IOC Radar
DomainHighVerifiedSignal 100/100

sensino.se

Location
IrelandIreland
First Seen
May 15, 2022
Last Seen
Nov 4, 2025
May 15
First Seen
1505d ago
Nov 4
Last Seen
236d ago
6
Reports
source reports
99%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

124 techniques

Feed Intelligence Summary

6 reports99% confidence
6
Source reports
99%
Confidence score
Category tags
aaaaabuseacademic institutionsacceptaccess controlaccess ta0006account compromiseaccount securityaclsactive scanningadded activeaddressaddress rangeadministrative accessaerospace & defenseafricaafrica flagagentai generatedakamaialertsalienvault_ransomwareall ipv4all scoreblueallocation typeam sizeamazonamericaanalysis dateanchor hrefsandarielandariel highanomalyanti-sandboxanti-vmapache licenseappleapplesarc filearkeistealerarrayascii textasiaasyncfunctionattackaustraliaautorunauurtonany dataav detectionsawsaccesskeyidb0047 modifybabylonbackdoorbad trafficberbewbindbitcoinbitdefender imblobblockchainbodybody htmlbooleanbotnetbrowserc2c2 communicationca creationcabinet archivecanada flagcanada hostnamecanada unknowncapturecaribecat ozerosslchaptercheckincheckschromecidrcisco umbrellacitycity sancivilcivil servicesck idck matrixck techniqueck techniquesclassclick-based attackclockcloseclosure librarycloudfront xcnamazon rsacnamecni safecnzerossl ecccode executioncode injectioncode overlapcoinbasecartelcolognecolorscom laudecommandcommand and controlcommand executioncommodity contracts intermediationcommunication protocolcommunication technologiescomodo valkyrieconancontactcontent typecontributorscontrol ta0011cookiecopy md5copy sha1copy sha256corecorporationcouncilcountrycovid19cph50 c2creation datecredential accesscredential harvestingcredential theftcrimecriosicrlf linecrypcrypto exchangecrypto miningcrypto walletcryptocurrencycti98cus cndigicertcvecyber crime alinacyber threatcyberstalking techniquesczechia unknownd-link exploitdark webdatadata accessdata aggregationdata breachdata copyingdata encryptiondata exfiltrationdata exfiltration indicatorsdata servicedata transferdata uploadddosddos attacksdeaddecentralized financedefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydeletedelete cdelphidemodetailsdevices homedfunctiondga domainsdigicert globaldigital currencydigital signaturedisk wipingdistributed attacksdiv divdllsdnsdockdomains topdomdatadoubledownload studiodynamicdynamicloaderebeeeedgeeducational resourceseducational serviceseducational technologyee emeeeeeeeeee eeeeeeeeeeeeeeeeefee eeefeeeheeeelectronic health recordselementelevated exposureemailsemotetencryptencrypted connectionsencryptionendgameenemybotengineeringenter scenterprise securityentity amazon4entriesentries tlserroret infoet toretag weu cyber policieseuropeevasioneventsexcludeexclude suggesexecution flowexitexpiration dateexpiresexploitextensionsextortionextr includeextra dataextri dataf0012 filefacebook pixelfailfailedfailurefalcon sandboxfalsefilesfiles cfiles domainfiles ipfiles locationfiles relatedfilesgoogle cfinal urlfinancefindfind sfind suggestedfirstflag unitedflash shockwaveflexfooterfor privacyformbook stealerfoundfoundryfraudfrom win32biosfrozenfullfull namefunctiong2 tlsgermanygithubgmtngomagooglegoogle safegovernment technologygraph summarygse compromisedh1 centerhackershackinghandlehashhealth care and social assistancehealth information technologyhealthcare information systemshero stripehidden fileshighhigh defensehigher educationhistorical sslhistoryhome networkshong konghospital managementhostidhostinghostmaster namehostname addhostname enumerationhtmlhtml documenthtml infohtml smugglinghtml_smugglinghttp attackhttp headershttp responsehttp scannerhybridicmp trafficid deadhostids detectionsimpact ob0008impact ta0040include reviewincludes codeindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingestion timeingress tool transferinitial accessinnosetupinstallerinput validation bypassintelintelligence agency surveillanceinternet of thingsintlinvalid pointerinvalid urlinvestigacin yiosios data collectionios unlockeriot botnetiot malwareiot/ics attackiphoneipv4ipv4 addirelandireland flagireland unknownirst seenis providedissuerit infrastructureitaly unknowniteratorjapanjapan asnjapan unknownjavascript srcjeff mottjsonjumpjupyter risingk-12 educationkelihoskey identifierkeysknown torl420launcherlaw enforcement surveillancelearnlearn xmlless whoislevellg2enlicenselinklinuxlocallockbitlog idlooklookupslow risklowfiltd dbaltda memacmalformed linksmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalvertisingmalwaremalware campaignmalware distributionmalware indicatorsmalware signingmalware trafficmap datamarkmonitormatch infomatch unknownmediamedia centermedical servicesmediummeetupmemory patternmessagemeta tagsmetadata analysismetromexicanmexicomilitary operationsminmirai botnetmirai malware hostingmisc attackmitre attmitre att&cksmobilemobile carriersmobile networksmobile securitymodify systemmodule loadmonitored targetmonitoringmore filemovedmsiemsiln bethsedanamename cloudflarename redactedname serversname tacticsnational securitynetaceanetworknetwork activitynetwork namenetwork probingnetwork relatednetwork scanningnextnext associatednhs trustsnidsnode trafficnorth americansa domainnsa domain spoofingnsisnsonso groupnumberoamazonob0009 installob0012 installobjectoceaniaodigicert incofunctionoilonlvopenoperating systemoperating system securityopinionor conditionsorg cloudflareorg dataos xosintpageparagonpassive dnspasskeypatch managementpath traversalpatient carepattern matchpattrick hperpe resourcepegasuspeopleperiodpfqlnhi4ex httpphishingphishing attackpixel codeplugxpng imagepolice agencypornportpostpostal codepotential codepraiopresent aprpresent augpresent decpresent febpresent julpresent junpresent marpresent novpresent octpresent sepprestopride chapterprinkprivacy adminprivacy cityprivacy countryprivacy techprivate dataprivilege escalationprlaprocess injectionprocess t1543promiseprotectproxyprscpublicpublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulsespushpythonqueryrampagerank valueransomransomwareransomware leakratreactreadread creconnaissancerecord valueredacted forredpacket securityredpacketsecurityrefreshregexpregional securityregistry e1112registry modificationregistry runregulatory agenciesrelated nidsrelated pulsesrelated tagsremote accessremote servicesresearchedresolver domainresolverrorrestrestartresults augresults novreverse dnsreview excludergbarobotorole titlerouterrsa sha256samsungsan franciscosandboxsaudi arabiascan endpointsscan hostsscriptscript scriptscript tagsscript urlsscripting attacksse bethsedasearchsearch enginesearchparamssecuresecurity blogsecurity operationssecurity policyseiko epsonselfsentient industriesserver nginxserver responseserversserviceserving ipsetcookie didsseverity attshiftshowshow techniqueshowingsitesite caskynetslackslcc2social engineeringsocial media securitysoftware developmentsoftware exploitationsoftware integritysoftware vulnerabilitiessonysouth africaspanspawnssphinxssidssl certificatestarstarfieldstarsstartup folderstatusstatus codestatus domainstealerstreetstringstringssu datasubject publicsubmit urlsuggessupply chain attacksuricata alertswarmsymbolsystem disruptionsystem oc0008t1001t1003.008t1005t1010t1011t1012t1018t1019t1021t1021.001t1021.006t1027t1027.002t1027.003t1027.004t1030t1036t1036.005t1040t1045t1047t1053t1053.005t1055t1055 jsevalt1055.001t1055.002t1055.003t1056t1057t1059t1059.001t1059.004t1059.007t1060t1063t1064t1068t1069.001t1070t1071t1071.001t1071.004t1074t1078t1078.004t1081t1082t1083t1086t1088t1090t1091t1094t1098t1105t1106t1110.002t1112t1113t1114t1114.002t1119t1125t1129t1133t1134t1140t1143t1147t1158t1176t1185t1190t1192t1199t1202t1203t1204t1204.001t1204.002t1210t1218.001t1480t1485t1486t1490t1496t1497t1499.002t1499.003t1539t1543t1547t1547.001t1553t1553.004t1554.001t1554.003t1561t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1573t1573.001t1574t1574 dllt1583t1587.001t1588t1589t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1596.001t1596.004tagstags nonetargetstcp includeteamtelecom servicestelecommunicationsthemidathemida andariethisthis codethreat actorthreat intelligencethreat preventionthreat rounduptitletitle assurancetitle errortls handshaketls rsatls webtlsv1toolstop destinationtop sourcetopicstortownsend sttraffic maskingtridenttriestrochilus rattrojan downloadertrojan malwaretrojandroppertthistucows domainstwittertypetype indicatortype pdftypeof etypeof ntypeof rtypeof selftypeof symboltypeof ttypeof utyposquattingucsf researchuk governmentukraineunicodeunique tldunitedunited kingdomunited statesunknown cnameunknown nsunknown soaupdaterurlsurls httpsurls showurlsearchparamsus creationuser agentuser executionutc ciscoutc namesutc statvooutf8 unicodev3 serialverdanaverdictverdict mobileverifyversionviewed todayvirtoolvirustotal apivirustotal boxvlc adobereadervmwarevoidwannacry attackweakmapweb application exploitationweb exploitationweb securityweb trafficwebkitiwget commandwheels upwhoiswhois lookupwhois recordwhois serverwidgetwifi passwordwillwin32 exewin32 malwarewindo alertswindowwindows malwarewindows modulewindows nativewindows ntwine emulatorwixwoffwormwritewrite cwritten cx cachex poweredx509v3 subjectxanthexml filexportxserveryarayara detections

Activity Timeline

1 total obs
Nov 4Nov 4

Threat Activity Heatmap

· Peak: 2025-11-04
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **sensino.se** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
6
Reports
First seenMay 15, 2022
Last seenNov 4, 2025
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
Registrar.eu
description
Here is the full text of the report from the University of California, San Francisco, which describes the findings of a group of researchers who have been working on a series of "democracies".
domain rank
-1
raw
created: 2021-09-15 dnssec: unsigned delegation domain: sensino.se expires: 2025-09-15 holder: (not shown) modified: 2024-11-12 nserver: 1-you.njalla.no nserver: 2-can.njalla.in nserver: 3-get.njalla.fo registrar: Registrar.eu state: active status: ok transferred: 2024-08-22
references
TJprojMain.exe {79c7303a1a49b85569245a8ca1c1a26be720387845af9391fa1e4677308bd6b6}, Crowdsourced Signa: Schedule system process by Joe Security, Sigma • Suspicious Process Masquerading As SvcHost.EXE by Swachchhanda Shrawan Poudel, Sigma • System File Execution Location Anomaly by Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali (Nextron Systems), Yara • NSIS from ruleset NSIS by kevoreilly, Yara • rule SUSP_Imphash_Mar23_2 from ruleset gen_imphash_detection by Arnim Rupp (https://github.com/ruppde), Yara • Windows_Generic_Threat_7526f106 from ruleset Windows_Generic_Threat by Elastic Security, Alerts: persistence_autorun • persistence_autorun_tasks stealth_hiddenreg • suspicious_command, IDS : Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI, Mirai - ]1.0.0.0 - Unix.Trojan.Mirai-6981169-0, *Themida_2xx. Oreans,Technologies, *Andariel Backdoor Activity (Checkin), Alert: dead_host nids_malware_alert network_icmp nolookup_communication, IDS: WGET Command Specifying Output in HTTP Headers, IDS: D-Link Devices Home Network Administration Protocol Command Execution, foundry2-lbl.dvr.dn2.n-helix.com • http://foundry2sdbl.dvr.dn2.n-helix.com • https://foundry2sdbl, https://xn--72c9abh1f8ad1lzc.com/video_tag/pornthai/ • https://ro.theskinnyfoodco.com/en-fr/blogs/recipes/pornstar-martini-recipe • m.pornsexer.xxx.3.1.adiosfil.roksit.net, x.com • nr-data.net • apple.k8s.joewa.com, http://apple.cc.lvlid.com/ • http://apple.cc.lvlid.com/ios/ • http://www.apple.cc.lvlid.com/ios, Devices remotely connected, tracked , monitored, Assurance, IDS Detections: Trojan Internet Connectivity Check TrojanDownloader.Win32/Karagany.H checkin 2, IDS Detections: Query for .cc TLD Suspicious User-Agent (Presto) Double User-Agent (User-Agent User-Agent), Alerts: network_icmp modifies_proxy_wpad network_http suspicious_tld allocates_rwx creates_exe antivm_network_adapters checks_debugger, Domains Contacted: simplesausages.cx.cc adobe.com, https://test2.ditproducts.com/dat/wannacry1.html, http://email.critizr.com/asm/unsubscribe/?user_id=1464008&data=anW5I3azQrbEzQ84_I2zsSfJkpp1WTl08_zW0p5h4i5oMDAwdTAwMIqknJPIfal-ld9TvXgRLVf_F, https://www.anyxxxtube.net/search-porn/tsara-brashears/, CVE-2023-22518 | CVE-2023-4966, https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy, http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv, Data Analysis, Pattern Behavior Research, 012.ts.apple.com.telechargers.txt, xfe-URL-share.vx-underground.org_Conti-stix2-2.1-export.json, https://app.uizard.io/p/c69fa2aa, https://widget.intercom.io/widget/e1nqrt2k, https://cdn.eu.pendo.io/agent/static/82b060a2-2cf8-472e-55d4-bd0833416335/pendo.js, https://connect.facebook.net/signals/plugins/identity.js?v=2.9.60, xfe-URL-vx-underground.org_Conti_-stix2-2.1-export.json, xfe-URL-uizard.io-stix2-2.1-export.json, https://public.profitwell.com/js/profitwell.js?auth=80939adc88898a29e714f6dd3d25e8ba, https://js.stripe.com/v3, https://app.uizard.io/fonts.css?cache=2022-04-29-12-55-57, xfe-URL-Js.stripe.net-stix2-2.1-export.json, xfe-URL-Meetup.com_pro_digitalocean_-stix2-2.1-export.json, https://github.com/meetup/swarm-ui, https://www.googletagmanager.com/gtag/js?id=G-NP82XMKW0P&l=dataLayer&cx=c, https://www.meetup.com/proxydirectory/tags/239562121304/tag.js, https://www.meetup.com/pro_static/en-US/0.f2cf4c3f.js, https://dna8twue3dlxq.cloudfront.net/js/profitwell.js, https://cdn.sift.com/s.js, https://googleads.g.doubleclick.net/pagead/viewthroughconversion/922061185/?random=1652546907471&cv=9&fst=1652546907471&num=1&label=BaPJCIf2_WYQgZPWtwM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5b0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.meetup.com%2FDigitalOceanMoscow%2F&ref=https%3A%2F%2Fwww.meetup.com%2Fpro%2Fdigitalocean%2F&tiba=DigitalOcean%20Moscow%20(Moscow%2C%20Russia)%20%7C%20Meetup&hn=www.googleadser, https://cdn.polyfill.io/v2/polyfill.min.js?features=default-3.6,fetch,Intl,Intl.~locale.en-US,Array.prototype.find,Array.prototype.includes,Object.values&flags=gated, https://www.meetup.com/mu_static/react.ddd38c26.js, https://www.meetup.com/mu_static/en-US/app.0ff22766.js, xfe-URL-Sift.com-stix2-2.1-export.json
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 4 years ago · Last seen 7 months ago
Appeared in 6 threat reports