Reconnecting to live updates…

ThreatFox IOCs for 2026-02-16

Severity: mediumType: malware

AI Analysis

Technical Summary

The analyzed entry is a ThreatFox IOC feed dated February 16, 2026, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. ThreatFox is a platform that aggregates and shares threat intelligence indicators to assist defenders in identifying malicious activity. This particular entry does not specify affected software versions, lacks concrete indicators of compromise, and does not reference any known exploits in the wild or available patches. The threat level and analysis scores are low to moderate, indicating limited immediate threat but potential utility in threat detection and response. The absence of CWE identifiers and patch information suggests this is not a newly discovered vulnerability but rather intelligence data possibly related to malware campaigns or network-based payload delivery mechanisms. The medium severity rating likely reflects the potential for these IOCs to assist in detecting ongoing or future malicious activity rather than indicating a direct, exploitable vulnerability. The data is tagged with TLP:WHITE, meaning it is intended for wide distribution and sharing within the security community. Overall, this entry serves as an OSINT resource to improve detection capabilities rather than representing a direct threat vector.

Potential Impact

The direct impact of this ThreatFox IOC feed on European organizations is limited due to the lack of specific exploit details or active threats. However, the availability of updated IOCs can enhance the detection and mitigation of malware campaigns that use network-based payload delivery. Organizations leveraging this intelligence can improve their security posture by identifying suspicious network activity early, reducing the risk of successful infections or data breaches. The medium severity suggests a moderate risk that, if unmonitored, could lead to undetected malware infiltration. For European entities, especially those in critical infrastructure, finance, and government sectors, timely integration of such OSINT feeds into security operations centers (SOCs) can prevent lateral movement and data exfiltration attempts. The absence of patches or known exploits means the threat is not currently active or widespread but could evolve. Therefore, the impact is more preventive and intelligence-driven rather than reactive to an ongoing attack.

Mitigation Recommendations

1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and threat detection platforms to enable real-time alerting on relevant IOCs. 2. Regularly update network intrusion detection and prevention systems (IDS/IPS) with the latest IOCs from trusted sources to detect payload delivery attempts. 3. Conduct proactive threat hunting exercises using the provided IOCs to identify any early signs of compromise within the network. 4. Enhance employee awareness and training on recognizing phishing and social engineering tactics that may be used to deliver payloads associated with these IOCs. 5. Implement network segmentation and strict egress filtering to limit the impact of any successful malware delivery. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize and validate the relevance of these IOCs. 7. Maintain up-to-date endpoint protection solutions capable of detecting and blocking malware payloads indicated by the threat intelligence. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive hunting, and collaboration tailored to the nature of the threat intelligence.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden

Indicators of Compromise

file: 198.244.201.139
hash: 5733
url: http://94.154.35.115/user_profiles_photo/cptchbuild.bin
url: http://94.154.35.115/user_profiles_photo/chromelevator.bin
file: 195.211.96.77
hash: 2428
url: http://158.94.209.33
file: 45.243.236.40
hash: 9898
file: 80.71.224.47
hash: 4258
url: https://cdn-server.click/api/css.js
url: https://fonts-fontawesome.cfd
domain: fonts-fontawesome.cfd
url: https://winupdateconf.cfd
domain: winupdateconf.cfd
url: https://winupdate.cfd
domain: winupdate.cfd
url: https://sdn-cloudflare-js.cfd/api/css.js
url: https://cdn-clodflare-fotns.cfd/api/css.js
domain: cdn-clodflare-fotns.cfd
url: https://alffsave.click
domain: alffsave.click
url: https://cdn-clodflare-fotns.click
domain: cdn-clodflare-fotns.click
url: https://sccdnd-ltyles.click
domain: sccdnd-ltyles.click
domain: bssapi.click
url: https://bssapi.click
url: https://sdn-cloudflare-js-botstrup.click
domain: sdn-cloudflare-js-botstrup.click
url: https://cdn2-server.click
domain: cdn2-server.click
url: https://str-smcontrcats.cfd
domain: str-smcontrcats.cfd
domain: restapiserv.click
url: https://restapiserv.click
url: https://vrfimgjs.click
domain: vrfimgjs.click
file: 185.243.241.94
hash: 443
file: 144.124.242.84
hash: 9000
file: 102.117.166.65
hash: 7443
file: 3.139.237.36
hash: 8008
domain: s3.amber9stash.coupons
file: 192.159.99.107
hash: 42069
domain: data-flow-central.amber9stash.coupons
file: 37.221.66.75
hash: 3778
url: http://176.65.144.88/3dc541941cdc4a25.php
domain: node-v99.amber9stash.coupons
file: 44.249.87.241
hash: 8443
file: 194.26.192.214
hash: 443
file: 3.87.112.15
hash: 5000
file: 181.162.184.56
hash: 8080
file: 18.228.82.60
hash: 13710
file: 95.163.86.204
hash: 8080
file: 87.251.75.231
hash: 443
domain: mumrj4z.didns.ru
domain: skamottl3.duckdns.org
file: 8.162.0.105
hash: 10438
domain: ws.nifty4locker.coupons
domain: secure-access-point.nifty4locker.coupons
file: 64.89.163.98
hash: 2403
file: 18.228.235.222
hash: 81
file: 18.228.235.222
hash: 2181
domain: cdn-b12.nifty4locker.coupons
file: 87.106.142.201
hash: 61543
file: 87.106.142.201
hash: 49376
domain: api.orbit6crate.coupons
domain: lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion
domain: lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion
domain: lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion
domain: lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion
domain: lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion
domain: lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion
domain: lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion
domain: lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion
domain: lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion
domain: lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion
domain: lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion
domain: lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion
domain: lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion
domain: lockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion
domain: lockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion
domain: lockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion
domain: lockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion
domain: lockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion
domain: lockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion
domain: lockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion
domain: lockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion
domain: lockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion
domain: lockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion
domain: global-sync-srv.orbit6crate.coupons
domain: lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
domain: lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
domain: lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
domain: lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
domain: lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
domain: lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
domain: lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
domain: lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion
domain: lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion
file: 184.170.142.38
hash: 5552
domain: gate-07.orbit6crate.coupons
file: 103.7.60.82
hash: 8888
file: 103.7.60.82
hash: 37104
domain: weddingrings.com.ph
file: 170.245.122.76
hash: 1177
domain: zebuceta.ddns.net
domain: dl.plum5parcel.coupons
domain: internal-web-proxy.plum5parcel.coupons
domain: captioz.shop
domain: usajili.hamasagroup.com
domain: usanovafoundation.org
domain: furusato-shinshu.com
domain: autodentrepairphilly.com
domain: whm.beverlyhillmanor.com
domain: euromoc.co.mz
domain: euroconnectsolution.com
domain: indianafoodpantry.org
domain: lreindia.com
domain: epfindiauan.com
domain: indianrailwayrecruitment.in
domain: trustedservicez.co.za
domain: garanti-sans-virus.com
domain: russellinternationalschools.com
domain: calismaiznibasvurusu.com
domain: pauloeduardodemelo1744295722000.kbral.com.br
domain: ramyjuicy-109c437.ingress-haven.ewp.live
domain: swissnoli.eu
domain: visitassalt.com
domain: elbassiounishop.com
domain: 250julie.nohassle.website
domain: jakeislame.com
domain: evy2023website.nohasslebusiness.com
domain: caldasservice.com.br
domain: passer-elle.ch
domain: eps-estrich.picassomedia.de
domain: kaestner-partner.picassomedia.de
domain: dailynews25.world
domain: indianrecipes.ru.com
domain: pramodtoursandtravel.in.net
domain: www.s666vn.fit
file: 193.161.193.99
hash: 37104
file: 193.161.193.99
hash: 8888
file: 38.60.242.200
hash: 31337
file: 167.88.36.97
hash: 7443
domain: cloud-m3.plum5parcel.coupons
url: https://89.167.57.152/
url: https://80.97.160.67/
url: https://89.167.79.136/
url: https://89.167.66.139/
url: https://65.21.165.14/
url: https://46.62.220.249/
file: 89.167.57.152
hash: 443
file: 80.97.160.67
hash: 443
file: 89.167.79.136
hash: 443
file: 89.167.66.139
hash: 443
file: 65.21.165.14
hash: 443
file: 46.62.220.249
hash: 443
domain: x7p9a.blu45modern.coupons
file: 88.210.13.135
hash: 9000
file: 15.216.6.223
hash: 9490
file: 35.94.59.248
hash: 59298
domain: ftp.corwineagles.com
domain: relay.readmenownow838.info
file: 45.92.1.138
hash: 8041
url: https://vrfimgjs.click/api/css.js
file: 91.92.242.240
hash: 1420
url: https://bssapi.click/api/css.js
url: https://alffsave.click/api/css.js
file: 142.91.102.119
hash: 443
url: https://cdn-clodflare-fotns.click/api/css.js
url: https://captcha-cds.click/api/css.js
url: https://sccdnd-ltyles.click/api/css.js
domain: atelier.blu45modern.coupons
url: https://sdn-cloudflare-js-botstrup.click/api/css.js
domain: m0d-rnflux.blu45modern.coupons
url: https://2fa-cp.click/api/css.js
url: https://restapiserv.click/api/css.js
url: https://str-smcontrcats.cfd/api/css.js
url: https://poygon-notifications.click/api/css.js
url: https://img-cdn-cloud.click/api/css.js
file: 155.94.144.226
hash: 8888
domain: q4m8v.believein41fant.coupons
url: https://cdn-js-conhost.click/api/css.js
url: https://nascdn-js.click/api/css.js
file: 34.232.174.173
hash: 443
url: https://cdn-server-styles.click/api/css.js
file: 38.60.242.200
hash: 443
file: 47.246.13.113
hash: 4506
url: https://rpc-framework-check.click/api/css.js
url: http://192.168.252.139:80/kunkun/jquery-3.3.1.min.js
url: https://cdn2-server.click/api/css.js
url: https://styles-get-img.cfd/api/css.js
url: https://dev-js-cdn.cfd/api/css.js
url: https://sdn-cloudflare-js.click/api/css.js
url: https://cloud-safe.click/api/css.js
url: https://sdn-cloudflare-js-css.click/api/css.js
file: 38.76.193.175
hash: 1451
file: 38.76.193.175
hash: 2451
file: 38.76.193.175
hash: 3451
file: 111.228.4.54
hash: 4455
file: 4.201.220.7
hash: 50050
file: 54.215.58.48
hash: 443
file: 43.206.141.201
hash: 80
file: 95.216.212.8
hash: 31337
file: 45.94.31.220
hash: 31337
file: 84.17.45.180
hash: 31337
file: 24.144.90.215
hash: 31337
file: 147.93.185.25
hash: 31337
file: 188.40.151.67
hash: 31337
file: 198.199.73.41
hash: 31337
file: 72.142.102.143
hash: 31337
file: 82.165.218.73
hash: 31337
file: 216.128.145.180
hash: 31337
file: 178.128.65.29
hash: 31337
file: 176.119.148.130
hash: 31337
file: 138.201.198.73
hash: 31337
file: 138.68.254.126
hash: 31337
file: 138.197.145.94
hash: 31337
file: 144.172.106.173
hash: 31337
file: 195.177.94.132
hash: 31337
file: 45.12.2.166
hash: 443
file: 79.148.106.231
hash: 443
file: 34.101.131.221
hash: 3333
file: 181.174.165.128
hash: 3333
file: 34.30.77.194
hash: 3333
file: 103.153.61.202
hash: 4443
file: 15.236.165.20
hash: 443
domain: horizon.believein41fant.coupons
file: 27.102.138.144
hash: 80
file: 27.102.138.150
hash: 80
file: 27.102.137.38
hash: 80
file: 101.36.114.215
hash: 80
file: 93.144.96.45
hash: 1337
file: 5.160.135.38
hash: 8099
file: 149.12.67.250
hash: 6379
file: 71.89.141.8
hash: 8443
file: 52.202.90.227
hash: 8494
file: 156.223.82.207
hash: 1177
file: 86.104.9.131
hash: 9446
file: 176.133.239.174
hash: 443
file: 153.120.135.216
hash: 8888
file: 121.89.205.206
hash: 19090
file: 185.100.233.121
hash: 80
domain: be1ieve-vvave.believein41fant.coupons
domain: 58winn.store
domain: onirban.in.net
domain: six.aaahorneswell.com
file: 155.103.71.207
hash: 19924
file: 47.96.81.247
hash: 5555
domain: t6k2n.khlopotun6turn.coupons
domain: firazit.com
url: https://firazit.com/api/css.js
file: 209.54.103.189
hash: 63712
domain: workshop.khlopotun6turn.coupons
domain: ruruurururururu.ru
domain: kh10p0-rnate.khlopotun6turn.coupons
domain: h698pw1r.orbit44kind.digital
domain: 3aofxgg5.orbit44kind.digital
domain: m9r3p.pitman123wid.coupons
file: 185.246.223.69
hash: 56001
domain: ledger.pitman123wid.coupons
domain: arhibooks.radio.fm
domain: journal-complete.sa.com
file: 134.209.30.4
hash: 443
file: 24.74.213.251
hash: 80
domain: xxblessings.minhaempresa.tv
domain: p1trnan-vvex.pitman123wid.coupons
domain: z3n7a.reporter9speck.coupons
url: https://pic.gadgetwalabd.com/
url: https://pic.alpinematters.com/
domain: pic.gadgetwalabd.com
domain: pic.alpinematters.com
domain: dispatch.reporter9speck.coupons
domain: rep0rt-rnix.reporter9speck.coupons
file: 178.16.52.127
hash: 2404
file: 172.65.239.53
hash: 8443
file: 179.95.122.188
hash: 9990
file: 170.187.205.218
hash: 8080
file: 94.237.101.201
hash: 8080
file: 103.177.47.212
hash: 3790
file: 103.177.47.175
hash: 3790
file: 103.177.47.216
hash: 3790
domain: software-garlic.gl.at.ply.gg
domain: hecker12345-61516.portmap.host
domain: c9t5q.paw85silhouette.coupons
file: 103.50.255.100
hash: 10086
domain: contour.paw85silhouette.coupons
file: 151.243.109.247
hash: 8888
file: 31.45.231.174
hash: 10000
file: 185.91.127.179
hash: 555
file: 124.135.18.68
hash: 2323
domain: si1h0uette-llnk.paw85silhouette.coupons
file: 41.9.52.105
hash: 37215
domain: p8x1m.stone48tyranny.coupons
file: 45.83.207.188
hash: 38241
domain: monolith.stone48tyranny.coupons
domain: st0ne-vvyrd.stone48tyranny.coupons
file: 197.26.167.133
hash: 37215
domain: r2k6d.four486stop.coupons
url: https://45.11.92.124/982c183d8a9835c6.php
url: https://www.jira.devergent.net/
url: https://coinbasehideuiqp.cc/
url: https://kimikanovps1111.beauty/
url: http://222.255.100.119/pages/login.php
file: 45.92.1.219
hash: 4782
domain: waypoint.four486stop.coupons
domain: f0ur-rnark.four486stop.coupons
domain: a5v9n.capitul98hypo.coupons
domain: treatise.capitul98hypo.coupons
domain: hyp0-vvrite.capitul98hypo.coupons
domain: v1.bleuforet.coupons
domain: secure-cloud-link.bleuforet.coupons
domain: cdn-b9.bleuforet.coupons
file: 109.248.151.177
hash: 2003
file: 169.40.135.21
hash: 7443
file: 172.94.9.74
hash: 49309
file: 172.94.9.74
hash: 59887
file: 176.107.176.77
hash: 8080
file: 185.36.191.6
hash: 8080
file: 193.22.96.22
hash: 8090
file: 212.90.190.137
hash: 465
file: 213.177.179.35
hash: 8080
file: 213.177.179.35
hash: 8279
domain: chiwatoken.com
domain: shareitdownload.net
domain: client.signin-katapult.com
domain: ws.starkwind.coupons
domain: data-transfer-srv.starkwind.coupons
domain: node44.starkwind.coupons
domain: api.nuitetoile.coupons
domain: external-web-node.nuitetoile.coupons
domain: gate-v7.nuitetoile.coupons
domain: dl.schnellauf.coupons
domain: auth-global-zone.schnellauf.coupons
domain: 6qgqyv15.blue128cinder.digital
domain: uri2df93.blue128cinder.digital
domain: frechkotikru-221.icu
domain: noelmeowru-339.icu
domain: huligankotru-451.icu
file: 13.244.92.6
hash: 2455
file: 151.64.6.123
hash: 8080
domain: rz8u2m81.blue128cinder.digital
domain: app.vertjardin.coupons
domain: jyx7jwja.blue128cinder.digital
domain: kyc.kyowlmsapcxxx.com
domain: direct-access-point.vertjardin.coupons
domain: edge-99.vertjardin.coupons
file: 37.114.46.213
hash: 4042
domain: cattlegold.xyz
domain: bikesdonkey.info
domain: instrumentvolcano.space
domain: homefireman.xyz
file: 37.114.46.213
hash: 8808
file: 37.114.46.213
hash: 7707
file: 37.114.46.213
hash: 6606
domain: shenron19862.duckdns.org
domain: u842.goldberg.coupons
domain: xqz-p.goldberg.coupons
file: 5.251.45.147
hash: 40500
domain: customer-ref-91.goldberg.coupons
domain: bnt11.mainsage.coupons
domain: session-id-a9.mainsage.coupons
domain: aliveto.cyou
domain: k-7.mainsage.coupons
url: https://isb.gadgetwalabd.com/
url: https://isb.alpinematters.com/
domain: isb.gadgetwalabd.com
domain: isb.alpinematters.com
domain: trck.zeitgeist.coupons
domain: unique-set-02.zeitgeist.coupons
domain: v-n-v.zeitgeist.coupons
domain: m3921.clairsol.coupons
file: 23.104.160.115
hash: 8890
file: 23.104.160.116
hash: 9963
domain: fast-path-x.clairsol.coupons
domain: z99.clairsol.coupons
domain: horus65-58899.portmap.host
url: https://cryaesa.cyou/api
url: http://217.156.66.135
domain: p-link.eisenherz.coupons
domain: id-9921-auth.eisenherz.coupons
file: 188.245.92.11
hash: 443
file: 107.189.17.96
hash: 44999
domain: hansonscarriers.com
file: 129.226.150.94
hash: 443
file: 31.57.219.101
hash: 2005
file: 144.31.101.142
hash: 443
domain: q80.eisenherz.coupons
file: 2.59.218.208
hash: 443
file: 155.138.161.225
hash: 7443
file: 102.117.165.185
hash: 7443
file: 31.141.178.107
hash: 5130
domain: www.armpentest.ink
file: 223.109.212.168
hash: 10001
file: 218.255.179.148
hash: 36123
file: 5.101.86.27
hash: 46321
domain: id662.browser-crash-report.coupons
domain: proc-9-auth.browser-crash-report.coupons
domain: x8.browser-crash-report.coupons
file: 45.32.165.239
hash: 2012
file: 64.176.37.51
hash: 443
file: 94.237.27.113
hash: 8001
file: 35.156.10.131
hash: 4839
domain: v-ref.telemetry-api-v1.coupons
domain: session-8201.telemetry-api-v1.coupons
domain: z-node.telemetry-api-v1.coupons
file: 2.56.172.45
hash: 8793
domain: m-91.stackdump-collector.coupons
domain: pachisuave.com
domain: unique-trace-id.stackdump-collector.coupons
domain: b-3.stackdump-collector.coupons
domain: user29.debug-edge-cases.coupons
domain: gateway-node-x.debug-edge-cases.coupons
domain: p77.debug-edge-cases.coupons
domain: q-set.extension-health-sync.coupons
domain: sync-v-8.extension-health-sync.coupons
domain: r12.extension-health-sync.coupons
domain: log33.syslog-remote-buffer.coupons
domain: buffer-temp-a.syslog-remote-buffer.coupons
domain: w-4.syslog-remote-buffer.coupons
domain: t-9.dev-trace-analyzer.coupons
domain: thedigitalphotos.com
domain: report-stream-55.dev-trace-analyzer.coupons
file: 39.106.133.52
hash: 18443
file: 91.99.225.223
hash: 443
file: 20.251.145.93
hash: 443
file: 54.196.248.194
hash: 8443
file: 192.159.99.94
hash: 4433
domain: flowerskitty.com
domain: blueocean.endpoint-metrics-internal.coupons
domain: w53zv1lx.blue128cinder.digital
domain: 0bz6vz64.blue128cinder.digital
domain: silverleaf.endpoint-metrics-internal.coupons
domain: brightstar.endpoint-metrics-internal.coupons
domain: greenforest.runtime-error-handler.coupons

ThreatFox IOCs for 2026-02-16

Severity: medium

Type: malware

ThreatFox IOCs for 2026-02-16

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden

Indicators of Compromise

file: 198.244.201.139
hash: 5733
url: http://94.154.35.115/user_profiles_photo/cptchbuild.bin
url: http://94.154.35.115/user_profiles_photo/chromelevator.bin
file: 195.211.96.77
hash: 2428
url: http://158.94.209.33
file: 45.243.236.40
hash: 9898
file: 80.71.224.47
hash: 4258
url: https://cdn-server.click/api/css.js
url: https://fonts-fontawesome.cfd
domain: fonts-fontawesome.cfd
url: https://winupdateconf.cfd
domain: winupdateconf.cfd
url: https://winupdate.cfd
domain: winupdate.cfd
url: https://sdn-cloudflare-js.cfd/api/css.js
url: https://cdn-clodflare-fotns.cfd/api/css.js
domain: cdn-clodflare-fotns.cfd
url: https://alffsave.click
domain: alffsave.click
url: https://cdn-clodflare-fotns.click
domain: cdn-clodflare-fotns.click
url: https://sccdnd-ltyles.click
domain: sccdnd-ltyles.click
domain: bssapi.click
url: https://bssapi.click
url: https://sdn-cloudflare-js-botstrup.click
domain: sdn-cloudflare-js-botstrup.click
url: https://cdn2-server.click
domain: cdn2-server.click
url: https://str-smcontrcats.cfd
domain: str-smcontrcats.cfd
domain: restapiserv.click
url: https://restapiserv.click
url: https://vrfimgjs.click
domain: vrfimgjs.click
file: 185.243.241.94
hash: 443
file: 144.124.242.84
hash: 9000
file: 102.117.166.65
hash: 7443
file: 3.139.237.36
hash: 8008
domain: s3.amber9stash.coupons
file: 192.159.99.107
hash: 42069
domain: data-flow-central.amber9stash.coupons
file: 37.221.66.75
hash: 3778
url: http://176.65.144.88/3dc541941cdc4a25.php
domain: node-v99.amber9stash.coupons
file: 44.249.87.241
hash: 8443
file: 194.26.192.214
hash: 443
file: 3.87.112.15
hash: 5000
file: 181.162.184.56
hash: 8080
file: 18.228.82.60
hash: 13710
file: 95.163.86.204
hash: 8080
file: 87.251.75.231
hash: 443
domain: mumrj4z.didns.ru
domain: skamottl3.duckdns.org
file: 8.162.0.105
hash: 10438
domain: ws.nifty4locker.coupons
domain: secure-access-point.nifty4locker.coupons
file: 64.89.163.98
hash: 2403
file: 18.228.235.222
hash: 81
file: 18.228.235.222
hash: 2181
domain: cdn-b12.nifty4locker.coupons
file: 87.106.142.201
hash: 61543
file: 87.106.142.201
hash: 49376
domain: api.orbit6crate.coupons
domain: lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion
domain: lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion
domain: lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion
domain: lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion
domain: lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion
domain: lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion
domain: lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion
domain: lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion
domain: lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion
domain: lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion
domain: lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion
domain: lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion
domain: lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion
domain: lockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion
domain: lockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion
domain: lockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion
domain: lockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion
domain: lockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion
domain: lockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion
domain: lockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion
domain: lockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion
domain: lockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion
domain: lockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion
domain: global-sync-srv.orbit6crate.coupons
domain: lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
domain: lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
domain: lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
domain: lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
domain: lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
domain: lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
domain: lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
domain: lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion
domain: lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion
file: 184.170.142.38
hash: 5552
domain: gate-07.orbit6crate.coupons
file: 103.7.60.82
hash: 8888
file: 103.7.60.82
hash: 37104
domain: weddingrings.com.ph
file: 170.245.122.76
hash: 1177
domain: zebuceta.ddns.net
domain: dl.plum5parcel.coupons
domain: internal-web-proxy.plum5parcel.coupons
domain: captioz.shop
domain: usajili.hamasagroup.com
domain: usanovafoundation.org
domain: furusato-shinshu.com
domain: autodentrepairphilly.com
domain: whm.beverlyhillmanor.com
domain: euromoc.co.mz
domain: euroconnectsolution.com
domain: indianafoodpantry.org
domain: lreindia.com
domain: epfindiauan.com
domain: indianrailwayrecruitment.in
domain: trustedservicez.co.za
domain: garanti-sans-virus.com
domain: russellinternationalschools.com
domain: calismaiznibasvurusu.com
domain: pauloeduardodemelo1744295722000.kbral.com.br
domain: ramyjuicy-109c437.ingress-haven.ewp.live
domain: swissnoli.eu
domain: visitassalt.com
domain: elbassiounishop.com
domain: 250julie.nohassle.website
domain: jakeislame.com
domain: evy2023website.nohasslebusiness.com
domain: caldasservice.com.br
domain: passer-elle.ch
domain: eps-estrich.picassomedia.de
domain: kaestner-partner.picassomedia.de
domain: dailynews25.world
domain: indianrecipes.ru.com
domain: pramodtoursandtravel.in.net
domain: www.s666vn.fit
file: 193.161.193.99
hash: 37104
file: 193.161.193.99
hash: 8888
file: 38.60.242.200
hash: 31337
file: 167.88.36.97
hash: 7443
domain: cloud-m3.plum5parcel.coupons
url: https://89.167.57.152/
url: https://80.97.160.67/
url: https://89.167.79.136/
url: https://89.167.66.139/
url: https://65.21.165.14/
url: https://46.62.220.249/
file: 89.167.57.152
hash: 443
file: 80.97.160.67
hash: 443
file: 89.167.79.136
hash: 443
file: 89.167.66.139
hash: 443
file: 65.21.165.14
hash: 443
file: 46.62.220.249
hash: 443
domain: x7p9a.blu45modern.coupons
file: 88.210.13.135
hash: 9000
file: 15.216.6.223
hash: 9490
file: 35.94.59.248
hash: 59298
domain: ftp.corwineagles.com
domain: relay.readmenownow838.info
file: 45.92.1.138
hash: 8041
url: https://vrfimgjs.click/api/css.js
file: 91.92.242.240
hash: 1420
url: https://bssapi.click/api/css.js
url: https://alffsave.click/api/css.js
file: 142.91.102.119
hash: 443
url: https://cdn-clodflare-fotns.click/api/css.js
url: https://captcha-cds.click/api/css.js
url: https://sccdnd-ltyles.click/api/css.js
domain: atelier.blu45modern.coupons
url: https://sdn-cloudflare-js-botstrup.click/api/css.js
domain: m0d-rnflux.blu45modern.coupons
url: https://2fa-cp.click/api/css.js
url: https://restapiserv.click/api/css.js
url: https://str-smcontrcats.cfd/api/css.js
url: https://poygon-notifications.click/api/css.js
url: https://img-cdn-cloud.click/api/css.js
file: 155.94.144.226
hash: 8888
domain: q4m8v.believein41fant.coupons
url: https://cdn-js-conhost.click/api/css.js
url: https://nascdn-js.click/api/css.js
file: 34.232.174.173
hash: 443
url: https://cdn-server-styles.click/api/css.js
file: 38.60.242.200
hash: 443
file: 47.246.13.113
hash: 4506
url: https://rpc-framework-check.click/api/css.js
url: http://192.168.252.139:80/kunkun/jquery-3.3.1.min.js
url: https://cdn2-server.click/api/css.js
url: https://styles-get-img.cfd/api/css.js
url: https://dev-js-cdn.cfd/api/css.js
url: https://sdn-cloudflare-js.click/api/css.js
url: https://cloud-safe.click/api/css.js
url: https://sdn-cloudflare-js-css.click/api/css.js
file: 38.76.193.175
hash: 1451
file: 38.76.193.175
hash: 2451
file: 38.76.193.175
hash: 3451
file: 111.228.4.54
hash: 4455
file: 4.201.220.7
hash: 50050
file: 54.215.58.48
hash: 443
file: 43.206.141.201
hash: 80
file: 95.216.212.8
hash: 31337
file: 45.94.31.220
hash: 31337
file: 84.17.45.180
hash: 31337
file: 24.144.90.215
hash: 31337
file: 147.93.185.25
hash: 31337
file: 188.40.151.67
hash: 31337
file: 198.199.73.41
hash: 31337
file: 72.142.102.143
hash: 31337
file: 82.165.218.73
hash: 31337
file: 216.128.145.180
hash: 31337
file: 178.128.65.29
hash: 31337
file: 176.119.148.130
hash: 31337
file: 138.201.198.73
hash: 31337
file: 138.68.254.126
hash: 31337
file: 138.197.145.94
hash: 31337
file: 144.172.106.173
hash: 31337
file: 195.177.94.132
hash: 31337
file: 45.12.2.166
hash: 443
file: 79.148.106.231
hash: 443
file: 34.101.131.221
hash: 3333
file: 181.174.165.128
hash: 3333
file: 34.30.77.194
hash: 3333
file: 103.153.61.202
hash: 4443
file: 15.236.165.20
hash: 443
domain: horizon.believein41fant.coupons
file: 27.102.138.144
hash: 80
file: 27.102.138.150
hash: 80
file: 27.102.137.38
hash: 80
file: 101.36.114.215
hash: 80
file: 93.144.96.45
hash: 1337
file: 5.160.135.38
hash: 8099
file: 149.12.67.250
hash: 6379
file: 71.89.141.8
hash: 8443
file: 52.202.90.227
hash: 8494
file: 156.223.82.207
hash: 1177
file: 86.104.9.131
hash: 9446
file: 176.133.239.174
hash: 443
file: 153.120.135.216
hash: 8888
file: 121.89.205.206
hash: 19090
file: 185.100.233.121
hash: 80
domain: be1ieve-vvave.believein41fant.coupons
domain: 58winn.store
domain: onirban.in.net
domain: six.aaahorneswell.com
file: 155.103.71.207
hash: 19924
file: 47.96.81.247
hash: 5555
domain: t6k2n.khlopotun6turn.coupons
domain: firazit.com
url: https://firazit.com/api/css.js
file: 209.54.103.189
hash: 63712
domain: workshop.khlopotun6turn.coupons
domain: ruruurururururu.ru
domain: kh10p0-rnate.khlopotun6turn.coupons
domain: h698pw1r.orbit44kind.digital
domain: 3aofxgg5.orbit44kind.digital
domain: m9r3p.pitman123wid.coupons
file: 185.246.223.69
hash: 56001
domain: ledger.pitman123wid.coupons
domain: arhibooks.radio.fm
domain: journal-complete.sa.com
file: 134.209.30.4
hash: 443
file: 24.74.213.251
hash: 80
domain: xxblessings.minhaempresa.tv
domain: p1trnan-vvex.pitman123wid.coupons
domain: z3n7a.reporter9speck.coupons
url: https://pic.gadgetwalabd.com/
url: https://pic.alpinematters.com/
domain: pic.gadgetwalabd.com
domain: pic.alpinematters.com
domain: dispatch.reporter9speck.coupons
domain: rep0rt-rnix.reporter9speck.coupons
file: 178.16.52.127
hash: 2404
file: 172.65.239.53
hash: 8443
file: 179.95.122.188
hash: 9990
file: 170.187.205.218
hash: 8080
file: 94.237.101.201
hash: 8080
file: 103.177.47.212
hash: 3790
file: 103.177.47.175
hash: 3790
file: 103.177.47.216
hash: 3790
domain: software-garlic.gl.at.ply.gg
domain: hecker12345-61516.portmap.host
domain: c9t5q.paw85silhouette.coupons
file: 103.50.255.100
hash: 10086
domain: contour.paw85silhouette.coupons
file: 151.243.109.247
hash: 8888
file: 31.45.231.174
hash: 10000
file: 185.91.127.179
hash: 555
file: 124.135.18.68
hash: 2323
domain: si1h0uette-llnk.paw85silhouette.coupons
file: 41.9.52.105
hash: 37215
domain: p8x1m.stone48tyranny.coupons
file: 45.83.207.188
hash: 38241
domain: monolith.stone48tyranny.coupons
domain: st0ne-vvyrd.stone48tyranny.coupons
file: 197.26.167.133
hash: 37215
domain: r2k6d.four486stop.coupons
url: https://45.11.92.124/982c183d8a9835c6.php
url: https://www.jira.devergent.net/
url: https://coinbasehideuiqp.cc/
url: https://kimikanovps1111.beauty/
url: http://222.255.100.119/pages/login.php
file: 45.92.1.219
hash: 4782
domain: waypoint.four486stop.coupons
domain: f0ur-rnark.four486stop.coupons
domain: a5v9n.capitul98hypo.coupons
domain: treatise.capitul98hypo.coupons
domain: hyp0-vvrite.capitul98hypo.coupons
domain: v1.bleuforet.coupons
domain: secure-cloud-link.bleuforet.coupons
domain: cdn-b9.bleuforet.coupons
file: 109.248.151.177
hash: 2003
file: 169.40.135.21
hash: 7443
file: 172.94.9.74
hash: 49309
file: 172.94.9.74
hash: 59887
file: 176.107.176.77
hash: 8080
file: 185.36.191.6
hash: 8080
file: 193.22.96.22
hash: 8090
file: 212.90.190.137
hash: 465
file: 213.177.179.35
hash: 8080
file: 213.177.179.35
hash: 8279
domain: chiwatoken.com
domain: shareitdownload.net
domain: client.signin-katapult.com
domain: ws.starkwind.coupons
domain: data-transfer-srv.starkwind.coupons
domain: node44.starkwind.coupons
domain: api.nuitetoile.coupons
domain: external-web-node.nuitetoile.coupons
domain: gate-v7.nuitetoile.coupons
domain: dl.schnellauf.coupons
domain: auth-global-zone.schnellauf.coupons
domain: 6qgqyv15.blue128cinder.digital
domain: uri2df93.blue128cinder.digital
domain: frechkotikru-221.icu
domain: noelmeowru-339.icu
domain: huligankotru-451.icu
file: 13.244.92.6
hash: 2455
file: 151.64.6.123
hash: 8080
domain: rz8u2m81.blue128cinder.digital
domain: app.vertjardin.coupons
domain: jyx7jwja.blue128cinder.digital
domain: kyc.kyowlmsapcxxx.com
domain: direct-access-point.vertjardin.coupons
domain: edge-99.vertjardin.coupons
file: 37.114.46.213
hash: 4042
domain: cattlegold.xyz
domain: bikesdonkey.info
domain: instrumentvolcano.space
domain: homefireman.xyz
file: 37.114.46.213
hash: 8808
file: 37.114.46.213
hash: 7707
file: 37.114.46.213
hash: 6606
domain: shenron19862.duckdns.org
domain: u842.goldberg.coupons
domain: xqz-p.goldberg.coupons
file: 5.251.45.147
hash: 40500
domain: customer-ref-91.goldberg.coupons
domain: bnt11.mainsage.coupons
domain: session-id-a9.mainsage.coupons
domain: aliveto.cyou
domain: k-7.mainsage.coupons
url: https://isb.gadgetwalabd.com/
url: https://isb.alpinematters.com/
domain: isb.gadgetwalabd.com
domain: isb.alpinematters.com
domain: trck.zeitgeist.coupons
domain: unique-set-02.zeitgeist.coupons
domain: v-n-v.zeitgeist.coupons
domain: m3921.clairsol.coupons
file: 23.104.160.115
hash: 8890
file: 23.104.160.116
hash: 9963
domain: fast-path-x.clairsol.coupons
domain: z99.clairsol.coupons
domain: horus65-58899.portmap.host
url: https://cryaesa.cyou/api
url: http://217.156.66.135
domain: p-link.eisenherz.coupons
domain: id-9921-auth.eisenherz.coupons
file: 188.245.92.11
hash: 443
file: 107.189.17.96
hash: 44999
domain: hansonscarriers.com
file: 129.226.150.94
hash: 443
file: 31.57.219.101
hash: 2005
file: 144.31.101.142
hash: 443
domain: q80.eisenherz.coupons
file: 2.59.218.208
hash: 443
file: 155.138.161.225
hash: 7443
file: 102.117.165.185
hash: 7443
file: 31.141.178.107
hash: 5130
domain: www.armpentest.ink
file: 223.109.212.168
hash: 10001
file: 218.255.179.148
hash: 36123
file: 5.101.86.27
hash: 46321
domain: id662.browser-crash-report.coupons
domain: proc-9-auth.browser-crash-report.coupons
domain: x8.browser-crash-report.coupons
file: 45.32.165.239
hash: 2012
file: 64.176.37.51
hash: 443
file: 94.237.27.113
hash: 8001
file: 35.156.10.131
hash: 4839
domain: v-ref.telemetry-api-v1.coupons
domain: session-8201.telemetry-api-v1.coupons
domain: z-node.telemetry-api-v1.coupons
file: 2.56.172.45
hash: 8793
domain: m-91.stackdump-collector.coupons
domain: pachisuave.com
domain: unique-trace-id.stackdump-collector.coupons
domain: b-3.stackdump-collector.coupons
domain: user29.debug-edge-cases.coupons
domain: gateway-node-x.debug-edge-cases.coupons
domain: p77.debug-edge-cases.coupons
domain: q-set.extension-health-sync.coupons
domain: sync-v-8.extension-health-sync.coupons
domain: r12.extension-health-sync.coupons
domain: log33.syslog-remote-buffer.coupons
domain: buffer-temp-a.syslog-remote-buffer.coupons
domain: w-4.syslog-remote-buffer.coupons
domain: t-9.dev-trace-analyzer.coupons
domain: thedigitalphotos.com
domain: report-stream-55.dev-trace-analyzer.coupons
file: 39.106.133.52
hash: 18443
file: 91.99.225.223
hash: 443
file: 20.251.145.93
hash: 443
file: 54.196.248.194
hash: 8443
file: 192.159.99.94
hash: 4433
domain: flowerskitty.com
domain: blueocean.endpoint-metrics-internal.coupons
domain: w53zv1lx.blue128cinder.digital
domain: 0bz6vz64.blue128cinder.digital
domain: silverleaf.endpoint-metrics-internal.coupons
domain: brightstar.endpoint-metrics-internal.coupons
domain: greenforest.runtime-error-handler.coupons

Source: ThreatFox MISP Feed

Published: Mon Feb 16 2026

ThreatFox IOCs for 2026-02-16

Medium

Malwaretype:osint tlp:white

Published: Mon Feb 16 2026 (02/16/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-02-16

AI-Powered Analysis

AILast updated: 02/17/2026, 00:13:48 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: fcb40eed-f21d-4a75-a98f-4d31a34ae0f3
Original Timestamp: 1771286587

Indicators of Compromise

File

Value	Description	Copy
file198.244.201.139	Remcos botnet C2 server (confidence level: 100%)
file195.211.96.77	Remcos botnet C2 server (confidence level: 100%)
file45.243.236.40	XWorm botnet C2 server (confidence level: 100%)
file80.71.224.47	Mirai botnet C2 server (confidence level: 100%)
file185.243.241.94	Ghost RAT botnet C2 server (confidence level: 100%)
file144.124.242.84	SectopRAT botnet C2 server (confidence level: 100%)
file102.117.166.65	Unknown malware botnet C2 server (confidence level: 100%)
file3.139.237.36	Meterpreter botnet C2 server (confidence level: 100%)
file192.159.99.107	Quasar RAT botnet C2 server (confidence level: 100%)
file37.221.66.75	Mirai botnet C2 server (confidence level: 100%)
file44.249.87.241	Sliver botnet C2 server (confidence level: 90%)
file194.26.192.214	Sliver botnet C2 server (confidence level: 90%)
file3.87.112.15	Unknown malware botnet C2 server (confidence level: 100%)
file181.162.184.56	Quasar RAT botnet C2 server (confidence level: 100%)
file18.228.82.60	Quasar RAT botnet C2 server (confidence level: 100%)
file95.163.86.204	ERMAC botnet C2 server (confidence level: 100%)
file87.251.75.231	Unknown malware botnet C2 server (confidence level: 100%)
file8.162.0.105	XWorm botnet C2 server (confidence level: 100%)
file64.89.163.98	Remcos botnet C2 server (confidence level: 100%)
file18.228.235.222	Meterpreter botnet C2 server (confidence level: 100%)
file18.228.235.222	Meterpreter botnet C2 server (confidence level: 100%)
file87.106.142.201	Mirai botnet C2 server (confidence level: 100%)
file87.106.142.201	Mirai botnet C2 server (confidence level: 100%)
file184.170.142.38	Quasar RAT botnet C2 server (confidence level: 100%)
file103.7.60.82	AsyncRAT botnet C2 server (confidence level: 100%)
file103.7.60.82	AsyncRAT botnet C2 server (confidence level: 100%)
file170.245.122.76	NjRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 100%)
file38.60.242.200	Sliver botnet C2 server (confidence level: 90%)
file167.88.36.97	Unknown malware botnet C2 server (confidence level: 100%)
file89.167.57.152	Vidar botnet C2 server (confidence level: 100%)
file80.97.160.67	Vidar botnet C2 server (confidence level: 100%)
file89.167.79.136	Vidar botnet C2 server (confidence level: 100%)
file89.167.66.139	Vidar botnet C2 server (confidence level: 100%)
file65.21.165.14	Vidar botnet C2 server (confidence level: 100%)
file46.62.220.249	Vidar botnet C2 server (confidence level: 100%)
file88.210.13.135	SectopRAT botnet C2 server (confidence level: 100%)
file15.216.6.223	Meterpreter botnet C2 server (confidence level: 100%)
file35.94.59.248	Meterpreter botnet C2 server (confidence level: 100%)
file45.92.1.138	Unknown RAT botnet C2 server (confidence level: 100%)
file91.92.242.240	Mirai botnet C2 server (confidence level: 100%)
file142.91.102.119	VShell botnet C2 server (confidence level: 100%)
file155.94.144.226	Sliver botnet C2 server (confidence level: 75%)
file34.232.174.173	DeimosC2 botnet C2 server (confidence level: 75%)
file38.60.242.200	Sliver botnet C2 server (confidence level: 75%)
file47.246.13.113	DeimosC2 botnet C2 server (confidence level: 75%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 100%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 75%)
file38.76.193.175	ValleyRAT botnet C2 server (confidence level: 75%)
file111.228.4.54	Cobalt Strike botnet C2 server (confidence level: 50%)
file4.201.220.7	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.215.58.48	Cobalt Strike botnet C2 server (confidence level: 50%)
file43.206.141.201	Cobalt Strike botnet C2 server (confidence level: 50%)
file95.216.212.8	Sliver botnet C2 server (confidence level: 50%)
file45.94.31.220	Sliver botnet C2 server (confidence level: 50%)
file84.17.45.180	Sliver botnet C2 server (confidence level: 50%)
file24.144.90.215	Sliver botnet C2 server (confidence level: 50%)
file147.93.185.25	Sliver botnet C2 server (confidence level: 50%)
file188.40.151.67	Sliver botnet C2 server (confidence level: 50%)
file198.199.73.41	Sliver botnet C2 server (confidence level: 50%)
file72.142.102.143	Sliver botnet C2 server (confidence level: 50%)
file82.165.218.73	Sliver botnet C2 server (confidence level: 50%)
file216.128.145.180	Sliver botnet C2 server (confidence level: 50%)
file178.128.65.29	Sliver botnet C2 server (confidence level: 50%)
file176.119.148.130	Sliver botnet C2 server (confidence level: 50%)
file138.201.198.73	Sliver botnet C2 server (confidence level: 50%)
file138.68.254.126	Sliver botnet C2 server (confidence level: 50%)
file138.197.145.94	Sliver botnet C2 server (confidence level: 50%)
file144.172.106.173	Sliver botnet C2 server (confidence level: 50%)
file195.177.94.132	Sliver botnet C2 server (confidence level: 50%)
file45.12.2.166	Unknown malware botnet C2 server (confidence level: 50%)
file79.148.106.231	Unknown malware botnet C2 server (confidence level: 50%)
file34.101.131.221	Unknown malware botnet C2 server (confidence level: 50%)
file181.174.165.128	Unknown malware botnet C2 server (confidence level: 50%)
file34.30.77.194	Unknown malware botnet C2 server (confidence level: 50%)
file103.153.61.202	Unknown malware botnet C2 server (confidence level: 50%)
file15.236.165.20	Unknown malware botnet C2 server (confidence level: 50%)
file27.102.138.144	Kimsuky botnet C2 server (confidence level: 50%)
file27.102.138.150	Kimsuky botnet C2 server (confidence level: 50%)
file27.102.137.38	Kimsuky botnet C2 server (confidence level: 50%)
file101.36.114.215	Kimsuky botnet C2 server (confidence level: 50%)
file93.144.96.45	AsyncRAT botnet C2 server (confidence level: 50%)
file5.160.135.38	Xtreme RAT botnet C2 server (confidence level: 50%)
file149.12.67.250	Xtreme RAT botnet C2 server (confidence level: 50%)
file71.89.141.8	Unknown malware botnet C2 server (confidence level: 50%)
file52.202.90.227	Unknown malware botnet C2 server (confidence level: 50%)
file156.223.82.207	NjRAT botnet C2 server (confidence level: 50%)
file86.104.9.131	Crimson RAT botnet C2 server (confidence level: 50%)
file176.133.239.174	Havoc botnet C2 server (confidence level: 50%)
file153.120.135.216	Unknown malware botnet C2 server (confidence level: 50%)
file121.89.205.206	Unknown malware botnet C2 server (confidence level: 50%)
file185.100.233.121	Fickle Stealer botnet C2 server (confidence level: 50%)
file155.103.71.207	Remcos botnet C2 server (confidence level: 50%)
file47.96.81.247	Cobalt Strike botnet C2 server (confidence level: 100%)
file209.54.103.189	XWorm botnet C2 server (confidence level: 100%)
file185.246.223.69	PureRAT botnet C2 server (confidence level: 100%)
file134.209.30.4	Havoc botnet C2 server (confidence level: 100%)
file24.74.213.251	MooBot botnet C2 server (confidence level: 100%)
file178.16.52.127	Remcos botnet C2 server (confidence level: 100%)
file172.65.239.53	Remcos botnet C2 server (confidence level: 100%)
file179.95.122.188	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file170.187.205.218	Chaos botnet C2 server (confidence level: 100%)
file94.237.101.201	MimiKatz botnet C2 server (confidence level: 100%)
file103.177.47.212	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.175	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.216	Meterpreter botnet C2 server (confidence level: 100%)
file103.50.255.100	AsyncRAT botnet C2 server (confidence level: 100%)
file151.243.109.247	Meterpreter botnet C2 server (confidence level: 75%)
file31.45.231.174	Meterpreter botnet C2 server (confidence level: 75%)
file185.91.127.179	XWorm botnet C2 server (confidence level: 100%)
file124.135.18.68	Mirai botnet C2 server (confidence level: 100%)
file41.9.52.105	Mirai botnet C2 server (confidence level: 100%)
file45.83.207.188	Mirai botnet C2 server (confidence level: 100%)
file197.26.167.133	Mirai botnet C2 server (confidence level: 100%)
file45.92.1.219	Quasar RAT botnet C2 server (confidence level: 100%)
file109.248.151.177	AsyncRAT botnet C2 server (confidence level: 100%)
file169.40.135.21	Unknown malware botnet C2 server (confidence level: 100%)
file172.94.9.74	Remcos botnet C2 server (confidence level: 100%)
file172.94.9.74	Remcos botnet C2 server (confidence level: 100%)
file176.107.176.77	Remcos botnet C2 server (confidence level: 100%)
file185.36.191.6	Remcos botnet C2 server (confidence level: 100%)
file193.22.96.22	Remcos botnet C2 server (confidence level: 100%)
file212.90.190.137	Remcos botnet C2 server (confidence level: 100%)
file213.177.179.35	Remcos botnet C2 server (confidence level: 100%)
file213.177.179.35	Remcos botnet C2 server (confidence level: 100%)
file13.244.92.6	Meterpreter botnet C2 server (confidence level: 100%)
file151.64.6.123	Empire Downloader botnet C2 server (confidence level: 100%)
file37.114.46.213	XWorm botnet C2 server (confidence level: 100%)
file37.114.46.213	AsyncRAT botnet C2 server (confidence level: 100%)
file37.114.46.213	AsyncRAT botnet C2 server (confidence level: 100%)
file37.114.46.213	AsyncRAT botnet C2 server (confidence level: 100%)
file5.251.45.147	Phorpiex botnet C2 server (confidence level: 100%)
file23.104.160.115	Ghost RAT botnet C2 server (confidence level: 100%)
file23.104.160.116	Ghost RAT botnet C2 server (confidence level: 100%)
file188.245.92.11	Vidar botnet C2 server (confidence level: 100%)
file107.189.17.96	Havoc botnet C2 server (confidence level: 75%)
file129.226.150.94	DeimosC2 botnet C2 server (confidence level: 75%)
file31.57.219.101	Remcos botnet C2 server (confidence level: 100%)
file144.31.101.142	DeimosC2 botnet C2 server (confidence level: 75%)
file2.59.218.208	Sliver botnet C2 server (confidence level: 90%)
file155.138.161.225	Unknown malware botnet C2 server (confidence level: 100%)
file102.117.165.185	Unknown malware botnet C2 server (confidence level: 100%)
file31.141.178.107	Ares botnet C2 server (confidence level: 90%)
file223.109.212.168	Xtreme RAT botnet C2 server (confidence level: 100%)
file218.255.179.148	DeimosC2 botnet C2 server (confidence level: 75%)
file5.101.86.27	Remcos botnet C2 server (confidence level: 75%)
file45.32.165.239	Remcos botnet C2 server (confidence level: 100%)
file64.176.37.51	Sliver botnet C2 server (confidence level: 100%)
file94.237.27.113	Sliver botnet C2 server (confidence level: 100%)
file35.156.10.131	Meterpreter botnet C2 server (confidence level: 100%)
file2.56.172.45	VShell botnet C2 server (confidence level: 100%)
file39.106.133.52	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.99.225.223	Unknown malware botnet C2 server (confidence level: 100%)
file20.251.145.93	Unknown malware botnet C2 server (confidence level: 100%)
file54.196.248.194	Havoc botnet C2 server (confidence level: 100%)
file192.159.99.94	DCRat botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash5733	Remcos botnet C2 server (confidence level: 100%)
hash2428	Remcos botnet C2 server (confidence level: 100%)
hash9898	XWorm botnet C2 server (confidence level: 100%)
hash4258	Mirai botnet C2 server (confidence level: 100%)
hash443	Ghost RAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8008	Meterpreter botnet C2 server (confidence level: 100%)
hash42069	Quasar RAT botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 90%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash13710	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	ERMAC botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash10438	XWorm botnet C2 server (confidence level: 100%)
hash2403	Remcos botnet C2 server (confidence level: 100%)
hash81	Meterpreter botnet C2 server (confidence level: 100%)
hash2181	Meterpreter botnet C2 server (confidence level: 100%)
hash61543	Mirai botnet C2 server (confidence level: 100%)
hash49376	Mirai botnet C2 server (confidence level: 100%)
hash5552	Quasar RAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash37104	AsyncRAT botnet C2 server (confidence level: 100%)
hash1177	NjRAT botnet C2 server (confidence level: 100%)
hash37104	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash9490	Meterpreter botnet C2 server (confidence level: 100%)
hash59298	Meterpreter botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash1420	Mirai botnet C2 server (confidence level: 100%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 75%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash1451	ValleyRAT botnet C2 server (confidence level: 100%)
hash2451	ValleyRAT botnet C2 server (confidence level: 75%)
hash3451	ValleyRAT botnet C2 server (confidence level: 75%)
hash4455	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash4443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash1337	AsyncRAT botnet C2 server (confidence level: 50%)
hash8099	Xtreme RAT botnet C2 server (confidence level: 50%)
hash6379	Xtreme RAT botnet C2 server (confidence level: 50%)
hash8443	Unknown malware botnet C2 server (confidence level: 50%)
hash8494	Unknown malware botnet C2 server (confidence level: 50%)
hash1177	NjRAT botnet C2 server (confidence level: 50%)
hash9446	Crimson RAT botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash8888	Unknown malware botnet C2 server (confidence level: 50%)
hash19090	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Fickle Stealer botnet C2 server (confidence level: 50%)
hash19924	Remcos botnet C2 server (confidence level: 50%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 100%)
hash63712	XWorm botnet C2 server (confidence level: 100%)
hash56001	PureRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8443	Remcos botnet C2 server (confidence level: 100%)
hash9990	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash8080	MimiKatz botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash10086	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	Meterpreter botnet C2 server (confidence level: 75%)
hash10000	Meterpreter botnet C2 server (confidence level: 75%)
hash555	XWorm botnet C2 server (confidence level: 100%)
hash2323	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash38241	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash2003	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash49309	Remcos botnet C2 server (confidence level: 100%)
hash59887	Remcos botnet C2 server (confidence level: 100%)
hash8080	Remcos botnet C2 server (confidence level: 100%)
hash8080	Remcos botnet C2 server (confidence level: 100%)
hash8090	Remcos botnet C2 server (confidence level: 100%)
hash465	Remcos botnet C2 server (confidence level: 100%)
hash8080	Remcos botnet C2 server (confidence level: 100%)
hash8279	Remcos botnet C2 server (confidence level: 100%)
hash2455	Meterpreter botnet C2 server (confidence level: 100%)
hash8080	Empire Downloader botnet C2 server (confidence level: 100%)
hash4042	XWorm botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash40500	Phorpiex botnet C2 server (confidence level: 100%)
hash8890	Ghost RAT botnet C2 server (confidence level: 100%)
hash9963	Ghost RAT botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash44999	Havoc botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash2005	Remcos botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash5130	Ares botnet C2 server (confidence level: 90%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash36123	DeimosC2 botnet C2 server (confidence level: 75%)
hash46321	Remcos botnet C2 server (confidence level: 75%)
hash2012	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8001	Sliver botnet C2 server (confidence level: 100%)
hash4839	Meterpreter botnet C2 server (confidence level: 100%)
hash8793	VShell botnet C2 server (confidence level: 100%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash4433	DCRat botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://94.154.35.115/user_profiles_photo/cptchbuild.bin	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://94.154.35.115/user_profiles_photo/chromelevator.bin	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://158.94.209.33	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-server.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://fonts-fontawesome.cfd	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://winupdateconf.cfd	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://winupdate.cfd	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sdn-cloudflare-js.cfd/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-clodflare-fotns.cfd/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://alffsave.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-clodflare-fotns.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sccdnd-ltyles.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://bssapi.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sdn-cloudflare-js-botstrup.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn2-server.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://str-smcontrcats.cfd	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://restapiserv.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://vrfimgjs.click	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://176.65.144.88/3dc541941cdc4a25.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://89.167.57.152/	Vidar botnet C2 (confidence level: 100%)
urlhttps://80.97.160.67/	Vidar botnet C2 (confidence level: 100%)
urlhttps://89.167.79.136/	Vidar botnet C2 (confidence level: 100%)
urlhttps://89.167.66.139/	Vidar botnet C2 (confidence level: 100%)
urlhttps://65.21.165.14/	Vidar botnet C2 (confidence level: 100%)
urlhttps://46.62.220.249/	Vidar botnet C2 (confidence level: 100%)
urlhttps://vrfimgjs.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://bssapi.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://alffsave.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-clodflare-fotns.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://captcha-cds.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sccdnd-ltyles.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sdn-cloudflare-js-botstrup.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://2fa-cp.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://restapiserv.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://str-smcontrcats.cfd/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://poygon-notifications.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://img-cdn-cloud.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-js-conhost.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://nascdn-js.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cdn-server-styles.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://rpc-framework-check.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://192.168.252.139:80/kunkun/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://cdn2-server.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://styles-get-img.cfd/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dev-js-cdn.cfd/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sdn-cloudflare-js.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cloud-safe.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sdn-cloudflare-js-css.click/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://firazit.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pic.gadgetwalabd.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://pic.alpinematters.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://45.11.92.124/982c183d8a9835c6.php	Stealc botnet C2 (confidence level: 50%)
urlhttps://www.jira.devergent.net/	Hook botnet C2 (confidence level: 50%)
urlhttps://coinbasehideuiqp.cc/	SpyNote botnet C2 (confidence level: 50%)
urlhttps://kimikanovps1111.beauty/	SpyNote botnet C2 (confidence level: 50%)
urlhttp://222.255.100.119/pages/login.php	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://isb.gadgetwalabd.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://isb.alpinematters.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cryaesa.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://217.156.66.135	Stealc botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainfonts-fontawesome.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domainwinupdateconf.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domainwinupdate.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domaincdn-clodflare-fotns.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domainalffsave.click	Unknown malware payload delivery domain (confidence level: 100%)
domaincdn-clodflare-fotns.click	Unknown malware payload delivery domain (confidence level: 100%)
domainsccdnd-ltyles.click	Unknown malware payload delivery domain (confidence level: 100%)
domainbssapi.click	Unknown malware payload delivery domain (confidence level: 100%)
domainsdn-cloudflare-js-botstrup.click	Unknown malware payload delivery domain (confidence level: 100%)
domaincdn2-server.click	Unknown malware payload delivery domain (confidence level: 100%)
domainstr-smcontrcats.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domainrestapiserv.click	Unknown malware payload delivery domain (confidence level: 100%)
domainvrfimgjs.click	Unknown malware payload delivery domain (confidence level: 100%)
domains3.amber9stash.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindata-flow-central.amber9stash.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnode-v99.amber9stash.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmumrj4z.didns.ru	Quasar RAT botnet C2 domain (confidence level: 100%)
domainskamottl3.duckdns.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainws.nifty4locker.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-access-point.nifty4locker.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincdn-b12.nifty4locker.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainapi.orbit6crate.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainglobal-sync-srv.orbit6crate.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion	LockBit botnet C2 domain (confidence level: 100%)
domainlockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion	LockBit botnet C2 domain (confidence level: 100%)
domaingate-07.orbit6crate.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainweddingrings.com.ph	AsyncRAT botnet C2 domain (confidence level: 100%)
domainzebuceta.ddns.net	NjRAT botnet C2 domain (confidence level: 100%)
domaindl.plum5parcel.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaininternal-web-proxy.plum5parcel.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincaptioz.shop	IClickFix botnet C2 domain (confidence level: 75%)
domainusajili.hamasagroup.com	IClickFix botnet C2 domain (confidence level: 75%)
domainusanovafoundation.org	IClickFix botnet C2 domain (confidence level: 75%)
domainfurusato-shinshu.com	IClickFix botnet C2 domain (confidence level: 75%)
domainautodentrepairphilly.com	IClickFix botnet C2 domain (confidence level: 75%)
domainwhm.beverlyhillmanor.com	IClickFix botnet C2 domain (confidence level: 75%)
domaineuromoc.co.mz	IClickFix botnet C2 domain (confidence level: 75%)
domaineuroconnectsolution.com	IClickFix botnet C2 domain (confidence level: 75%)
domainindianafoodpantry.org	IClickFix botnet C2 domain (confidence level: 75%)
domainlreindia.com	IClickFix botnet C2 domain (confidence level: 75%)
domainepfindiauan.com	IClickFix botnet C2 domain (confidence level: 75%)
domainindianrailwayrecruitment.in	IClickFix botnet C2 domain (confidence level: 75%)
domaintrustedservicez.co.za	IClickFix botnet C2 domain (confidence level: 75%)
domaingaranti-sans-virus.com	IClickFix botnet C2 domain (confidence level: 75%)
domainrussellinternationalschools.com	IClickFix botnet C2 domain (confidence level: 75%)
domaincalismaiznibasvurusu.com	IClickFix botnet C2 domain (confidence level: 75%)
domainpauloeduardodemelo1744295722000.kbral.com.br	IClickFix botnet C2 domain (confidence level: 75%)
domainramyjuicy-109c437.ingress-haven.ewp.live	IClickFix botnet C2 domain (confidence level: 75%)
domainswissnoli.eu	IClickFix botnet C2 domain (confidence level: 75%)
domainvisitassalt.com	IClickFix botnet C2 domain (confidence level: 75%)
domainelbassiounishop.com	IClickFix botnet C2 domain (confidence level: 75%)
domain250julie.nohassle.website	IClickFix botnet C2 domain (confidence level: 75%)
domainjakeislame.com	IClickFix botnet C2 domain (confidence level: 75%)
domainevy2023website.nohasslebusiness.com	IClickFix botnet C2 domain (confidence level: 75%)
domaincaldasservice.com.br	IClickFix botnet C2 domain (confidence level: 75%)
domainpasser-elle.ch	IClickFix botnet C2 domain (confidence level: 75%)
domaineps-estrich.picassomedia.de	IClickFix botnet C2 domain (confidence level: 75%)
domainkaestner-partner.picassomedia.de	IClickFix botnet C2 domain (confidence level: 75%)
domaindailynews25.world	IClickFix botnet C2 domain (confidence level: 75%)
domainindianrecipes.ru.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainpramodtoursandtravel.in.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.s666vn.fit	AsyncRAT botnet C2 domain (confidence level: 100%)
domaincloud-m3.plum5parcel.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainx7p9a.blu45modern.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainftp.corwineagles.com	Phantom Stealer botnet C2 domain (confidence level: 100%)
domainrelay.readmenownow838.info	Unknown RAT botnet C2 domain (confidence level: 100%)
domainatelier.blu45modern.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainm0d-rnflux.blu45modern.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainq4m8v.believein41fant.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhorizon.believein41fant.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbe1ieve-vvave.believein41fant.coupons	ClearFake payload delivery domain (confidence level: 100%)
domain58winn.store	Quasar RAT botnet C2 domain (confidence level: 50%)
domainonirban.in.net	Quasar RAT botnet C2 domain (confidence level: 50%)
domainsix.aaahorneswell.com	Remcos botnet C2 domain (confidence level: 50%)
domaint6k2n.khlopotun6turn.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainfirazit.com	Unknown malware payload delivery domain (confidence level: 100%)
domainworkshop.khlopotun6turn.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainruruurururururu.ru	SantaStealer botnet C2 domain (confidence level: 100%)
domainkh10p0-rnate.khlopotun6turn.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainh698pw1r.orbit44kind.digital	ClearFake payload delivery domain (confidence level: 100%)
domain3aofxgg5.orbit44kind.digital	ClearFake payload delivery domain (confidence level: 100%)
domainm9r3p.pitman123wid.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainledger.pitman123wid.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainarhibooks.radio.fm	AsyncRAT botnet C2 domain (confidence level: 100%)
domainjournal-complete.sa.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainxxblessings.minhaempresa.tv	XWorm botnet C2 domain (confidence level: 100%)
domainp1trnan-vvex.pitman123wid.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainz3n7a.reporter9speck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainpic.gadgetwalabd.com	Vidar botnet C2 domain (confidence level: 100%)
domainpic.alpinematters.com	Vidar botnet C2 domain (confidence level: 100%)
domaindispatch.reporter9speck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainrep0rt-rnix.reporter9speck.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsoftware-garlic.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainhecker12345-61516.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainc9t5q.paw85silhouette.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincontour.paw85silhouette.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsi1h0uette-llnk.paw85silhouette.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp8x1m.stone48tyranny.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmonolith.stone48tyranny.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainst0ne-vvyrd.stone48tyranny.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainr2k6d.four486stop.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwaypoint.four486stop.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainf0ur-rnark.four486stop.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaina5v9n.capitul98hypo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaintreatise.capitul98hypo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhyp0-vvrite.capitul98hypo.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainv1.bleuforet.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-cloud-link.bleuforet.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincdn-b9.bleuforet.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainchiwatoken.com	Remcos botnet C2 domain (confidence level: 100%)
domainshareitdownload.net	Remcos botnet C2 domain (confidence level: 100%)
domainclient.signin-katapult.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainws.starkwind.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindata-transfer-srv.starkwind.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnode44.starkwind.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainapi.nuitetoile.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainexternal-web-node.nuitetoile.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingate-v7.nuitetoile.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindl.schnellauf.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainauth-global-zone.schnellauf.coupons	ClearFake payload delivery domain (confidence level: 100%)
domain6qgqyv15.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domainuri2df93.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domainfrechkotikru-221.icu	MaskGramStealer botnet C2 domain (confidence level: 100%)
domainnoelmeowru-339.icu	MaskGramStealer botnet C2 domain (confidence level: 100%)
domainhuligankotru-451.icu	MaskGramStealer botnet C2 domain (confidence level: 100%)
domainrz8u2m81.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domainapp.vertjardin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainjyx7jwja.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domainkyc.kyowlmsapcxxx.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domaindirect-access-point.vertjardin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainedge-99.vertjardin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincattlegold.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainbikesdonkey.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domaininstrumentvolcano.space	Unknown Loader botnet C2 domain (confidence level: 100%)
domainhomefireman.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainshenron19862.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainu842.goldberg.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainxqz-p.goldberg.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincustomer-ref-91.goldberg.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbnt11.mainsage.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsession-id-a9.mainsage.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainaliveto.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaink-7.mainsage.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainisb.gadgetwalabd.com	Vidar botnet C2 domain (confidence level: 100%)
domainisb.alpinematters.com	Vidar botnet C2 domain (confidence level: 100%)
domaintrck.zeitgeist.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainunique-set-02.zeitgeist.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainv-n-v.zeitgeist.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainm3921.clairsol.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainfast-path-x.clairsol.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainz99.clairsol.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhorus65-58899.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainp-link.eisenherz.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainid-9921-auth.eisenherz.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhansonscarriers.com	Remcos botnet C2 domain (confidence level: 75%)
domainq80.eisenherz.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwww.armpentest.ink	Unknown malware botnet C2 domain (confidence level: 100%)
domainid662.browser-crash-report.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainproc-9-auth.browser-crash-report.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainx8.browser-crash-report.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainv-ref.telemetry-api-v1.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsession-8201.telemetry-api-v1.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainz-node.telemetry-api-v1.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainm-91.stackdump-collector.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainpachisuave.com	SystemBC botnet C2 domain (confidence level: 100%)
domainunique-trace-id.stackdump-collector.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainb-3.stackdump-collector.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainuser29.debug-edge-cases.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingateway-node-x.debug-edge-cases.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp77.debug-edge-cases.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainq-set.extension-health-sync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsync-v-8.extension-health-sync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainr12.extension-health-sync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlog33.syslog-remote-buffer.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbuffer-temp-a.syslog-remote-buffer.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainw-4.syslog-remote-buffer.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaint-9.dev-trace-analyzer.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainthedigitalphotos.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainreport-stream-55.dev-trace-analyzer.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainflowerskitty.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainblueocean.endpoint-metrics-internal.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainw53zv1lx.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domain0bz6vz64.blue128cinder.digital	ClearFake payload delivery domain (confidence level: 100%)
domainsilverleaf.endpoint-metrics-internal.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbrightstar.endpoint-metrics-internal.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingreenforest.runtime-error-handler.coupons	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 6993b2afd1735ca731bf33b3

Added to database: 2/17/2026, 12:13:35 AM

Last enriched: 2/17/2026, 12:13:48 AM

Last updated: 2/21/2026, 12:03:38 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-02-16

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-02-16

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Community Reviews

Related Threats

Android threats using GenAI usher in a new era

Maltrail IOC for 2026-02-20

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

ThreatFox IOCs for 2026-02-19

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility