DomainHighVerifiedSignal 36/100

`sm1.adm.chistes.com`

Location

China

First Seen

Jun 8, 2025

Last Seen

Feb 21, 2026

Jun 8

First Seen

377d ago

Feb 21

Last Seen

118d ago

Reports

source reports

36%

Confidence

high

Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

36%

Signal Score

36 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

36 techniques

Feed Intelligence Summary

4 reports36% confidence

Source reports

36%

Confidence score

Category tags

aaaaacceptaccount discoveryaccount hijackingaccount manipulationaccount profilingaccount takeoveractive relatedadded activealertsameranalysis dateascii textasiaav detectionsbackdoorbad actorbinary filebodybotnetbusiness impersonationchinack idck idsck techniquesclick-based attackcnamecommandcommand and controlcommunication protocolcontent lengthcontrol ta0011copy md5copy sha1copy sha256country namecreation datecredential accesscredential theftdatadata accessdata copyingdata deletiondata exfiltrationdata transferdefense evasiondelphidistributed attacksedgeencryptenigmaentriesentries peeurope/asiaevasion ta0005files locationfinanceflag unitedfraudgeckoget httpgtmkvjvztk dlhighhong konghostname enumerationhours agohtml documenthtml internethttp attackhttp scannerhybridicmpids detectionsindicatorinformation gatheringinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassipv4khtmllearnlocalmalicious linksmalicious softwaremalwaremalware distributionmalware droppermarkusmediummitre attmovedmutexes nothingname tacticsnetworknetwork scanningnextnext associatednone filenothingpacked executablepassive dnspath traversalpattern matchphishingportpresent marpresent novprocess injectionpulse pulsespulsespulses nonepulses urlreconnaissancerelated nidsrelated pulsesrelated tagsremote accessremote servicesreport spamrequestresearchedresolved ipsrole titlerussiasearchshowshowingsizesnisocial engineeringspawnsstringssuspt1005t1021t1027t1030t1055t1057t1060t1071t1071.001t1078t1105t1113t1133t1190t1192t1204.001t1204.002t1480t1485t1486t1496t1499.002t1499.003t1553t1564t1565t1566t1566.003t1567t1567.001t1573t1583t1587.001t1589t1589.001t1590.001ta0004 defensetitle addedtlstrojan malwaretrojandroppertwittertype indicatorunitedurlsuser executionuss cusvwusvwuweb application exploitationweb securityweb trafficwin32 malwarewindows malwarewindows ntwriteyarayara detections

Activity Timeline

1 total obs

Feb 21Feb 21

Threat Activity Heatmap

· Peak: 2026-02-21

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The Indicator of Compromise (IOC) `sm1.adm.chistes.com` is a critical concern, flagged by multiple reputable threat intelligence feeds, carrying a score of 35.62, and is not whitelisted, indicating a potential medium-to-high risk to organizational assets. This domain is likely part of an adversary's command and control infrastructure or serves as a distribution point for malicious content, representing a significant vector for initial access or ongoing malicious operations. Its presence within a…

Threat ScoreLow Risk

SIGNAL

Signal Score

36%

Confidence

Reports

First seenJun 8, 2025

Last seenFeb 21, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: TUCOWS, INC.
description: Victims business social media accounts deleted. Used to commit malicious activity against businesses, espionage , financial abuse.
raw: Creation Date: 1998-05-27T04:00:00 Creation Date: 1998-05-27T04:00:00Z DNSSEC: unsigned Domain Name: CHISTES.COM Domain Status: ok https://icann.org/epp#ok Name Server: JULISSA.NS.CLOUDFLARE.COM Name Server: WILL.NS.CLOUDFLARE.COM Name Server: julissa.ns.cloudflare.com Name Server: will.ns.cloudflare.com Registrant City: 1f8f4166599d23ee Registrant Country: US Registrant Email: f6e7e63f4f6a5b9fs@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 1f8f4166599d23ee Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 9ec338f97a19bef0 Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4165350123 Registrar IANA ID: 69 Registrar Registration Expiration Date: 2026-05-26T04:00:00 Registrar URL: http://tucowsdomains.com Registrar URL: http://www.tucows.com Registrar WHOIS Server: whois.tucows.com Registrar: TUCOWS, INC. Registrar: Tucows Domains Inc. Registry Domain ID: 2239002_DOMAIN_COM-VRSN Registry Expiry Date: 2026-05-26T04:00:00Z Updated Date: 2025-06-27T19:57:03 Updated Date: 2025-06-27T19:57:03Z

`sm1.adm.chistes.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey