DomainHighVerifiedSignal 64/100
join.thed1collective.com
Location
United StatesFirst Seen
Jul 8, 2025
Last Seen
Feb 16, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatamazonappleaptapt groupberbewbingbotnetcaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcrimedata exfiltrationdata theftddos attacksdefense evasiondefense-evasiondgadistributed attacksdnselectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexploitfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingindicatorinformation technologyingress tool transferintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywarenetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonystatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat intelligencetraffic maskingtrojan downloadertrojan malwareunited statesweb exploitationwindows malwarewixzero click exploitzero-day exploit
Activity Timeline
Feb 16Feb 16
Threat Activity Heatmap
· Peak: 2026-02-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 8, 2025
Last seenFeb 16, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- Register.com - Network Solutions, LLC
- description
- Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Admin City: Jacksonville Admin Country: US Admin Email: [email protected] Admin Postal Code: 32256 Admin State/Province: FL Creation Date: 2022-07-09T00:41:33Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: THED1COLLECTIVE.COM Domain Name: thed1collective.com Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTER.COM Name Server: DNS2.REGISTER.COM Name Server: dns1.register.com Name Server: dns2.register.com Registrant City: 55985aaef9d91102 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext.: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 8792ba892fc41135 Registrant Organization: 3432650ec337c945 Registrant Phone Ext.: 3432650ec337c945 Registrant Phone: e1f576f0a12f2694 Registrant Postal Code: ecc83fcbe503dd84 Registrant State/Province: 6eb233f5a5adbed8 Registrant Street: 6f2df7b636524cf3 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.8773812449 Registrar Abuse Contact Phone: +1.8777228662 Registrar IANA ID: 9 Registrar Registration Expiration Date: 2026-07-09T00:41:33Z Registrar URL: http://www.register.com Registrar WHOIS Server: whois.register.com Registrar: Register.com - Network Solutions, LLC Registrar: Register.com, Inc. Registry Domain ID: 2709746510_DOMAIN_COM-VRSN Registry Expiry Date: 2026-07-09T00:41:33Z Tech City: Jacksonville Tech Country: US Tech Email: [email protected] Tech Postal Code: 32256 Tech State/Province: FL Updated Date: 2024-07-21T03:40:11Z Updated Date: 2024-07-21T03:40:13Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 4 months ago
Appeared in 4 threat reports