DomainMediumSignal 0/100
en.mcafee-service.us.com
Location
ChinaFirst Seen
Feb 14, 2026
Last Seen
Feb 19, 2026
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
Feb 19Feb 19
Threat Activity Heatmap
· Peak: 2026-02-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
This indicator of compromise (IOC), en.mcafee-service.us.com, has been identified as a benign entity within threat intelligence feeds. With a score of 0.0 and explicitly marked as whitelisted, it presents a negligible risk to organizational security. Its inclusion in threat intelligence should not be misinterpreted as an indication of malicious activity or an imminent threat. Instead, its whitelisted status confirms that this domain is considered safe and has been proactively excluded from vario…
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenFeb 14, 2026
Last seenFeb 19, 2026
VirusTotal
Not checked
WHOIS
- description
- Forensic analysis indicates a DocuSign-themed phishing campaign using a deliberately invalid X.509 PKI seal (“Broken Seal”) to trigger fail-open verification logic in automated handlers. The delivery mechanism bypasses Secure Email Gateway (SEG) reputation checks by using encrypted channels and human-gated infrastructure. The payload is a fileless Process Hollowing (RunPE) malware that injects into RWX memory of legitimate processes to evade disk-based EDR.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 4 months ago
Appeared in 2 threat reports