Reconnecting to live updates…

ThreatFox IOCs for 2026-02-18

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information from the ThreatFox MISP feed dated February 18, 2026, relates to a malware threat categorized under OSINT, network activity, and payload delivery. The entry primarily consists of Indicators of Compromise (IOCs) intended for situational awareness and threat intelligence sharing. There are no specific affected software versions or products listed, and no patches or known exploits are associated with this threat, indicating it is not an actively exploited vulnerability but rather a collection of threat data. The threat level is rated medium, reflecting moderate concern based on the nature of the malware and its delivery mechanisms. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. The absence of concrete technical indicators or payload descriptions limits the ability to perform a deep technical analysis or to identify precise attack vectors. This intelligence is useful for enhancing detection and monitoring capabilities, particularly in network traffic analysis and payload inspection. Organizations can leverage this data to update their threat hunting and intrusion detection systems, focusing on the behavioral patterns associated with the malware's network activity and delivery methods. Overall, this entry serves as a proactive intelligence feed rather than a report of an active, exploitable vulnerability or widespread attack campaign.

Potential Impact

The potential impact of this threat on European organizations is moderate due to its classification as medium severity and the lack of active exploitation or known vulnerabilities. The malware's focus on network activity and payload delivery suggests risks related to data exfiltration, unauthorized access, or disruption of services if successfully deployed. However, since no specific affected systems or software versions are identified, the scope of impact remains uncertain. European organizations with extensive network infrastructures and reliance on OSINT tools may face increased exposure if the malware leverages these vectors. The absence of patches or known exploits indicates that the threat is more intelligence-oriented, emphasizing detection over immediate remediation. Potential impacts include increased operational costs due to enhanced monitoring requirements and the risk of undetected malware presence leading to longer-term compromise. Organizations in sectors with high-value data or critical infrastructure may experience reputational damage or regulatory scrutiny if infections occur. Overall, the threat underscores the importance of continuous network monitoring and threat intelligence integration to mitigate potential risks.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities. 2. Conduct regular network traffic analysis focusing on unusual payload delivery patterns and OSINT-related activities to identify potential malware communications. 3. Employ threat hunting exercises using behavioral analytics to detect anomalies consistent with the described malware activity. 4. Maintain updated threat intelligence feeds and ensure cross-team communication to rapidly incorporate new indicators. 5. Implement network segmentation to limit lateral movement in case of infection. 6. Enhance endpoint detection and response (EDR) tools to monitor for suspicious payload execution or delivery mechanisms. 7. Train security teams on interpreting and acting upon OSINT-derived threat intelligence to improve proactive defense. 8. Review and tighten access controls around OSINT tools and data sources to reduce exposure. 9. Establish incident response playbooks tailored to malware delivery and network activity scenarios. 10. Collaborate with national and European cybersecurity centers to share intelligence and coordinate defensive measures.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

file: 172.86.114.147
hash: 1150
url: https://greecpt.shop/
domain: datacloudhost4.baby
domain: bracesarlington.com
domain: urbanbike.velvetmaple.coupons
domain: serialmenot.com
domain: followahahaha.followz.st
file: 194.169.175.191
hash: 39002
domain: softgametime.com
url: https://softgametime.com/api/css.js
domain: playdigitalzone.com
url: https://playdigitalzone.com/api/css.js
domain: kentexroofings.com
url: https://kentexroofings.com/api/css.js
file: 78.29.43.89
hash: 40689
file: 23.234.88.233
hash: 4444
file: 23.234.88.233
hash: 34728
file: 156.205.97.11
hash: 4444
url: http://heradoux.com/4d54576e112f4297.php
file: 139.28.219.40
hash: 2404
file: 193.26.115.167
hash: 1000
file: 165.227.242.98
hash: 443
file: 128.90.115.176
hash: 4433
file: 144.172.107.162
hash: 4321
file: 199.101.111.182
hash: 3790
file: 56.68.116.159
hash: 8808
file: 43.210.161.136
hash: 13676
file: 175.41.229.219
hash: 6006
file: 54.246.13.29
hash: 443
domain: hardform.stonecraft.coupons
domain: layerstone.stonecraft.coupons
domain: craftbase.stonecraft.coupons
domain: leafwalk.timberwalk.coupons
domain: woodpath.timberwalk.coupons
domain: parkzone.timberwalk.coupons
domain: wildtimber.timberwalk.coupons
domain: darkview.nightvision.coupons
file: 8.148.70.84
hash: 1984
domain: opticscan.nightvision.coupons
domain: sightzoom.nightvision.coupons
domain: lookheat.nightvision.coupons
domain: datastream.cloudtrace.coupons
domain: linkedge.cloudtrace.coupons
domain: flowcloud.cloudtrace.coupons
file: 16.58.46.80
hash: 80
file: 200.109.215.214
hash: 443
file: 185.196.10.153
hash: 80
file: 212.38.88.137
hash: 7070
domain: kittyland.gg
domain: hostserver.cloudtrace.coupons
file: 193.142.146.9
hash: 2404
file: 149.50.96.57
hash: 80
file: 45.11.88.42
hash: 2323
file: 45.11.88.42
hash: 5555
file: 27.102.102.170
hash: 443
file: 178.128.9.221
hash: 443
file: 3.149.237.64
hash: 32638
file: 3.149.237.64
hash: 53088
file: 168.245.203.173
hash: 3790
file: 16.79.104.189
hash: 51039
domain: corepulse.metalheart.coupons
domain: beatlead.metalheart.coupons
domain: whodusp3s2z6rnenxhv7scc2w5fzsse5cmijll2vl7fo6ezk45zssjqd.onion
domain: dwgxeoaqykd3zdkhol5xpgsqabp4lys4ea7qpl3f2b75b2sdsex644id.onion
domain: usqa5b33yyc2u6kqf5au64cgj64acl2umtll76qutlmu7fckw6kh6wqd.onion
domain: 2msn5sp3af3iy2ozj4235ccsb7pnpp4tkzyxdpzutyc2sxb3mujicfyd.onion
domain: esmhbczpio7umfnxog6bk23q3nok5fjuik2dttegvezqngg2oqklo7yd.onion
domain: vpj6dzqat4n4hwb625a4qjpuzd3bzrjgw5zlwa3l6uiazdwjcib3y6ad.onion
domain: sltc7wlafwiemito2kijqlxnmjgaxrrfihztjdl25vofh7kzvs7l5dqd.onion
domain: unrqdnruyae3bngm5txc6vgz7ny2fbdwjllzhq6eioew7te6xplyndid.onion
domain: khom5v7vmc2nomkze64dsbyenn3wlxkewg6dbsvt5sujl2rmrtfy4oid.onion
domain: erqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion
domain: nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion
url: http://62.182.81.38/
domain: gearsync.metalheart.coupons
domain: boltfix.metalheart.coupons
domain: wavetide.oceansync.coupons
domain: ballisr.cyou
domain: capacif.cyou
domain: ectrodm.cyou
domain: greekcs.cyou
domain: massng.club
domain: toolitl.cyou
domain: unrepax.top
domain: imageod.cyou
domain: skiagro.top
domain: untempf.cyou
domain: loudounmovingcompany.com
domain: deepblue.oceansync.coupons
file: 38.60.242.234
hash: 64431
file: 114.221.148.161
hash: 10001
file: 114.221.148.161
hash: 47012
file: 185.112.144.66
hash: 8443
file: 41.186.188.82
hash: 3333
file: 51.103.27.26
hash: 31337
file: 167.172.199.123
hash: 31337
file: 51.255.202.32
hash: 31337
file: 51.254.33.199
hash: 31337
file: 216.245.184.39
hash: 80
file: 163.53.152.167
hash: 443
file: 195.65.51.199
hash: 8443
hash: 784bc5b431fe71aaf85f7d39c014f099
hash: 9451420233168c7b0c595257d43c7b85
hash: b2b03dfcdc2e59d81e99d20c15919a13
hash: 422755116ab311b473dd38ec88f129d9
domain: set.74fkhlsdg12.la
domain: watersalt.oceansync.coupons
url: https://pastebin.com/raw/sdsd
domain: rompompomsigma.com
domain: th6969.top
domain: binance.comtr-katilim.com
domain: bchat.cc
domain: beetongame.com
domain: tribusadao.com
domain: siriustimes.rocks
domain: siriustimes.info
domain: chiebi.com
domain: red-letter.org
domain: cekrovnyshim.com
domain: ironswordzombiekiller.com
domain: yourwrongwayz.com
domain: theinvestcofund.com
domain: networkservice.cyou
domain: www.ndibstersoft.com
domain: marle.io
domain: activitydmy.icu
domain: mnvgp.click
domain: binclloudapp.com
domain: saltcalc.oceansync.coupons
hash: c63e81ad806a0feeef913baf7b914c4f
hash: f7d7377b17fc4cdcbb783cc090d6e983
file: 130.12.182.109
hash: 419
file: 46.151.182.245
hash: 419
file: 178.16.52.166
hash: 419
file: 62.60.226.193
hash: 419
file: 62.60.226.199
hash: 419
file: 176.117.107.186
hash: 419
file: 130.12.181.219
hash: 419
domain: citypulse.urbanpulse.coupons
file: 82.26.74.181
hash: 7080
domain: freumon.top
domain: truckpig.cfd
domain: healthiron.space
domain: controlprice.xyz
file: 86.54.42.79
hash: 2404
file: 142.147.99.237
hash: 56001
file: 176.10.118.147
hash: 443
file: 178.16.54.31
hash: 80
file: 45.74.40.3
hash: 2024
domain: kitsoinsbebeclique.shop
file: 45.59.117.145
hash: 9000
file: 103.177.46.50
hash: 3790
file: 56.124.17.113
hash: 80
file: 16.112.60.211
hash: 503
file: 196.74.230.2
hash: 2222
file: 103.177.46.32
hash: 3790
file: 3.79.153.41
hash: 50995
file: 3.79.153.41
hash: 8545
file: 3.79.153.41
hash: 48395
file: 64.89.163.109
hash: 7080
file: 178.16.54.17
hash: 46534
file: 130.12.181.62
hash: 5555
file: 161.129.47.173
hash: 56001
url: https://tue.gadgetwalabd.com/
url: https://tue.alpinematters.com/
url: https://148.251.65.217/
url: https://74.0.32.76/
url: https://65.108.245.111/
url: https://94.130.47.218/
url: https://74.0.42.164/
url: https://37.221.66.62/
url: https://46.225.136.68/
url: https://74.0.42.189/
domain: tue.gadgetwalabd.com
domain: tue.alpinematters.com
file: 148.251.65.217
hash: 443
file: 74.0.32.76
hash: 443
file: 65.108.245.111
hash: 443
file: 74.0.42.164
hash: 443
file: 37.221.66.62
hash: 443
file: 46.225.136.68
hash: 443
file: 74.0.42.189
hash: 443
file: 123.136.95.226
hash: 1529
file: 13.250.222.197
hash: 8888
file: 218.255.179.148
hash: 36081
file: 34.9.91.140
hash: 8888
file: 82.165.218.73
hash: 8888
file: 84.17.45.180
hash: 8443
file: 84.17.45.180
hash: 8888
file: 99.83.215.169
hash: 8121
domain: liveroad.urbanpulse.coupons
domain: traffichub.urbanpulse.coupons
file: 158.94.209.22
hash: 35541
file: 159.26.100.129
hash: 53024
domain: pdxevwsx.lament42leave.digital
domain: se9bavje.lament42leave.digital
domain: mainstreet.urbanpulse.coupons
domain: office001.duckdns.org
domain: 11pink.ydns.eu
domain: 11pinkbk.ydns.eu
file: 192.236.154.249
hash: 6000
domain: beamglow.lightstream.coupons
domain: x7p9a.plum7ship.coupons
domain: harbor.plum7ship.coupons
domain: sakurazuma.com
url: https://sakurazuma.com/api/css.js
file: 172.94.100.227
hash: 29810
domain: p1urn-vvake.plum7ship.coupons
domain: q4m8v.ship5plum.coupons
domain: manifest.ship5plum.coupons
domain: sh1p-rnix.ship5plum.coupons
domain: fenix35630.duckdns.org
domain: ssutdf767dglmxf.dexlopenhouse.shop
domain: angelcameintheearthwithbestwishesforpers.duckdns.org
file: 77.49.253.104
hash: 995
url: https://binadata.com/
domain: t6k2n.disapp43squithes.coupons
domain: archive.disapp43squithes.coupons
domain: d1sapp-vvire.disapp43squithes.coupons
file: 147.45.60.69
hash: 443
file: 102.117.167.30
hash: 7443
domain: mflk332-50294.portmap.host
domain: lqpoartdg.localto.net
file: 168.245.203.207
hash: 3790
domain: m9r3p.mint4pack.coupons
domain: crate.mint4pack.coupons
domain: rn1nt-llow.mint4pack.coupons
domain: z3n7a.blueg78rework.coupons
domain: atelier.blueg78rework.coupons
domain: b1ueg-vveld.blueg78rework.coupons
domain: c9t5q.pack8mint.coupons
domain: lvhthej9.dictationlow.digital
domain: en2k1164.dictationlow.digital
file: 103.45.68.122
hash: 9001
url: http://91.196.33.68/8574ba9c14cf4c8b.php
domain: still-sound-5eea.utkulukkar1982.workers.dev
domain: warehouse.pack8mint.coupons
url: http://185.123.102.253/0bbfbb85010e4111.php
domain: p4ck-rnate.pack8mint.coupons
domain: p8x1m.pear6box.coupons
domain: container.pear6box.coupons
url: https://for.gadgetwalabd.com/
url: https://for.alpinematters.com/
domain: p3ar-llnk.pear6box.coupons
domain: r2k6d.military423pudd.coupons
file: 192.169.69.25
hash: 6060
file: 185.237.207.98
hash: 8443
file: 192.169.69.25
hash: 7974
domain: outpost.military423pudd.coupons
file: 31.40.204.103
hash: 1990
domain: rn1l1t-vvex.military423pudd.coupons
domain: a5v9n.box3pear.coupons
domain: consign.box3pear.coupons
domain: luawhjkuk.localto.net
file: 189.155.125.225
hash: 4782
domain: www.gorscts.shop
file: 51.15.0.28
hash: 666
domain: londonkc.zapto.org
domain: b0x-rnark.box3pear.coupons
domain: cargoflow.fig2ship.coupons
domain: oceanroute.fig2ship.coupons
domain: portentry.fig2ship.coupons
domain: marinenode.fig2ship.coupons
domain: sparkchickgame.com
url: https://sparkchickgame.com/api/css.js
domain: dlderi.com
url: https://dlderi.com/helpu.php
url: https://dlderi.com/data.php
url: https://dlderi.com/test.php
domain: speedtrack.ship9fig.coupons
domain: globalpath.ship9fig.coupons
domain: sendpoint.ship9fig.coupons
file: 178.17.62.214
hash: 443
file: 51.44.160.115
hash: 4444
file: 13.124.132.247
hash: 51200
file: 13.124.132.247
hash: 2000
file: 13.124.132.247
hash: 9200
file: 13.124.132.247
hash: 10000
file: 13.124.132.247
hash: 13000
domain: sysmaintenancerequest.onrender.com
domain: hubtransit.ship9fig.coupons
domain: greenstore.kiwi5pack.coupons
file: 198.244.201.139
hash: 2352
domain: freshpack.kiwi5pack.coupons
domain: kiwinode.kiwi5pack.coupons
url: https://saborizerefeicoes34.store/tas1/receptor.php
domain: usd56789.com
domain: fruitline.kiwi5pack.coupons
domain: supplyline.pack1kiwi.coupons
domain: boxstream.pack1kiwi.coupons
url: https://r3d.gadgetwalabd.com/
url: https://r3d.alpinematters.com/
domain: r3d.gadgetwalabd.com
domain: r3d.alpinematters.com
domain: localhub.pack1kiwi.coupons
domain: packpoint.pack1kiwi.coupons
domain: growthstep.probos7raise.coupons
domain: smartraise.probos7raise.coupons
domain: workdeck.murta46unprin.coupons
domain: printflow.murta46unprin.coupons
domain: outputsync.murta46unprin.coupons
domain: h1utmdojg.localto.net
url: http://45.150.32.124
domain: shadowpath.elusive16soot.coupons
domain: 8h6w2a84.matrimon63shadowy.digital
domain: 19z4t19x.matrimon63shadowy.digital
domain: isof63umlw.loclx.io
domain: hiddenscan.elusive16soot.coupons
domain: secretlink.elusive16soot.coupons
domain: darkhost.elusive16soot.coupons
domain: dataledger.comparis4sosun.coupons
domain: matchview.comparis4sosun.coupons
file: 50.114.206.215
hash: 80
file: 50.114.206.215
hash: 443
file: 70.39.206.183
hash: 443
file: 138.91.32.183
hash: 443
domain: linkcheck.comparis4sosun.coupons
file: 50.114.179.25
hash: 8808
file: 45.76.119.110
hash: 80
file: 95.179.191.226
hash: 443
file: 161.97.173.185
hash: 443
file: 121.37.183.136
hash: 10001
domain: comparepoint.comparis4sosun.coupons
domain: safeguard.censure47contr.coupons
domain: rulebase.censure47contr.coupons
domain: checknode.censure47contr.coupons
file: 125.72.124.131
hash: 4506
file: 51.118.64.13
hash: 80
file: 95.179.191.226
hash: 8000
file: 178.62.249.117
hash: 7443
file: 3.81.3.110
hash: 8443
file: 52.90.185.134
hash: 443
file: 45.88.186.116
hash: 9999
file: 72.60.141.53
hash: 4321
file: 208.85.23.90
hash: 3790
file: 16.63.0.161
hash: 4502
file: 13.124.132.247
hash: 3000
domain: shieldpath.censure47contr.coupons
domain: mindwave.conscious86jag.coupons
domain: activebrain.conscious86jag.coupons
file: 5.249.151.196
hash: 40056
domain: thoughtsync.conscious86jag.coupons
domain: mentalpulse.conscious86jag.coupons
domain: magicbook.overdue13wizard.coupons
domain: oldscroll.overdue13wizard.coupons
domain: nhceoeow.cropin456spire.digital
domain: jxjfs70p.cropin456spire.digital
domain: wisepath.overdue13wizard.coupons
domain: mysticpoint.overdue13wizard.coupons
domain: batchgit.cc
domain: scanersfiles.dynuddns.net
domain: scannerafiles.dynuddns.net
file: 110.42.61.166
hash: 8888
file: 167.71.81.242
hash: 443
file: 206.251.48.98
hash: 7777
file: 185.105.116.182
hash: 7777
file: 185.230.138.56
hash: 60000
domain: often-richmond.gl.at.ply.gg
domain: nightwave.bluewave.coupons
domain: deepcoast.bluewave.coupons
domain: coolsurf.bluewave.coupons
domain: blueshell.bluewave.coupons
domain: forestroot.rockwood.coupons
domain: hardbranch.rockwood.coupons

ThreatFox IOCs for 2026-02-18

Severity: medium

Type: malware

ThreatFox IOCs for 2026-02-18

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

file: 172.86.114.147
hash: 1150
url: https://greecpt.shop/
domain: datacloudhost4.baby
domain: bracesarlington.com
domain: urbanbike.velvetmaple.coupons
domain: serialmenot.com
domain: followahahaha.followz.st
file: 194.169.175.191
hash: 39002
domain: softgametime.com
url: https://softgametime.com/api/css.js
domain: playdigitalzone.com
url: https://playdigitalzone.com/api/css.js
domain: kentexroofings.com
url: https://kentexroofings.com/api/css.js
file: 78.29.43.89
hash: 40689
file: 23.234.88.233
hash: 4444
file: 23.234.88.233
hash: 34728
file: 156.205.97.11
hash: 4444
url: http://heradoux.com/4d54576e112f4297.php
file: 139.28.219.40
hash: 2404
file: 193.26.115.167
hash: 1000
file: 165.227.242.98
hash: 443
file: 128.90.115.176
hash: 4433
file: 144.172.107.162
hash: 4321
file: 199.101.111.182
hash: 3790
file: 56.68.116.159
hash: 8808
file: 43.210.161.136
hash: 13676
file: 175.41.229.219
hash: 6006
file: 54.246.13.29
hash: 443
domain: hardform.stonecraft.coupons
domain: layerstone.stonecraft.coupons
domain: craftbase.stonecraft.coupons
domain: leafwalk.timberwalk.coupons
domain: woodpath.timberwalk.coupons
domain: parkzone.timberwalk.coupons
domain: wildtimber.timberwalk.coupons
domain: darkview.nightvision.coupons
file: 8.148.70.84
hash: 1984
domain: opticscan.nightvision.coupons
domain: sightzoom.nightvision.coupons
domain: lookheat.nightvision.coupons
domain: datastream.cloudtrace.coupons
domain: linkedge.cloudtrace.coupons
domain: flowcloud.cloudtrace.coupons
file: 16.58.46.80
hash: 80
file: 200.109.215.214
hash: 443
file: 185.196.10.153
hash: 80
file: 212.38.88.137
hash: 7070
domain: kittyland.gg
domain: hostserver.cloudtrace.coupons
file: 193.142.146.9
hash: 2404
file: 149.50.96.57
hash: 80
file: 45.11.88.42
hash: 2323
file: 45.11.88.42
hash: 5555
file: 27.102.102.170
hash: 443
file: 178.128.9.221
hash: 443
file: 3.149.237.64
hash: 32638
file: 3.149.237.64
hash: 53088
file: 168.245.203.173
hash: 3790
file: 16.79.104.189
hash: 51039
domain: corepulse.metalheart.coupons
domain: beatlead.metalheart.coupons
domain: whodusp3s2z6rnenxhv7scc2w5fzsse5cmijll2vl7fo6ezk45zssjqd.onion
domain: dwgxeoaqykd3zdkhol5xpgsqabp4lys4ea7qpl3f2b75b2sdsex644id.onion
domain: usqa5b33yyc2u6kqf5au64cgj64acl2umtll76qutlmu7fckw6kh6wqd.onion
domain: 2msn5sp3af3iy2ozj4235ccsb7pnpp4tkzyxdpzutyc2sxb3mujicfyd.onion
domain: esmhbczpio7umfnxog6bk23q3nok5fjuik2dttegvezqngg2oqklo7yd.onion
domain: vpj6dzqat4n4hwb625a4qjpuzd3bzrjgw5zlwa3l6uiazdwjcib3y6ad.onion
domain: sltc7wlafwiemito2kijqlxnmjgaxrrfihztjdl25vofh7kzvs7l5dqd.onion
domain: unrqdnruyae3bngm5txc6vgz7ny2fbdwjllzhq6eioew7te6xplyndid.onion
domain: khom5v7vmc2nomkze64dsbyenn3wlxkewg6dbsvt5sujl2rmrtfy4oid.onion
domain: erqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion
domain: nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion
url: http://62.182.81.38/
domain: gearsync.metalheart.coupons
domain: boltfix.metalheart.coupons
domain: wavetide.oceansync.coupons
domain: ballisr.cyou
domain: capacif.cyou
domain: ectrodm.cyou
domain: greekcs.cyou
domain: massng.club
domain: toolitl.cyou
domain: unrepax.top
domain: imageod.cyou
domain: skiagro.top
domain: untempf.cyou
domain: loudounmovingcompany.com
domain: deepblue.oceansync.coupons
file: 38.60.242.234
hash: 64431
file: 114.221.148.161
hash: 10001
file: 114.221.148.161
hash: 47012
file: 185.112.144.66
hash: 8443
file: 41.186.188.82
hash: 3333
file: 51.103.27.26
hash: 31337
file: 167.172.199.123
hash: 31337
file: 51.255.202.32
hash: 31337
file: 51.254.33.199
hash: 31337
file: 216.245.184.39
hash: 80
file: 163.53.152.167
hash: 443
file: 195.65.51.199
hash: 8443
hash: 784bc5b431fe71aaf85f7d39c014f099
hash: 9451420233168c7b0c595257d43c7b85
hash: b2b03dfcdc2e59d81e99d20c15919a13
hash: 422755116ab311b473dd38ec88f129d9
domain: set.74fkhlsdg12.la
domain: watersalt.oceansync.coupons
url: https://pastebin.com/raw/sdsd
domain: rompompomsigma.com
domain: th6969.top
domain: binance.comtr-katilim.com
domain: bchat.cc
domain: beetongame.com
domain: tribusadao.com
domain: siriustimes.rocks
domain: siriustimes.info
domain: chiebi.com
domain: red-letter.org
domain: cekrovnyshim.com
domain: ironswordzombiekiller.com
domain: yourwrongwayz.com
domain: theinvestcofund.com
domain: networkservice.cyou
domain: www.ndibstersoft.com
domain: marle.io
domain: activitydmy.icu
domain: mnvgp.click
domain: binclloudapp.com
domain: saltcalc.oceansync.coupons
hash: c63e81ad806a0feeef913baf7b914c4f
hash: f7d7377b17fc4cdcbb783cc090d6e983
file: 130.12.182.109
hash: 419
file: 46.151.182.245
hash: 419
file: 178.16.52.166
hash: 419
file: 62.60.226.193
hash: 419
file: 62.60.226.199
hash: 419
file: 176.117.107.186
hash: 419
file: 130.12.181.219
hash: 419
domain: citypulse.urbanpulse.coupons
file: 82.26.74.181
hash: 7080
domain: freumon.top
domain: truckpig.cfd
domain: healthiron.space
domain: controlprice.xyz
file: 86.54.42.79
hash: 2404
file: 142.147.99.237
hash: 56001
file: 176.10.118.147
hash: 443
file: 178.16.54.31
hash: 80
file: 45.74.40.3
hash: 2024
domain: kitsoinsbebeclique.shop
file: 45.59.117.145
hash: 9000
file: 103.177.46.50
hash: 3790
file: 56.124.17.113
hash: 80
file: 16.112.60.211
hash: 503
file: 196.74.230.2
hash: 2222
file: 103.177.46.32
hash: 3790
file: 3.79.153.41
hash: 50995
file: 3.79.153.41
hash: 8545
file: 3.79.153.41
hash: 48395
file: 64.89.163.109
hash: 7080
file: 178.16.54.17
hash: 46534
file: 130.12.181.62
hash: 5555
file: 161.129.47.173
hash: 56001
url: https://tue.gadgetwalabd.com/
url: https://tue.alpinematters.com/
url: https://148.251.65.217/
url: https://74.0.32.76/
url: https://65.108.245.111/
url: https://94.130.47.218/
url: https://74.0.42.164/
url: https://37.221.66.62/
url: https://46.225.136.68/
url: https://74.0.42.189/
domain: tue.gadgetwalabd.com
domain: tue.alpinematters.com
file: 148.251.65.217
hash: 443
file: 74.0.32.76
hash: 443
file: 65.108.245.111
hash: 443
file: 74.0.42.164
hash: 443
file: 37.221.66.62
hash: 443
file: 46.225.136.68
hash: 443
file: 74.0.42.189
hash: 443
file: 123.136.95.226
hash: 1529
file: 13.250.222.197
hash: 8888
file: 218.255.179.148
hash: 36081
file: 34.9.91.140
hash: 8888
file: 82.165.218.73
hash: 8888
file: 84.17.45.180
hash: 8443
file: 84.17.45.180
hash: 8888
file: 99.83.215.169
hash: 8121
domain: liveroad.urbanpulse.coupons
domain: traffichub.urbanpulse.coupons
file: 158.94.209.22
hash: 35541
file: 159.26.100.129
hash: 53024
domain: pdxevwsx.lament42leave.digital
domain: se9bavje.lament42leave.digital
domain: mainstreet.urbanpulse.coupons
domain: office001.duckdns.org
domain: 11pink.ydns.eu
domain: 11pinkbk.ydns.eu
file: 192.236.154.249
hash: 6000
domain: beamglow.lightstream.coupons
domain: x7p9a.plum7ship.coupons
domain: harbor.plum7ship.coupons
domain: sakurazuma.com
url: https://sakurazuma.com/api/css.js
file: 172.94.100.227
hash: 29810
domain: p1urn-vvake.plum7ship.coupons
domain: q4m8v.ship5plum.coupons
domain: manifest.ship5plum.coupons
domain: sh1p-rnix.ship5plum.coupons
domain: fenix35630.duckdns.org
domain: ssutdf767dglmxf.dexlopenhouse.shop
domain: angelcameintheearthwithbestwishesforpers.duckdns.org
file: 77.49.253.104
hash: 995
url: https://binadata.com/
domain: t6k2n.disapp43squithes.coupons
domain: archive.disapp43squithes.coupons
domain: d1sapp-vvire.disapp43squithes.coupons
file: 147.45.60.69
hash: 443
file: 102.117.167.30
hash: 7443
domain: mflk332-50294.portmap.host
domain: lqpoartdg.localto.net
file: 168.245.203.207
hash: 3790
domain: m9r3p.mint4pack.coupons
domain: crate.mint4pack.coupons
domain: rn1nt-llow.mint4pack.coupons
domain: z3n7a.blueg78rework.coupons
domain: atelier.blueg78rework.coupons
domain: b1ueg-vveld.blueg78rework.coupons
domain: c9t5q.pack8mint.coupons
domain: lvhthej9.dictationlow.digital
domain: en2k1164.dictationlow.digital
file: 103.45.68.122
hash: 9001
url: http://91.196.33.68/8574ba9c14cf4c8b.php
domain: still-sound-5eea.utkulukkar1982.workers.dev
domain: warehouse.pack8mint.coupons
url: http://185.123.102.253/0bbfbb85010e4111.php
domain: p4ck-rnate.pack8mint.coupons
domain: p8x1m.pear6box.coupons
domain: container.pear6box.coupons
url: https://for.gadgetwalabd.com/
url: https://for.alpinematters.com/
domain: p3ar-llnk.pear6box.coupons
domain: r2k6d.military423pudd.coupons
file: 192.169.69.25
hash: 6060
file: 185.237.207.98
hash: 8443
file: 192.169.69.25
hash: 7974
domain: outpost.military423pudd.coupons
file: 31.40.204.103
hash: 1990
domain: rn1l1t-vvex.military423pudd.coupons
domain: a5v9n.box3pear.coupons
domain: consign.box3pear.coupons
domain: luawhjkuk.localto.net
file: 189.155.125.225
hash: 4782
domain: www.gorscts.shop
file: 51.15.0.28
hash: 666
domain: londonkc.zapto.org
domain: b0x-rnark.box3pear.coupons
domain: cargoflow.fig2ship.coupons
domain: oceanroute.fig2ship.coupons
domain: portentry.fig2ship.coupons
domain: marinenode.fig2ship.coupons
domain: sparkchickgame.com
url: https://sparkchickgame.com/api/css.js
domain: dlderi.com
url: https://dlderi.com/helpu.php
url: https://dlderi.com/data.php
url: https://dlderi.com/test.php
domain: speedtrack.ship9fig.coupons
domain: globalpath.ship9fig.coupons
domain: sendpoint.ship9fig.coupons
file: 178.17.62.214
hash: 443
file: 51.44.160.115
hash: 4444
file: 13.124.132.247
hash: 51200
file: 13.124.132.247
hash: 2000
file: 13.124.132.247
hash: 9200
file: 13.124.132.247
hash: 10000
file: 13.124.132.247
hash: 13000
domain: sysmaintenancerequest.onrender.com
domain: hubtransit.ship9fig.coupons
domain: greenstore.kiwi5pack.coupons
file: 198.244.201.139
hash: 2352
domain: freshpack.kiwi5pack.coupons
domain: kiwinode.kiwi5pack.coupons
url: https://saborizerefeicoes34.store/tas1/receptor.php
domain: usd56789.com
domain: fruitline.kiwi5pack.coupons
domain: supplyline.pack1kiwi.coupons
domain: boxstream.pack1kiwi.coupons
url: https://r3d.gadgetwalabd.com/
url: https://r3d.alpinematters.com/
domain: r3d.gadgetwalabd.com
domain: r3d.alpinematters.com
domain: localhub.pack1kiwi.coupons
domain: packpoint.pack1kiwi.coupons
domain: growthstep.probos7raise.coupons
domain: smartraise.probos7raise.coupons
domain: workdeck.murta46unprin.coupons
domain: printflow.murta46unprin.coupons
domain: outputsync.murta46unprin.coupons
domain: h1utmdojg.localto.net
url: http://45.150.32.124
domain: shadowpath.elusive16soot.coupons
domain: 8h6w2a84.matrimon63shadowy.digital
domain: 19z4t19x.matrimon63shadowy.digital
domain: isof63umlw.loclx.io
domain: hiddenscan.elusive16soot.coupons
domain: secretlink.elusive16soot.coupons
domain: darkhost.elusive16soot.coupons
domain: dataledger.comparis4sosun.coupons
domain: matchview.comparis4sosun.coupons
file: 50.114.206.215
hash: 80
file: 50.114.206.215
hash: 443
file: 70.39.206.183
hash: 443
file: 138.91.32.183
hash: 443
domain: linkcheck.comparis4sosun.coupons
file: 50.114.179.25
hash: 8808
file: 45.76.119.110
hash: 80
file: 95.179.191.226
hash: 443
file: 161.97.173.185
hash: 443
file: 121.37.183.136
hash: 10001
domain: comparepoint.comparis4sosun.coupons
domain: safeguard.censure47contr.coupons
domain: rulebase.censure47contr.coupons
domain: checknode.censure47contr.coupons
file: 125.72.124.131
hash: 4506
file: 51.118.64.13
hash: 80
file: 95.179.191.226
hash: 8000
file: 178.62.249.117
hash: 7443
file: 3.81.3.110
hash: 8443
file: 52.90.185.134
hash: 443
file: 45.88.186.116
hash: 9999
file: 72.60.141.53
hash: 4321
file: 208.85.23.90
hash: 3790
file: 16.63.0.161
hash: 4502
file: 13.124.132.247
hash: 3000
domain: shieldpath.censure47contr.coupons
domain: mindwave.conscious86jag.coupons
domain: activebrain.conscious86jag.coupons
file: 5.249.151.196
hash: 40056
domain: thoughtsync.conscious86jag.coupons
domain: mentalpulse.conscious86jag.coupons
domain: magicbook.overdue13wizard.coupons
domain: oldscroll.overdue13wizard.coupons
domain: nhceoeow.cropin456spire.digital
domain: jxjfs70p.cropin456spire.digital
domain: wisepath.overdue13wizard.coupons
domain: mysticpoint.overdue13wizard.coupons
domain: batchgit.cc
domain: scanersfiles.dynuddns.net
domain: scannerafiles.dynuddns.net
file: 110.42.61.166
hash: 8888
file: 167.71.81.242
hash: 443
file: 206.251.48.98
hash: 7777
file: 185.105.116.182
hash: 7777
file: 185.230.138.56
hash: 60000
domain: often-richmond.gl.at.ply.gg
domain: nightwave.bluewave.coupons
domain: deepcoast.bluewave.coupons
domain: coolsurf.bluewave.coupons
domain: blueshell.bluewave.coupons
domain: forestroot.rockwood.coupons
domain: hardbranch.rockwood.coupons

Source: ThreatFox MISP Feed

Published: Wed Feb 18 2026

ThreatFox IOCs for 2026-02-18

Medium

Malwaretype:osint tlp:white

Published: Wed Feb 18 2026 (02/18/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-02-18

AI-Powered Analysis

AILast updated: 02/19/2026, 00:10:47 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 351b46c0-8a40-4a99-bb79-2af7194b0764
Original Timestamp: 1771459388

Indicators of Compromise

File

Value	Description	Copy
file172.86.114.147	Mirai botnet C2 server (confidence level: 100%)
file194.169.175.191	zgRAT botnet C2 server (confidence level: 100%)
file78.29.43.89	XWorm botnet C2 server (confidence level: 100%)
file23.234.88.233	XenoRAT botnet C2 server (confidence level: 100%)
file23.234.88.233	XenoRAT botnet C2 server (confidence level: 100%)
file156.205.97.11	XWorm botnet C2 server (confidence level: 100%)
file139.28.219.40	Remcos botnet C2 server (confidence level: 100%)
file193.26.115.167	Remcos botnet C2 server (confidence level: 100%)
file165.227.242.98	Sliver botnet C2 server (confidence level: 100%)
file128.90.115.176	DCRat botnet C2 server (confidence level: 100%)
file144.172.107.162	AdaptixC2 botnet C2 server (confidence level: 100%)
file199.101.111.182	Meterpreter botnet C2 server (confidence level: 100%)
file56.68.116.159	Meterpreter botnet C2 server (confidence level: 100%)
file43.210.161.136	Meterpreter botnet C2 server (confidence level: 100%)
file175.41.229.219	Meterpreter botnet C2 server (confidence level: 100%)
file54.246.13.29	BianLian botnet C2 server (confidence level: 100%)
file8.148.70.84	XWorm botnet C2 server (confidence level: 100%)
file16.58.46.80	Unknown malware botnet C2 server (confidence level: 100%)
file200.109.215.214	Quasar RAT botnet C2 server (confidence level: 100%)
file185.196.10.153	Havoc botnet C2 server (confidence level: 100%)
file212.38.88.137	Venom RAT botnet C2 server (confidence level: 100%)
file193.142.146.9	Remcos botnet C2 server (confidence level: 100%)
file149.50.96.57	Remcos botnet C2 server (confidence level: 100%)
file45.11.88.42	Remcos botnet C2 server (confidence level: 100%)
file45.11.88.42	Remcos botnet C2 server (confidence level: 100%)
file27.102.102.170	Remcos botnet C2 server (confidence level: 100%)
file178.128.9.221	Sliver botnet C2 server (confidence level: 100%)
file3.149.237.64	Meterpreter botnet C2 server (confidence level: 100%)
file3.149.237.64	Meterpreter botnet C2 server (confidence level: 100%)
file168.245.203.173	Meterpreter botnet C2 server (confidence level: 100%)
file16.79.104.189	Meterpreter botnet C2 server (confidence level: 100%)
file38.60.242.234	Sliver botnet C2 server (confidence level: 90%)
file114.221.148.161	Xtreme RAT botnet C2 server (confidence level: 100%)
file114.221.148.161	Xtreme RAT botnet C2 server (confidence level: 100%)
file185.112.144.66	Unknown malware botnet C2 server (confidence level: 50%)
file41.186.188.82	Unknown malware botnet C2 server (confidence level: 50%)
file51.103.27.26	Sliver botnet C2 server (confidence level: 50%)
file167.172.199.123	Sliver botnet C2 server (confidence level: 50%)
file51.255.202.32	Sliver botnet C2 server (confidence level: 50%)
file51.254.33.199	Sliver botnet C2 server (confidence level: 50%)
file216.245.184.39	Cobalt Strike botnet C2 server (confidence level: 50%)
file163.53.152.167	Unknown malware botnet C2 server (confidence level: 50%)
file195.65.51.199	Unknown malware botnet C2 server (confidence level: 50%)
file130.12.182.109	Tofsee botnet C2 server (confidence level: 75%)
file46.151.182.245	Tofsee botnet C2 server (confidence level: 75%)
file178.16.52.166	Tofsee botnet C2 server (confidence level: 75%)
file62.60.226.193	Tofsee botnet C2 server (confidence level: 75%)
file62.60.226.199	Tofsee botnet C2 server (confidence level: 75%)
file176.117.107.186	Tofsee botnet C2 server (confidence level: 75%)
file130.12.181.219	Tofsee botnet C2 server (confidence level: 75%)
file82.26.74.181	Mirai botnet C2 server (confidence level: 100%)
file86.54.42.79	Remcos botnet C2 server (confidence level: 100%)
file142.147.99.237	PureRAT botnet C2 server (confidence level: 100%)
file176.10.118.147	Socks5 Systemz botnet C2 server (confidence level: 75%)
file178.16.54.31	Socks5 Systemz botnet C2 server (confidence level: 75%)
file45.74.40.3	Socks5 Systemz botnet C2 server (confidence level: 75%)
file45.59.117.145	SectopRAT botnet C2 server (confidence level: 100%)
file103.177.46.50	Meterpreter botnet C2 server (confidence level: 100%)
file56.124.17.113	Meterpreter botnet C2 server (confidence level: 100%)
file16.112.60.211	Meterpreter botnet C2 server (confidence level: 100%)
file196.74.230.2	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.32	Meterpreter botnet C2 server (confidence level: 100%)
file3.79.153.41	Meterpreter botnet C2 server (confidence level: 100%)
file3.79.153.41	Meterpreter botnet C2 server (confidence level: 100%)
file3.79.153.41	Meterpreter botnet C2 server (confidence level: 100%)
file64.89.163.109	Bashlite botnet C2 server (confidence level: 75%)
file178.16.54.17	Mirai botnet C2 server (confidence level: 75%)
file130.12.181.62	Mirai botnet C2 server (confidence level: 75%)
file161.129.47.173	PureRAT botnet C2 server (confidence level: 100%)
file148.251.65.217	Vidar botnet C2 server (confidence level: 100%)
file74.0.32.76	Vidar botnet C2 server (confidence level: 100%)
file65.108.245.111	Vidar botnet C2 server (confidence level: 100%)
file74.0.42.164	Vidar botnet C2 server (confidence level: 100%)
file37.221.66.62	Vidar botnet C2 server (confidence level: 100%)
file46.225.136.68	Vidar botnet C2 server (confidence level: 100%)
file74.0.42.189	Vidar botnet C2 server (confidence level: 100%)
file123.136.95.226	XOR DDoS botnet C2 server (confidence level: 75%)
file13.250.222.197	Sliver botnet C2 server (confidence level: 75%)
file218.255.179.148	DeimosC2 botnet C2 server (confidence level: 75%)
file34.9.91.140	Sliver botnet C2 server (confidence level: 75%)
file82.165.218.73	Sliver botnet C2 server (confidence level: 75%)
file84.17.45.180	Sliver botnet C2 server (confidence level: 75%)
file84.17.45.180	Sliver botnet C2 server (confidence level: 75%)
file99.83.215.169	DeimosC2 botnet C2 server (confidence level: 75%)
file158.94.209.22	AdWind botnet C2 server (confidence level: 100%)
file159.26.100.129	Nanocore RAT botnet C2 server (confidence level: 100%)
file192.236.154.249	XWorm botnet C2 server (confidence level: 100%)
file172.94.100.227	Remcos botnet C2 server (confidence level: 100%)
file77.49.253.104	QakBot botnet C2 server (confidence level: 100%)
file147.45.60.69	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file102.117.167.30	Unknown malware botnet C2 server (confidence level: 100%)
file168.245.203.207	Meterpreter botnet C2 server (confidence level: 100%)
file103.45.68.122	ValleyRAT botnet C2 server (confidence level: 100%)
file192.169.69.25	AsyncRAT botnet C2 server (confidence level: 100%)
file185.237.207.98	Meterpreter botnet C2 server (confidence level: 75%)
file192.169.69.25	AsyncRAT botnet C2 server (confidence level: 100%)
file31.40.204.103	XWorm botnet C2 server (confidence level: 100%)
file189.155.125.225	Quasar RAT botnet C2 server (confidence level: 100%)
file51.15.0.28	Ghost RAT botnet C2 server (confidence level: 100%)
file178.17.62.214	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.44.160.115	AdaptixC2 botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file198.244.201.139	XWorm botnet C2 server (confidence level: 100%)
file50.114.206.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file50.114.206.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file70.39.206.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file138.91.32.183	Sliver botnet C2 server (confidence level: 90%)
file50.114.179.25	AsyncRAT botnet C2 server (confidence level: 100%)
file45.76.119.110	Unknown malware botnet C2 server (confidence level: 100%)
file95.179.191.226	Havoc botnet C2 server (confidence level: 100%)
file161.97.173.185	Havoc botnet C2 server (confidence level: 100%)
file121.37.183.136	Xtreme RAT botnet C2 server (confidence level: 100%)
file125.72.124.131	DeimosC2 botnet C2 server (confidence level: 75%)
file51.118.64.13	Sliver botnet C2 server (confidence level: 100%)
file95.179.191.226	Sliver botnet C2 server (confidence level: 100%)
file178.62.249.117	Unknown malware botnet C2 server (confidence level: 100%)
file3.81.3.110	Havoc botnet C2 server (confidence level: 100%)
file52.90.185.134	Havoc botnet C2 server (confidence level: 100%)
file45.88.186.116	DCRat botnet C2 server (confidence level: 100%)
file72.60.141.53	AdaptixC2 botnet C2 server (confidence level: 100%)
file208.85.23.90	Meterpreter botnet C2 server (confidence level: 100%)
file16.63.0.161	Meterpreter botnet C2 server (confidence level: 100%)
file13.124.132.247	Meterpreter botnet C2 server (confidence level: 100%)
file5.249.151.196	Havoc botnet C2 server (confidence level: 75%)
file110.42.61.166	Unknown malware botnet C2 server (confidence level: 100%)
file167.71.81.242	Unknown malware botnet C2 server (confidence level: 100%)
file206.251.48.98	DCRat botnet C2 server (confidence level: 100%)
file185.105.116.182	DCRat botnet C2 server (confidence level: 100%)
file185.230.138.56	Unknown malware botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash1150	Mirai botnet C2 server (confidence level: 100%)
hash39002	zgRAT botnet C2 server (confidence level: 100%)
hash40689	XWorm botnet C2 server (confidence level: 100%)
hash4444	XenoRAT botnet C2 server (confidence level: 100%)
hash34728	XenoRAT botnet C2 server (confidence level: 100%)
hash4444	XWorm botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash1000	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash4433	DCRat botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash8808	Meterpreter botnet C2 server (confidence level: 100%)
hash13676	Meterpreter botnet C2 server (confidence level: 100%)
hash6006	Meterpreter botnet C2 server (confidence level: 100%)
hash443	BianLian botnet C2 server (confidence level: 100%)
hash1984	XWorm botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash7070	Venom RAT botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash80	Remcos botnet C2 server (confidence level: 100%)
hash2323	Remcos botnet C2 server (confidence level: 100%)
hash5555	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash32638	Meterpreter botnet C2 server (confidence level: 100%)
hash53088	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash51039	Meterpreter botnet C2 server (confidence level: 100%)
hash64431	Sliver botnet C2 server (confidence level: 90%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash47012	Xtreme RAT botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash8443	Unknown malware botnet C2 server (confidence level: 50%)
hash784bc5b431fe71aaf85f7d39c014f099	Interlock payload (confidence level: 100%)
hash9451420233168c7b0c595257d43c7b85	Interlock payload (confidence level: 100%)
hashb2b03dfcdc2e59d81e99d20c15919a13	Interlock payload (confidence level: 100%)
hash422755116ab311b473dd38ec88f129d9	Interlock payload (confidence level: 100%)
hashc63e81ad806a0feeef913baf7b914c4f	Unknown malware payload (confidence level: 100%)
hashf7d7377b17fc4cdcbb783cc090d6e983	Unknown malware payload (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash419	Tofsee botnet C2 server (confidence level: 75%)
hash7080	Mirai botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash56001	PureRAT botnet C2 server (confidence level: 100%)
hash443	Socks5 Systemz botnet C2 server (confidence level: 75%)
hash80	Socks5 Systemz botnet C2 server (confidence level: 75%)
hash2024	Socks5 Systemz botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Meterpreter botnet C2 server (confidence level: 100%)
hash503	Meterpreter botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash50995	Meterpreter botnet C2 server (confidence level: 100%)
hash8545	Meterpreter botnet C2 server (confidence level: 100%)
hash48395	Meterpreter botnet C2 server (confidence level: 100%)
hash7080	Bashlite botnet C2 server (confidence level: 75%)
hash46534	Mirai botnet C2 server (confidence level: 75%)
hash5555	Mirai botnet C2 server (confidence level: 75%)
hash56001	PureRAT botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash1529	XOR DDoS botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash36081	DeimosC2 botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8443	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8121	DeimosC2 botnet C2 server (confidence level: 75%)
hash35541	AdWind botnet C2 server (confidence level: 100%)
hash53024	Nanocore RAT botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash29810	Remcos botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash9001	ValleyRAT botnet C2 server (confidence level: 100%)
hash6060	AsyncRAT botnet C2 server (confidence level: 100%)
hash8443	Meterpreter botnet C2 server (confidence level: 75%)
hash7974	AsyncRAT botnet C2 server (confidence level: 100%)
hash1990	XWorm botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash666	Ghost RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4444	AdaptixC2 botnet C2 server (confidence level: 100%)
hash51200	Meterpreter botnet C2 server (confidence level: 100%)
hash2000	Meterpreter botnet C2 server (confidence level: 100%)
hash9200	Meterpreter botnet C2 server (confidence level: 100%)
hash10000	Meterpreter botnet C2 server (confidence level: 100%)
hash13000	Meterpreter botnet C2 server (confidence level: 100%)
hash2352	XWorm botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 100%)
hash8000	Sliver botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash9999	DCRat botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash4502	Meterpreter botnet C2 server (confidence level: 100%)
hash3000	Meterpreter botnet C2 server (confidence level: 100%)
hash40056	Havoc botnet C2 server (confidence level: 75%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://greecpt.shop/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://softgametime.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://playdigitalzone.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://kentexroofings.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://heradoux.com/4d54576e112f4297.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://62.182.81.38/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://pastebin.com/raw/sdsd	XWorm botnet C2 (confidence level: 50%)
urlhttps://tue.gadgetwalabd.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://tue.alpinematters.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://148.251.65.217/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.32.76/	Vidar botnet C2 (confidence level: 100%)
urlhttps://65.108.245.111/	Vidar botnet C2 (confidence level: 100%)
urlhttps://94.130.47.218/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.42.164/	Vidar botnet C2 (confidence level: 100%)
urlhttps://37.221.66.62/	Vidar botnet C2 (confidence level: 100%)
urlhttps://46.225.136.68/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.42.189/	Vidar botnet C2 (confidence level: 100%)
urlhttps://sakurazuma.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://binadata.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://91.196.33.68/8574ba9c14cf4c8b.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://185.123.102.253/0bbfbb85010e4111.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://for.gadgetwalabd.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://for.alpinematters.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://sparkchickgame.com/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dlderi.com/helpu.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dlderi.com/data.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dlderi.com/test.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://saborizerefeicoes34.store/tas1/receptor.php	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://r3d.gadgetwalabd.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://r3d.alpinematters.com/	Vidar botnet C2 (confidence level: 100%)
urlhttp://45.150.32.124	Stealc botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domaindatacloudhost4.baby	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainbracesarlington.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainurbanbike.velvetmaple.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainserialmenot.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainfollowahahaha.followz.st	Mirai botnet C2 domain (confidence level: 100%)
domainsoftgametime.com	Unknown malware payload delivery domain (confidence level: 100%)
domainplaydigitalzone.com	Unknown malware payload delivery domain (confidence level: 100%)
domainkentexroofings.com	Unknown malware payload delivery domain (confidence level: 100%)
domainhardform.stonecraft.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlayerstone.stonecraft.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincraftbase.stonecraft.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainleafwalk.timberwalk.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwoodpath.timberwalk.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainparkzone.timberwalk.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwildtimber.timberwalk.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindarkview.nightvision.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainopticscan.nightvision.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsightzoom.nightvision.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlookheat.nightvision.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindatastream.cloudtrace.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlinkedge.cloudtrace.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainflowcloud.cloudtrace.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainkittyland.gg	XWorm botnet C2 domain (confidence level: 100%)
domainhostserver.cloudtrace.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincorepulse.metalheart.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbeatlead.metalheart.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwhodusp3s2z6rnenxhv7scc2w5fzsse5cmijll2vl7fo6ezk45zssjqd.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domaindwgxeoaqykd3zdkhol5xpgsqabp4lys4ea7qpl3f2b75b2sdsex644id.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainusqa5b33yyc2u6kqf5au64cgj64acl2umtll76qutlmu7fckw6kh6wqd.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domain2msn5sp3af3iy2ozj4235ccsb7pnpp4tkzyxdpzutyc2sxb3mujicfyd.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainesmhbczpio7umfnxog6bk23q3nok5fjuik2dttegvezqngg2oqklo7yd.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainvpj6dzqat4n4hwb625a4qjpuzd3bzrjgw5zlwa3l6uiazdwjcib3y6ad.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainsltc7wlafwiemito2kijqlxnmjgaxrrfihztjdl25vofh7kzvs7l5dqd.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainunrqdnruyae3bngm5txc6vgz7ny2fbdwjllzhq6eioew7te6xplyndid.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainkhom5v7vmc2nomkze64dsbyenn3wlxkewg6dbsvt5sujl2rmrtfy4oid.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domainnerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion	Unknown malware botnet C2 domain (confidence level: 100%)
domaingearsync.metalheart.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainboltfix.metalheart.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainwavetide.oceansync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainballisr.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincapacif.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainectrodm.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingreekcs.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmassng.club	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintoolitl.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainunrepax.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainimageod.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainskiagro.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainuntempf.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainloudounmovingcompany.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domaindeepblue.oceansync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainset.74fkhlsdg12.la	XOR DDoS botnet C2 domain (confidence level: 100%)
domainwatersalt.oceansync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainrompompomsigma.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainth6969.top	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainbinance.comtr-katilim.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainbchat.cc	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainbeetongame.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domaintribusadao.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainsiriustimes.rocks	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainsiriustimes.info	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainchiebi.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainred-letter.org	Unknown Stealer botnet C2 domain (confidence level: 50%)
domaincekrovnyshim.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainironswordzombiekiller.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainyourwrongwayz.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domaintheinvestcofund.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainnetworkservice.cyou	Unknown RAT botnet C2 domain (confidence level: 50%)
domainwww.ndibstersoft.com	Unknown RAT botnet C2 domain (confidence level: 50%)
domainmarle.io	Matanbuchus botnet C2 domain (confidence level: 50%)
domainactivitydmy.icu	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmnvgp.click	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbinclloudapp.com	Unknown malware payload delivery domain (confidence level: 50%)
domainsaltcalc.oceansync.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincitypulse.urbanpulse.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainfreumon.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domaintruckpig.cfd	Unknown Loader botnet C2 domain (confidence level: 100%)
domainhealthiron.space	Unknown Loader botnet C2 domain (confidence level: 100%)
domaincontrolprice.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainkitsoinsbebeclique.shop	Socks5 Systemz botnet C2 domain (confidence level: 100%)
domaintue.gadgetwalabd.com	Vidar botnet C2 domain (confidence level: 100%)
domaintue.alpinematters.com	Vidar botnet C2 domain (confidence level: 100%)
domainliveroad.urbanpulse.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaintraffichub.urbanpulse.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainpdxevwsx.lament42leave.digital	ClearFake payload delivery domain (confidence level: 100%)
domainse9bavje.lament42leave.digital	ClearFake payload delivery domain (confidence level: 100%)
domainmainstreet.urbanpulse.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoffice001.duckdns.org	XWorm botnet C2 domain (confidence level: 75%)
domain11pink.ydns.eu	Remcos botnet C2 domain (confidence level: 75%)
domain11pinkbk.ydns.eu	Remcos botnet C2 domain (confidence level: 75%)
domainbeamglow.lightstream.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainx7p9a.plum7ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainharbor.plum7ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsakurazuma.com	Unknown malware payload delivery domain (confidence level: 100%)
domainp1urn-vvake.plum7ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainq4m8v.ship5plum.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmanifest.ship5plum.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsh1p-rnix.ship5plum.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainfenix35630.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainssutdf767dglmxf.dexlopenhouse.shop	Remcos botnet C2 domain (confidence level: 100%)
domainangelcameintheearthwithbestwishesforpers.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domaint6k2n.disapp43squithes.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainarchive.disapp43squithes.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaind1sapp-vvire.disapp43squithes.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmflk332-50294.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainlqpoartdg.localto.net	XWorm botnet C2 domain (confidence level: 100%)
domainm9r3p.mint4pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincrate.mint4pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainrn1nt-llow.mint4pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainz3n7a.blueg78rework.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainatelier.blueg78rework.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainb1ueg-vveld.blueg78rework.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainc9t5q.pack8mint.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlvhthej9.dictationlow.digital	ClearFake payload delivery domain (confidence level: 100%)
domainen2k1164.dictationlow.digital	ClearFake payload delivery domain (confidence level: 100%)
domainstill-sound-5eea.utkulukkar1982.workers.dev	Unknown malware botnet C2 domain (confidence level: 100%)
domainwarehouse.pack8mint.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp4ck-rnate.pack8mint.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp8x1m.pear6box.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincontainer.pear6box.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainp3ar-llnk.pear6box.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainr2k6d.military423pudd.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoutpost.military423pudd.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainrn1l1t-vvex.military423pudd.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaina5v9n.box3pear.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainconsign.box3pear.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainluawhjkuk.localto.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.gorscts.shop	Unknown malware payload delivery domain (confidence level: 100%)
domainlondonkc.zapto.org	Ghost RAT botnet C2 domain (confidence level: 100%)
domainb0x-rnark.box3pear.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincargoflow.fig2ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoceanroute.fig2ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainportentry.fig2ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmarinenode.fig2ship.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsparkchickgame.com	Unknown malware payload delivery domain (confidence level: 100%)
domaindlderi.com	Unknown malware payload delivery domain (confidence level: 100%)
domainspeedtrack.ship9fig.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainglobalpath.ship9fig.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsendpoint.ship9fig.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsysmaintenancerequest.onrender.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainhubtransit.ship9fig.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingreenstore.kiwi5pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainfreshpack.kiwi5pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainkiwinode.kiwi5pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainusd56789.com	ValleyRAT botnet C2 domain (confidence level: 75%)
domainfruitline.kiwi5pack.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsupplyline.pack1kiwi.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainboxstream.pack1kiwi.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainr3d.gadgetwalabd.com	Vidar botnet C2 domain (confidence level: 100%)
domainr3d.alpinematters.com	Vidar botnet C2 domain (confidence level: 100%)
domainlocalhub.pack1kiwi.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainpackpoint.pack1kiwi.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaingrowthstep.probos7raise.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsmartraise.probos7raise.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainworkdeck.murta46unprin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainprintflow.murta46unprin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoutputsync.murta46unprin.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainh1utmdojg.localto.net	XWorm botnet C2 domain (confidence level: 100%)
domainshadowpath.elusive16soot.coupons	ClearFake payload delivery domain (confidence level: 100%)
domain8h6w2a84.matrimon63shadowy.digital	ClearFake payload delivery domain (confidence level: 100%)
domain19z4t19x.matrimon63shadowy.digital	ClearFake payload delivery domain (confidence level: 100%)
domainisof63umlw.loclx.io	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainhiddenscan.elusive16soot.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsecretlink.elusive16soot.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindarkhost.elusive16soot.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindataledger.comparis4sosun.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmatchview.comparis4sosun.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainlinkcheck.comparis4sosun.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincomparepoint.comparis4sosun.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainsafeguard.censure47contr.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainrulebase.censure47contr.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainchecknode.censure47contr.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainshieldpath.censure47contr.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmindwave.conscious86jag.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainactivebrain.conscious86jag.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainthoughtsync.conscious86jag.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmentalpulse.conscious86jag.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmagicbook.overdue13wizard.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainoldscroll.overdue13wizard.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainnhceoeow.cropin456spire.digital	ClearFake payload delivery domain (confidence level: 100%)
domainjxjfs70p.cropin456spire.digital	ClearFake payload delivery domain (confidence level: 100%)
domainwisepath.overdue13wizard.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainmysticpoint.overdue13wizard.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainbatchgit.cc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainscanersfiles.dynuddns.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainscannerafiles.dynuddns.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainoften-richmond.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainnightwave.bluewave.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaindeepcoast.bluewave.coupons	ClearFake payload delivery domain (confidence level: 100%)
domaincoolsurf.bluewave.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainblueshell.bluewave.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainforestroot.rockwood.coupons	ClearFake payload delivery domain (confidence level: 100%)
domainhardbranch.rockwood.coupons	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 699654eb6aea4a407af39030

Added to database: 2/19/2026, 12:10:19 AM

Last enriched: 2/19/2026, 12:10:47 AM

Last updated: 2/20/2026, 11:44:01 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-02-18

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-02-18

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Community Reviews

Related Threats

Android threats using GenAI usher in a new era

Maltrail IOC for 2026-02-20

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

ThreatFox IOCs for 2026-02-19

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility