k6d.plea36slavneck.coupons
domain: lantern.plea36slavneck.coupons
domain: p1ea-rnask.plea36slavneck.coupons
domain: cqebzhel.cyberlane.digital
domain: 7wgxbccc.cyberlane.digital
file: 103.37.2.25
hash: 28713
file: 23.235.179.125
hash: 28713
file: 103.37.2.20
hash: 28713
file: 69.148.168.199
hash: 25565
file: 18.142.177.189
hash: 80
domain: www.xoilaciu.tv
file: 135.125.188.227
hash: 5090
file: 45.142.44.125
hash: 7777
domain: cptoptious.com
domain: fssop-77-91-148-5.a.free.pinggy.link
domain: v3.cielsombre.coupons
domain: secure-login-area.cielsombre.coupons
url: http://144.31.139.187

Source: ThreatFox MISP Feed

Published: Sat Feb 14 2026

ThreatFox IOCs for 2026-02-14

Medium

Malwaretype:osint tlp:white

Published: Sat Feb 14 2026 (02/14/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-02-14

AI-Powered Analysis

AILast updated: 02/15/2026, 00:33:29 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: f1ef3ea6-2aeb-4991-ada5-59016edf07bf
Original Timestamp: 1771113786

Indicators of Compromise

File

Value	Description	Copy
file185.177.57.70	Mirai botnet C2 server (confidence level: 88%)
file85.120.81.158	Mirai botnet C2 server (confidence level: 100%)
file104.156.155.94	Unknown malware botnet C2 server (confidence level: 100%)
file156.247.41.106	Ghost RAT botnet C2 server (confidence level: 77%)
file124.198.132.104	Stealc botnet C2 server (confidence level: 100%)
file64.190.113.206	MintsLoader payload delivery server (confidence level: 100%)
file43.228.157.33	Mirai botnet C2 server (confidence level: 80%)
file144.172.105.225	SystemBC botnet C2 server (confidence level: 100%)
file141.94.23.83	XWorm botnet C2 server (confidence level: 100%)
file54.38.55.91	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.211	XWorm botnet C2 server (confidence level: 100%)
file78.29.43.89	XWorm botnet C2 server (confidence level: 100%)
file158.94.210.195	Mirai botnet C2 server (confidence level: 100%)
file52.84.143.48	XWorm botnet C2 server (confidence level: 100%)
file78.29.43.89	XWorm botnet C2 server (confidence level: 100%)
file185.208.159.174	XWorm botnet C2 server (confidence level: 100%)
file104.168.7.222	Remcos botnet C2 server (confidence level: 100%)
file193.187.91.209	Remcos botnet C2 server (confidence level: 100%)
file198.244.201.139	Remcos botnet C2 server (confidence level: 100%)
file104.250.167.52	Remcos botnet C2 server (confidence level: 100%)
file176.65.148.31	Mirai botnet C2 server (confidence level: 80%)
file172.235.171.65	Unknown malware botnet C2 server (confidence level: 100%)
file146.70.226.138	XWorm botnet C2 server (confidence level: 100%)
file43.249.175.83	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.50.96.57	Remcos botnet C2 server (confidence level: 100%)
file172.93.222.219	Remcos botnet C2 server (confidence level: 100%)
file149.28.254.111	Sliver botnet C2 server (confidence level: 100%)
file213.142.151.94	AsyncRAT botnet C2 server (confidence level: 100%)
file45.227.253.115	SectopRAT botnet C2 server (confidence level: 100%)
file199.101.111.55	Meterpreter botnet C2 server (confidence level: 100%)
file168.245.203.77	Meterpreter botnet C2 server (confidence level: 100%)
file43.201.5.24	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.60	Meterpreter botnet C2 server (confidence level: 100%)
file147.185.221.181	XWorm botnet C2 server (confidence level: 100%)
file155.117.44.130	XWorm botnet C2 server (confidence level: 100%)
file169.224.4.4	NjRAT botnet C2 server (confidence level: 100%)
file156.234.56.34	Cobalt Strike botnet C2 server (confidence level: 75%)
file156.234.94.210	Cobalt Strike botnet C2 server (confidence level: 75%)
file172.96.137.80	Sliver botnet C2 server (confidence level: 90%)
file194.164.96.98	AsyncRAT botnet C2 server (confidence level: 100%)
file169.40.135.7	AsyncRAT botnet C2 server (confidence level: 100%)
file195.66.215.248	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.115.3	DCRat botnet C2 server (confidence level: 100%)
file192.144.211.249	Unknown malware botnet C2 server (confidence level: 100%)
file212.28.186.94	Quasar RAT botnet C2 server (confidence level: 100%)
file107.163.241.194	Ghost RAT botnet C2 server (confidence level: 100%)
file107.152.32.98	XWorm botnet C2 server (confidence level: 100%)
file152.89.162.5	Remcos botnet C2 server (confidence level: 100%)
file172.111.213.110	Remcos botnet C2 server (confidence level: 100%)
file192.252.181.120	ValleyRAT botnet C2 server (confidence level: 100%)
file192.252.181.116	ValleyRAT botnet C2 server (confidence level: 100%)
file192.252.181.116	ValleyRAT botnet C2 server (confidence level: 100%)
file23.226.58.249	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.107.159	Quasar RAT botnet C2 server (confidence level: 100%)
file160.191.77.61	Havoc botnet C2 server (confidence level: 100%)
file89.124.67.107	SectopRAT botnet C2 server (confidence level: 100%)
file91.92.242.165	DCRat botnet C2 server (confidence level: 100%)
file195.177.94.132	AdaptixC2 botnet C2 server (confidence level: 100%)
file13.115.210.186	DeimosC2 botnet C2 server (confidence level: 75%)
file163.181.123.15	DeimosC2 botnet C2 server (confidence level: 75%)
file23.235.179.118	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.148.231.117	DeimosC2 botnet C2 server (confidence level: 75%)
file65.153.151.24	DeimosC2 botnet C2 server (confidence level: 75%)
file104.21.7.84	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.7.84	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.70.134	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.70.134	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.135.231	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.135.231	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.223.20	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.223.20	AsyncRAT botnet C2 server (confidence level: 75%)
file198.244.201.139	XWorm botnet C2 server (confidence level: 100%)
file34.41.139.193	NetWire RC botnet C2 server (confidence level: 100%)
file156.234.94.213	Cobalt Strike botnet C2 server (confidence level: 100%)
file213.64.72.46	Cobalt Strike botnet C2 server (confidence level: 100%)
file80.97.160.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.172.31.102	AsyncRAT botnet C2 server (confidence level: 100%)
file141.227.129.198	XWorm botnet C2 server (confidence level: 100%)
file45.151.236.233	XWorm botnet C2 server (confidence level: 100%)
file210.87.69.224	AsyncRAT botnet C2 server (confidence level: 100%)
file18.180.199.50	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file147.185.221.29	XWorm botnet C2 server (confidence level: 100%)
file47.237.82.83	ValleyRAT botnet C2 server (confidence level: 100%)
file151.242.152.131	ValleyRAT botnet C2 server (confidence level: 100%)
file151.242.152.131	ValleyRAT botnet C2 server (confidence level: 100%)
file151.242.152.131	ValleyRAT botnet C2 server (confidence level: 100%)
file185.196.8.2	Cobalt Strike botnet C2 server (confidence level: 75%)
file147.185.221.29	XWorm botnet C2 server (confidence level: 100%)
file161.35.110.36	XWorm botnet C2 server (confidence level: 100%)
file138.252.132.50	AsyncRAT botnet C2 server (confidence level: 100%)
file95.31.213.79	Unknown malware botnet C2 server (confidence level: 100%)
file101.200.193.211	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.74.19.28	XWorm botnet C2 server (confidence level: 75%)
file23.226.52.148	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.88.186.230	Remcos botnet C2 server (confidence level: 100%)
file46.151.28.66	SectopRAT botnet C2 server (confidence level: 100%)
file69.167.10.162	DCRat botnet C2 server (confidence level: 100%)
file102.98.205.122	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file105.68.228.221	MimiKatz botnet C2 server (confidence level: 100%)
file150.109.63.68	AdaptixC2 botnet C2 server (confidence level: 100%)
file199.101.111.135	Meterpreter botnet C2 server (confidence level: 100%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 100%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 100%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 100%)
file107.172.31.101	AsyncRAT botnet C2 server (confidence level: 75%)
file165.245.130.101	Sliver botnet C2 server (confidence level: 75%)
file27.221.15.199	DeimosC2 botnet C2 server (confidence level: 75%)
file156.234.94.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file217.91.52.249	DCRat botnet C2 server (confidence level: 100%)
file119.167.205.169	Xtreme RAT botnet C2 server (confidence level: 100%)
file91.89.111.120	XWorm botnet C2 server (confidence level: 100%)
file62.164.177.230	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.243.191.254	Cobalt Strike botnet C2 server (confidence level: 100%)
file95.85.244.160	DCRat botnet C2 server (confidence level: 100%)
file134.199.219.201	AdaptixC2 botnet C2 server (confidence level: 100%)
file103.177.46.26	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.99	Meterpreter botnet C2 server (confidence level: 100%)
file103.37.2.25	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.179.125	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.37.2.20	Cobalt Strike botnet C2 server (confidence level: 100%)
file69.148.168.199	AsyncRAT botnet C2 server (confidence level: 100%)
file18.142.177.189	Cobalt Strike botnet C2 server (confidence level: 100%)
file135.125.188.227	Remcos botnet C2 server (confidence level: 100%)
file45.142.44.125	DCRat botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash23	Mirai botnet C2 server (confidence level: 88%)
hash18916	Mirai botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	Ghost RAT botnet C2 server (confidence level: 77%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash79	MintsLoader payload delivery server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash4001	SystemBC botnet C2 server (confidence level: 100%)
hash14433	XWorm botnet C2 server (confidence level: 100%)
hash14433	XWorm botnet C2 server (confidence level: 100%)
hash60581	XWorm botnet C2 server (confidence level: 100%)
hash1488	XWorm botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash443	XWorm botnet C2 server (confidence level: 100%)
hash40544	XWorm botnet C2 server (confidence level: 100%)
hash1337	XWorm botnet C2 server (confidence level: 100%)
hash15407	Remcos botnet C2 server (confidence level: 100%)
hash54073	Remcos botnet C2 server (confidence level: 100%)
hash3964	Remcos botnet C2 server (confidence level: 100%)
hash9095	Remcos botnet C2 server (confidence level: 100%)
hash51321	Mirai botnet C2 server (confidence level: 80%)
hash40639	Unknown malware botnet C2 server (confidence level: 100%)
hash5103	XWorm botnet C2 server (confidence level: 100%)
hash37812	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash1337	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash9539	XWorm botnet C2 server (confidence level: 100%)
hash1337	XWorm botnet C2 server (confidence level: 100%)
hash37625	NjRAT botnet C2 server (confidence level: 100%)
hash19273	Cobalt Strike botnet C2 server (confidence level: 75%)
hash37812	Cobalt Strike botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash1803	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash4433	DCRat botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash7004	Quasar RAT botnet C2 server (confidence level: 100%)
hash6520	Ghost RAT botnet C2 server (confidence level: 100%)
hash2557	XWorm botnet C2 server (confidence level: 100%)
hash50987	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash448	ValleyRAT botnet C2 server (confidence level: 100%)
hash447	ValleyRAT botnet C2 server (confidence level: 100%)
hash448	ValleyRAT botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222	Quasar RAT botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash510a87871053e239479f28101f013d0f	Unknown malware payload (confidence level: 100%)
hash0ec7d167c7ee8764e21c792d6a65d059	Unknown malware payload (confidence level: 100%)
hashfb42dec2c39cd7884ca4cb6b76308f51	Unknown malware payload (confidence level: 100%)
hash370fbcc6711fb983ae4679f02c5ac461	Unknown malware payload (confidence level: 100%)
hash29144c2f5acd859adf08d42ffcd74f50	Unknown malware payload (confidence level: 100%)
hash0f7d721e4e5e2ce0a5c629f2fd4ac572	Unknown malware payload (confidence level: 100%)
hashe80e683b7d37acd47afa66919145ecf4	Unknown malware payload (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash8443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash587	DeimosC2 botnet C2 server (confidence level: 75%)
hash8800	DeimosC2 botnet C2 server (confidence level: 75%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash3913	XWorm botnet C2 server (confidence level: 100%)
hash5202	NetWire RC botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8881	AsyncRAT botnet C2 server (confidence level: 100%)
hash14433	XWorm botnet C2 server (confidence level: 100%)
hash3765	XWorm botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash34986	XWorm botnet C2 server (confidence level: 100%)
hash520	ValleyRAT botnet C2 server (confidence level: 100%)
hash1234	ValleyRAT botnet C2 server (confidence level: 100%)
hash2345	ValleyRAT botnet C2 server (confidence level: 100%)
hash79	ValleyRAT botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash3765	XWorm botnet C2 server (confidence level: 100%)
hash24598	XWorm botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8000	Unknown malware botnet C2 server (confidence level: 100%)
hash8086	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	XWorm botnet C2 server (confidence level: 75%)
hash27981	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1000	Remcos botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash443	DCRat botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	MimiKatz botnet C2 server (confidence level: 100%)
hash64443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash7777	ValleyRAT botnet C2 server (confidence level: 100%)
hash8891	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	Sliver botnet C2 server (confidence level: 75%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	DCRat botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash80	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	DCRat botnet C2 server (confidence level: 100%)
hash4444	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash28713	Cobalt Strike botnet C2 server (confidence level: 100%)
hash25565	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5090	Remcos botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://74.0.48.100/	Vidar botnet C2 (confidence level: 100%)
urlhttp://91.196.33.68	Stealc botnet C2 (confidence level: 100%)
urlhttps://brekaz.shop/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://portuge.cyou/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://drawnbe.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://endlessgrumbler.cc:8080/updater?for=365bcb25a26273ddb4f98d8d4b16a4c2	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://144.31.139.187	Stealc botnet C2 (confidence level: 75%)

Domain

Value	Description	Copy
domaincpanel.terriberrynj.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincyrex.cc	Vidar payload delivery domain (confidence level: 100%)
domaindisplaysecurity.com	IClickFix botnet C2 domain (confidence level: 75%)
domainfxplay.in	IClickFix botnet C2 domain (confidence level: 75%)
domainliveworkplaylkn.com	IClickFix botnet C2 domain (confidence level: 75%)
domainranchernandez.store	IClickFix botnet C2 domain (confidence level: 75%)
domainsportsstories.gr	IClickFix botnet C2 domain (confidence level: 75%)
domainconstructora-alpigroup.com	IClickFix botnet C2 domain (confidence level: 75%)
domainterritoriodoagro.com	IClickFix botnet C2 domain (confidence level: 75%)
domainthewigdoctorshop.com	IClickFix botnet C2 domain (confidence level: 75%)
domainrazzledazzlejewelrystore.com	IClickFix botnet C2 domain (confidence level: 75%)
domainmeguri-toroge.com	IClickFix botnet C2 domain (confidence level: 75%)
domainstorehouseholdingsinc.com	IClickFix botnet C2 domain (confidence level: 75%)
domaincampbrainstorm.com	IClickFix botnet C2 domain (confidence level: 75%)
domainajedrezchiletorneos.cl	IClickFix botnet C2 domain (confidence level: 75%)
domainanotherroadtutoring.com	IClickFix botnet C2 domain (confidence level: 75%)
domainprotectormexico.com.mx	IClickFix botnet C2 domain (confidence level: 75%)
domainbekaskantor.com	IClickFix botnet C2 domain (confidence level: 75%)
domainshreeshyammotors.in	IClickFix botnet C2 domain (confidence level: 75%)
domaincreators--cloud.com	IClickFix botnet C2 domain (confidence level: 75%)
domainarnaelevators.com	IClickFix botnet C2 domain (confidence level: 75%)
domainthewrightgiftstore.com	IClickFix botnet C2 domain (confidence level: 75%)
domaintentori.cloud	IClickFix botnet C2 domain (confidence level: 75%)
domainbuckscountytaxattorney.com	IClickFix botnet C2 domain (confidence level: 75%)
domainwiki.webitfactory.io	IClickFix botnet C2 domain (confidence level: 75%)
domaincuve-fioul-services.fr	IClickFix botnet C2 domain (confidence level: 75%)
domaindivinedirectory.com	IClickFix botnet C2 domain (confidence level: 75%)
domainthekeyfactor.org	IClickFix botnet C2 domain (confidence level: 75%)
domainprospectorplumbing.com	IClickFix botnet C2 domain (confidence level: 75%)
domaintranslator.isotoop.be	IClickFix botnet C2 domain (confidence level: 75%)
domainsmtp.bldg-restoration.com	IClickFix botnet C2 domain (confidence level: 75%)
domainuqhjqliqb4shjkmd.frostapi.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainupload.frostapi.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainevasivestars.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domain176.65.148.31.ptr.pfcloud.network	Mirai botnet C2 domain (confidence level: 80%)
domaintop-angebot.blaukraft.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainblitz-deal.blaukraft.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainvent-frais.ventdoux.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwww.koga.ar	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainckvyonlulzcjnleiknrmvmwouqvjkgaijcagpspr.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domaingwdvcxhfzaplyiyvcpfbdepelkxnegdnjnywopeb.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domainpromo-libre.ventdoux.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainqkoyfenxbyimpvnbsoibyfovpdydxjghovpqzxys.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domainragxggbbhytljtuxtdkltyucygeyvegfctbsurnz.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domain7mgtwzocu.localto.net	XWorm botnet C2 domain (confidence level: 100%)
domainwebxio1231-40781.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainuhadenozoowgoxokqgjvctlehtjmhwyocirfrjcg.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domainmond-schein.stolzmond.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainstern-fahrt.stolzmond.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbois-vert.clairforet.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaineco-nature.clairforet.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaineis-bahn.winterzug.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-start.winterzug.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingrand-reve.revesage.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhotehotehotel123.dynuddns.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainnuit-douce.revesage.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainodayrifaii-37201.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainggmenp120-43957.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaint72k-30675.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaingold-zeit.herbstlauf.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainboscodellabella.ch	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwald-lauf.herbstlauf.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainvn-vlxx.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainmon-tresor.noitresor.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincoffre-fort.noitresor.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbrekaz.shop	Unknown malware payload delivery domain (confidence level: 100%)
domaingruen-blatt.waldlied.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnatur-klang.waldlied.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnhl.it.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainsecurityalarms.us.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainportuge.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainx8p3a.blint8darvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainharvest.blint8darvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainb1int-rnix.blint8darvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainq7m9v.crint3valko.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwww.xoilaczzasz.tv	AsyncRAT botnet C2 domain (confidence level: 50%)
domainsaffron.crint3valko.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincr1nt-vvay.crint3valko.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaint4k2n.flint1zarco.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainns1.bbcbook.net	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.bbcbook.net	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincascade.flint1zarco.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainf1int-0rb.flint1zarco.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainm6r8p.prisk7tarvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoutpost.prisk7tarvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainpr1sk-rnate.prisk7tarvo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainz3n7a.nabokov30slam.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainverbatim.nabokov30slam.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnab0k0v-llnk.nabokov30slam.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainqhqkhnsg.websphere.digital	ClearFake payload delivery domain (confidence level: 100%)
domainbju1b4zl.websphere.digital	ClearFake payload delivery domain (confidence level: 100%)
domaintask.osmagnatas.net	Unknown malware botnet C2 domain (confidence level: 100%)
domaincaptiort.shop	Unknown malware payload delivery domain (confidence level: 100%)
domainzjrhp8su2.localto.net	XWorm botnet C2 domain (confidence level: 100%)
domainc9t5q.kozhevnik6lan.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainglacier.kozhevnik6lan.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaink0zhev-rnix.kozhevnik6lan.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp8x1m.homo483geneous.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainartifact.homo483geneous.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainh0m0-vvex.homo483geneous.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingomabkiruna.ru.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainhoathinh3d.la	AsyncRAT botnet C2 domain (confidence level: 100%)
domaingologpoint.com	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainr2k6d.plea36slavneck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlantern.plea36slavneck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp1ea-rnask.plea36slavneck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincqebzhel.cyberlane.digital	ClearFake payload delivery domain (confidence level: 100%)
domain7wgxbccc.cyberlane.digital	ClearFake payload delivery domain (confidence level: 100%)
domainwww.xoilaciu.tv	AsyncRAT botnet C2 domain (confidence level: 100%)
domaincptoptious.com	Unknown malware payload delivery domain (confidence level: 100%)
domainfssop-77-91-148-5.a.free.pinggy.link	XWorm botnet C2 domain (confidence level: 100%)
domainv3.cielsombre.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-login-area.cielsombre.coupons	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 699110cac9e1ff5ad8c8365f

Added to database: 2/15/2026, 12:18:18 AM

Last enriched: 2/15/2026, 12:33:29 AM

Last updated: 2/20/2026, 11:37:49 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-02-14

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-02-14

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Community Reviews

Related Threats

Android threats using GenAI usher in a new era

Maltrail IOC for 2026-02-20

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

ThreatFox IOCs for 2026-02-19

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility