DomainMediumSignal 100/100
ms-nipre.com
Location
CanadaFirst Seen
Jul 5, 2025
Last Seen
Jun 13, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
active scanningaisocaisoc dnsakamaiaptaptq95asp.net backdoorassessment blogattack targetsbackdoorblogbotnetbuilding constructioncanadacanada daychamd5 blogchiselchisel malwarecommand and controlcommunications networksconstruction materialsconstruction safetyconstruction technologycontactcredential accesscredential harvestingcritical infrastructurecustom malwaredata exfiltrationdefense systemsdetection tooldgadistributed attacksdll injectionemergency servicesenergyenergy distributionenergy systemseuropeexchange serverexploitationfileless malwarefilesfinancial systemsfraud riskgogovernment facilitiesgrouphigh-tech sectorindicatoriot icslateral movementmalicious dllmalicious softwaremalwarememory injectionmicrosoft exchangenetherlandsnetworknetwork probingnighteaglenighteagle aptnorth americaoil & gasowa/authpathsphishingphishing attackpost-exploitationpower generationpower systemsprocess injectionr1090reconnaissanceremote accessrenewable energyresearchedsoarsocial engineeringstringssupply chain attackt1003t1003.003t1005t1008t1027t1027.002t1041t1053.005t1055t1059t1059.001t1059.003t1059.004t1068t1070t1071t1071.001t1071.004t1078t1083t1090t1090.001t1090.003t1105t1114.002t1133t1189t1190t1204.002t1205.001t1486t1496t1499.002t1499.003t1505.003t1518.001t1552.001t1555t1565t1565.001t1566t1566.001t1566.002t1566.003t1566.004t1567.002t1568.002t1573.001t1583.001t1584.004t1595.001t1595.002t1595.003the constant companytransportation networkstucowsus-based c2water systemsweb shellzero-day exploit
Activity Timeline
Jun 13Jun 13
Threat Activity Heatmap
· Peak: 2026-06-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain ms-nipre.com has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, malware distribution, and phishing campaigns. First observed on July
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenJul 5, 2025
Last seenJun 13, 2026
VirusTotal
Not checked
WHOIS
- registrar
- Dynadot Inc
- domain rank
- -1
- raw
- Creation Date: 2025-07-04T09:47:44Z DNSSEC: unsigned Domain Name: MS-NIPRE.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: CHIP.NS.CLOUDFLARE.COM Name Server: SANDY.NS.CLOUDFLARE.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +16502620100 Registrar IANA ID: 472 Registrar URL: http://www.dynadot.com Registrar WHOIS Server: whois.dynadot.com Registrar: Dynadot Inc Registry Domain ID: 2997371444_DOMAIN_COM-VRSN Registry Expiry Date: 2026-07-04T09:47:44Z Updated Date: 2025-07-04T09:52:51Z
- references
- https://github.com/RedDrip7/NightEagle_Disclose/blob/main/Exclusive%20disclosure%20of%20the%20attack%20activities%20of%20the%20APT%20group%20NightEagle.pdf, https://github.com/RedDrip7/NightEagle_Disclose/blob/main/checksum.txt, https://cyberarmor.tech/phishing-attack-targets-canadian-infrastructure-on-canada-day/, https://www.ctfiot.com/259781.html
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 11 months ago · Last seen 13 days ago
Appeared in 11 threat reports