DomainMediumSignal 27/100

`sentinelones.com`

Location

Hong Kong

First Seen

Feb 1, 2025

Last Seen

Jun 6, 2026

Feb 1

First Seen

494d ago

Jun 6

Last Seen

3d ago

Reports

source reports

27%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

27%

Signal Score

27 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

92 techniques

Feed Intelligence Summary

7 reports27% confidence

Source reports

27%

Confidence score

Category tags

academic institutionsaddressaitm serveramos steakeramos stealeranydesk moduleapache tomcat exploitationaptapt groupaptsarchive filearsenalasiaatomic httpsatomic stealerazure adbackdoorbankingbcttbha006blockboinc c2bootkitty iocsbotnetbrazanbamboo c2brute forcebrute ratelburnsrat cc domainsc serversc2 addressc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscec junipercheat enginechinachina-nexus aptcivil servicescl-sta-0048cloud computingcloud migrationcloud securitycloud servicescloud storagecobaltcobalt strikecobalt strike frameworkcobaltstrikecode executioncode injectioncode issuescode snippetscommand and controlcommand executioncommunication protocolcommunication technologiescommunications networkscompromise noteconsumer goodscortex xdrcredential accesscredential harvestingcredential stuffingcredit card servicescritical infrastructurecss errorcthulhu stealercustom malwarecustom toolscyber threatsdamndarkracedatadata exfiltrationdata theftdatabase securitydefanged filedefense systemsdetailsdevelops customdigital signaturedistributed attacksdll sideloadingdonexdownload urldownloaderdragonrankdropperduoyiearth lamiaeducational resourceseducational serviceseducational technologyeldoradoemergency servicesenergy systemsfake captchafake chromefigurefilefilesfinaldraft elffinancefinancial servicesfinancial systemsfinancial technologyfindfingerprintfirstfirst seenfirst stagefleet managementfooterformatfreight servicesftp brute forcegh0stratghostgambitghostsocksgithubgithub usersgmergoogle meetgovernment facilitiesgovernment technologyguidloaderhasheshashes payloadhelldown linuxhex staginghex staging deliveryhidden rootkithigher educationhkhong konghornshta filehta md5hta scripthtmlhtml payloadhttp attackhttp scannericoniis exploitationiis vulnerability exploitationindicatorindicatortypeinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection attacksinput validation bypassiocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejs downloadk-12 educationkrustyloaderl fileslandinglateral movementlatin americalinkslinuxlnk fileloaderlockbitlumma payloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware c2malware hashmalware signingmaritime transportmekotio bankingmintsloader c2mlpeamobile carriersmobile networksmoneromonitormsimsi filemssql exploitationmssql vulnerability exploitationmulti-cloud managementmulti-industry targetingmultiple protocolsna majesticna starknation-state actorneshtanetworknetwork ipnoopldr type1noopldr type2north americaopswat oesispalo altopalo alto networkspanelpassenger transportationpath traversalpathloaderpayloadpayload hostpayload urlpayment processingpersistence mechanismphishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx backdoorplugx c2plugx loaderportspowershell executionpowershower c2privilege escalationprocess injectionprotectpscppsexecpublicpublic administrationpublic facing applicationpublic infrastructurepublic policypublic-facing systems exploitpullquite solsjoasquocrail transportransomreddelta c2redditrefreshregistry keysregulatory agenciesremcos trojanremote accessremote access trojanremote servicesresearchedretail traderhadamanthys c2sample sha256samplessapsap netweaverscripting attackssearchseenserver httpserversserviceservice dllsftp attackshell commandsshiftsimilar sha256sitesitessliversliver frameworksocial engineeringsoftware developmentsoftware exploitationsoftware integritysolo airfieldsorrysouth asiasql scriptsqlcmd abusessh accessssh attacksta-0048starstealc c2stealc payloadstrike loadersstrongstudio codesupply chain attacksystembct1003t1005t1016t1018t1021t1021.001t1021.002t1027t1033t1036t1041t1046t1047t1053t1053.005t1055t1055.001t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1070t1071t1071.001t1071.004t1076t1078t1078.002t1078.003t1083t1086t1087t1090t1105t1110t1110.002t1133t1136.001t1140t1189t1190t1199t1203t1204t1204.001t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1547t1547.001t1553.002t1554.001t1554.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1572t1573t1574t1583.001t1583.003t1587.001t1589t1590t1590.001t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1608.001t1608.002telecom servicestelecommunicationsthreattls certificatetokentransportation and warehousingtransportation infrastructuretransportation networkstransportation technologytrojan malwaretrojanizedtrojanspytype nameunc5174united statesurlsurls httpurls httpsv4 removalvalleyratvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovshellvssadmin deletewater systemswealth managementweb application exploitationweb attackweb exploitationweb securityweb trafficwebshellwindows payloadzipmsi

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **sentinelones.com**, originating from Hong Kong, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on February

Threat ScoreLow Risk

SIGNAL

Signal Score

27%

Confidence

Reports

First seenFeb 1, 2025

Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

description: Earth Lamia, a China-linked APT group, is actively targeting organizations in Brazil, India, and Southeast Asia by exploiting SQL injection vulnerabilities and critical flaws in public-facing systems.
domain rank: -1
raw: Administrative city: Tempe Administrative country: United States Administrative state: Arizona Create date: 2024-03-25 00:00:00 Domain name: sentinelones.com Domain registrar id: 146 Domain registrar url: https://www.godaddy.com Expiry date: 2025-03-25 00:00:00 Name server 1: dawn.ns.cloudflare.com Name server 2: mike.ns.cloudflare.com Query time: 2024-03-26 10:12:22 Registrant city: a7319ae5e6c95df5 Registrant company: b46a98a26fe2fd9f Registrant country: United States Registrant email: 2d404a47ac40094es@ Registrant name: 80315b2e6ac1a801 Registrant phone: b03d5abc696b79f6 Registrant state: 30bdd2917a604c83 Registrant zip: 052e5bd148f904f9 Technical city: Tempe Technical country: United States Technical state: Arizona Update date: 2024-03-25 00:00:00
subdomains count: 0

`sentinelones.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy