IOC Radar
DomainMediumSignal 96/100

google-services.cc

Location
Saint Helena, Ascension and Tristan da CunhaSaint Helena, Ascension and Tristan da Cunha
First Seen
Mar 19, 2026
Last Seen
Jun 1, 2026
Mar 19
First Seen
87d ago
Jun 1
Last Seen
13d ago
16
Reports
source reports
96%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

22 techniques

Feed Intelligence Summary

16 reports96% confidence
16
Source reports
96%
Confidence score
Category tags
abuseaccommodation and food servicesaccommodation servicesacrstealeractive scanactive scanningadult-content-impersonationadvance-fee-scamadware-distributionai tradingai-contentalienvault_ransomwareamadeyapk-malwareapp-scamapple-icloudar24-impersonationarmautomated-scanautomated-threat-intelligencebad reputationbad-bunnybooking-com-impersonationbotnet activitybrand-impersonationbrute forcebusiness-proposal-scamcampercash-prize-scamcivil servicescloakingcollectcoordinated-spammingcredential harvestingcredential stuffingcredential-harvestingcryptocurrencycryptocurrency threatscryptocurrency-fraudcryptocurrency-scamcryptojackingcyber threatsdaily-threat-inteldanadata exfiltrationdata store exposuredata-harvestingddosddos attacksdeceptive-domaindeceptive-practicesdeceptive-redirectdeceptive-subscription-trapdeceptive-warningsdiscorddomain-classificationdropped-by-amadeydroppere-commerce-scamecco-impersonationeid-al-fitr-scamelectronic health recordselfemail-credentialsemulator-impersonationevasionevasive-tacticsexeexecutable fileexit-scamexploitation activityfake-apkfake-browser-alertfake-giveawayfake-government-impersonationfake-security-alertfake-security-checkfake-toll-chargefake-urgencyfake-verificationfinancefinancial servicesfinancial-fraudfinancial-impersonationfinancial-lossfinancial-scamfood servicesfraudfraudulent-contentfraudulent-ecommercefraudulent-platformgame designgame developmentgame publishinggame-exploitsgame-mod-scamgaminggaming industrygaming platformsgaming technologygithubgolanggooglegoogle-impersonationgoogle-sitesgoogle-sites-abusegovernment technologygovernment-impersonationguest serviceshealth care and social assistancehealth information technologyhealthcare information systemshealthcare-sectorhigh-risk-domainhigh-risk-tldhijackloaderhospital managementhospitality technologyhotelsidentity & access exploitationimpersonation-credit-unionindicatorinformation-harvestinginfostealerinitial htainjection activityinstagram-impersonationintellectual-property-abuseinternet of thingsinvestment-scamiot botnetiot securityiot/ics attacklead-generationlive-nationloader httpslocal-network-scanninglummastealermacosmagecartmalicious domain activitymalicious softwaremalicious-domainmalicious-redirectmalicious-redirectormalvertisingmalwaremalware-delivery-tacticmalware-distributionmalware-riskmalware_distributionmanual-collectionmanual-entrymedia / entertainmentmedical servicesmedium-riskmicrosoft-accountmicrosoft-sharepointmipsmirai botnetmobile gamingmobile threatmobile-data-scammoney-mule-schememozimsimsi-malwaremulti-stage-redirectnebula-xneedleneedle stealernetworknetwork probingnew-domainnewly-registered-domainngiowebnjratnon-delivery-scamnytimes-impersonationoffer-scamopendirpackagepatient carepayment-gateway-scampayment-harvestingpayment-information-theftpayment-scampersonal-information-harvestingphantomstealerphishingphishing attackphone-number-harvestingpig-butcheringpowershellprize-scamprocess injectionpublic administrationpublic infrastructurepublic policypump-fun-impersonationransomwareratreconnaissancerecruitment-fraudredirect-chainredirectorregulatory agenciesresearchedresource hijackingrestaurant operationsretail / e-commercesaint helena, ascension and tristan da cunhasalatstealerscamscam-domainscams & fraudscriptshort-lived-operationsocial engineeringsocial-media-campaignssoftware-piracyspamspooferstealersteamstegosupply chain attacksurvey-scamsuspicious-domainsuspicious-redirectiont1036t1055t1071.001t1078t1176t1189t1204t1204.002t1486t1496t1499.001t1499.002t1565t1566t1566.001t1566.002t1566.003t1583t1595t1595.001t1595.002t1595.003targeting databasetask-scamtexas-dmvtexas-roadhouse-impersonationthreat actorticket-scamtor nodetourismtradingclawtype osinttyposquattyposquattingua-ps1ua-wgetunrelated-domainunverified-file-sharingurl-shortenerurl-shorteningurlertusdtvercel-subdomainvideo gamesvulnerability scanvulnerability-scanningyoutube-botszimbrazimbra-impersonationzip

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
16
Reports
First seenMar 19, 2026
Last seenJun 1, 2026

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: Hong Kong Administrative state: HK Billing city: REDACTED FOR PRIVACY Billing country: Hong Kong Billing state: HK Create date: 2026-03-09 00:00:00 Domain name: google-services.cc Domain registrar id: 3765.0 Expiry date: 2027-03-09 00:00:00 Name server 1: ivan.ns.cloudflare.com Name server 2: dana.ns.cloudflare.com Query time: 2026-03-11 16:46:06 Registrant city: 1f8f4166599d23ee Registrant country: Hong Kong Registrant email: 6eb609d996e182a6s@ Registrant name: 1f8f4166599d23ee Registrant state: 7043151881d2a7f0 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: Hong Kong Technical state: HK Update date: 2026-03-09 00:00:00
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 13 days ago
Appeared in 16 threat reports