IOC Radar
DomainMediumSignal 100/100

nexsnield.com

Location
United StatesUnited States
First Seen
Jan 19, 2026
Last Seen
Jun 18, 2026
Jan 19
First Seen
153d ago
Jun 18
Last Seen
3d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseactive scanactive scanningahost.exe abusealienvault_ransomwareanti-analysisapi abuseaptapt41bad reputationbrowser disruptionbrowser extensionbrute forcechrome extension attackclickfix campaigncode executioncommand & controlcommand and controlcommand executioncommunication protocolcrashfix variantcredential accesscredential brute-forcingcredential stuffingcredential theftdata encryptiondeadlock ransomwaredgaencryptionenterprise targetingexploitation activityextortionf httpsfingerprintingftp brute forcehttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceipv6ipv6 addressit infrastructurekimwolflolbinsmalicious powershell activitymalwaremalware installationmicrosoft defender expertsmodeloratmodelorat c2networknetwork reconnaissancenetwork scanningnorth americaphishingpossible reconnaissancepotential exploit attemptpython payloadpython ratralordransomwareratreconnaissanceregularremote accessremote access trojanresearchedscripting attacksservice scansicarii ransomwaresocial engineeringsoftware developmentsoftware exploitationssh attacksystem disruptiont1003t1021t1027t1046t1059t1059.001t1059.005t1071t1071.001t1078t1086t1087t1105t1110t1110.002t1120t1140t1189t1190t1199t1203t1204t1204.002t1486t1490t1499.002t1566t1566.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003threat actortmobiletooltor nodeunited statesuser deceptionvoidlinweb application attackweb trafficyarayara rule match

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **nexsnield.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including malware, phishing, and ransomware activities. Originating from the United States, this malicious domain has been actively involved in abuse and active scanning operations, with notable instances of **ahost.exe abuse** and connections to **alienvault_ransomware**. First observed on January

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenJan 19, 2026
Last seenJun 18, 2026

VirusTotal

Not checked

WHOIS

registrar
MAT BAO CORPORATION
creation date
2025-11-24T09:34:56
expiration date
2026-11-24T09:34:56
updated date
2025-11-24T09:34:56
name servers
OTTO.NS.CLOUDFLARE.COM, URSULA.NS.CLOUDFLARE.COM
emails
[email protected]
status
clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 3 days ago
Appeared in 11 threat reports