IOC Radar
DomainMediumSignal 31/100

chekoodver.com

Location
ChinaChina
First Seen
Sep 9, 2025
Last Seen
Jun 6, 2026
Sep 9
First Seen
278d ago
Jun 6
Last Seen
8d ago
9
Reports
source reports
31%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Feed Intelligence Summary

9 reports31% confidence
9
Source reports
31%
Confidence score
Category tags
active scanningadvanced persistent threataerospace & defenseapt groupasiabrute forcechinachina choppercivil servicescode executioncommand and controlcommand executioncommunication technologiescommunications networkscontractor ecosystemcredential accesscredential stuffingcritical infrastructurecyber espionagecyber threat intelligencedata breachdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydemodexdepartmentdnsemergency servicesenergyenergy distributionenergy systemsexfiltrationfinancial systemsforeignftp brute forcegovernment facilitiesgovernment technologygunra ransomwarehttp brute forceindicatorinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessjusticeknownlateral movementlockbitlog analysislong-term accesslong-term persistencelumma staelermalware: china choppermalware: demodexmalware: sigroutermiamimilitary operationsmobile carriersmobile networksnation-state actornational securitynetworknetwork intrusionnetwork probingnetwork scanningnorth americaoil & gaspassword attackpersistence: long-termpersistent threatphishingpotential intrusionpower generationpower systemspublic administrationpublic infrastructurepublic policyreconnaissancerednovemberregulatory agenciesremote accessremote servicesrenewable energyresearchedsalt typhoonscanning activityservice enumerationsigintsoftware exploitationssh attackstate securityt1003t1014t1021t1021.001t1027t1036t1041t1046t1053t1056t1059t1059.001t1068t1071t1071.001t1071.004t1076t1078t1082t1083t1105t1110t1110.002t1190t1195t1203t1210t1547t1555t1563t1566t1567.002t1568t1571t1573t1583t1583.001t1586t1587.001t1589.002t1590.001t1595t1595.001t1595.002t1595.003t1601.002t1602tcp scantelecom servicestelecommunicationsthreat actor: chinatransportation networkstyphoonudp scanunauthorized access attemptunc4841united statesvoipwater systemsxworm campaign

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **chekoodver.com** has emerged as a significant indicator of compromise (IOC) linked to advanced persistent threat (APT) activities originating from China. First observed on September

Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
9
Reports
First seenSep 9, 2025
Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

registrar
GMO Internet, Inc.
creation date
2025-04-30T09:31:29
expiration date
2026-04-30T09:31:29
updated date
2026-06-06T00:39:32
name servers
DNS1.ONAMAE-EXPIRED.COM, DNS2.ONAMAE-EXPIRED.COM
country
US
emails
[email protected], [email protected]
org
N A
status
clientTransferProhibited https://icann.org/epp#clientTransferProhibited, redemptionPeriod https://icann.org/epp#redemptionPeriod

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 9 threat reports