DomainMediumSignal 90/100

`client.wns.windowswns.com`

Location

Korea, Republic of

First Seen

Nov 28, 2024

Last Seen

Feb 19, 2026

Nov 28

First Seen

569d ago

Feb 19

Last Seen

121d ago

Reports

source reports

90%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

90%

Signal Score

90 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

108 techniques

Feed Intelligence Summary

7 reports90% confidence

Source reports

90%

Confidence score

Category tags

abuseaccount brute forceaccount enumerationack scanactive scanningaerospace & defenseanti-analysis techniquesapplication layer protocolasiaattackauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication bypassautomotive manufacturingaws identitybackdoorbotnetbrute forcebrute force attackbrute force attacksbrute force attemptscentercivil servicesclntendclntend backdoorcommand and controlcommand executioncommunication protocolcompromised credentialscredential accesscredential attackcredential brute forcecredential brute forcingcredential dumpingcredential harvestingcredential stuffingcredential theftcustom backdoorcustom malwarecxclntcxclnt backdoordata encryptiondata enumerationdata exfiltrationdata theftdatabase securitydefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdnsdownstream attacksdrone industryearth ammitelectronic health recordselectronics manufacturingenumerationenumeration activityexception handlingexploitationexploitation attemptexploitation attemptsextortionfailed login attemptsfalsefiber technologyfiber-basedfiber-based evasionfiber-based network intrusionfinfin scanftpftp brute forcegovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemsheavy industryhospital managementhttp brute forcehttp scannerhttpsimapimap brute forceindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection attacksintrusion detectioninvalid login attemptsiocit infrastructurekimsukylambdalateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalicious activitymalicious loadersmalicious powershell activitymalicious softwaremalwaremalware implantmanualmanufacturing technologymasscanmediamedical servicesmilitary industrymilitary operationsmilitary sectornational securitynetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmap scanntds credentialsnull scanopen-source toolsparagonpassword attackpassword attackspassword sprayingpatient carephishing attackpop3 brute forcepossible credential stuffingpossible malicious activitypossible reconnaissancepotential botnet activitypotential compromisepotential intrusionprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policypythonqilinqilin ransomwarequality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessremote access attemptsremote servicesresearchedscannerscanning activityscreencap malwarescripting attackssecurity operationsservice discoveryservice enumerationservice exploitation attemptshellsmb brute forcesmb scanningsmtpsmtp brute forcesmtp enumerationsocial engineeringsoftware developmentsoftware service providerssouth koreassh attacksupply chain attacksupply chain injectionsupply chain managementsuspected compromisesuspected intrusion attemptsynsyn scansyn scanningsystem accesssystem disruptiont1003t1005t1012t1016t1018t1021t1021.001t1021.002t1021.003t1021.006t1027t1036t1040t1041t1046t1047t1049t1053t1055t1057t1059t1059.001t1059.003t1059.004t1065t1068t1070t1071t1071.001t1076t1077t1078t1082t1083t1086t1087t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1114t1115t1129t1132t1133t1136t1140t1189t1190t1195t1195.002t1199t1204t1204.002t1213t1218t1486t1489t1490t1496t1497t1499.001t1499.002t1499.003t1503t1539t1543t1547t1555t1560t1562t1563t1565t1566t1566.001t1566.002t1566.003t1569t1570t1571t1573t1583t1584t1585t1586t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003t1598t1606t1608tagstaiwantcp protocoltcp scantcp scanningtcp syn scantelnet threatthreat actorthreat intelligencetidrone campagintidrone campaigntrojan malwareudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginvalid accountsvenfrpcvenom campaignvenomfrpcvenomrdivextriovnc protocolweb application scanningweb shellweb trafficxmasxmas scan

Activity Timeline

1 total obs

Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The domain **client.wns.windowswns.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, malware, ransomware, and active scanning activities. First observed on November

Threat ScoreHigh Risk

SIGNAL

Signal Score

90%

Confidence

Reports

First seenNov 28, 2024

Last seenFeb 19, 2026

VirusTotal

Not checked

WHOIS

registrar: NameCheap, Inc.
creation date: 2019-06-24T20:23:54
expiration date: 2026-06-24T20:23:54
updated date: 2025-05-25T09:41:29
name servers: DNS1.REGISTRAR-SERVERS.COM, DNS2.REGISTRAR-SERVERS.COM
emails: [email protected]
status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

`client.wns.windowswns.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey