IOC Radar
DomainMediumSignal 84/100

gstatic-service.io

Location
United StatesUnited States
First Seen
Oct 20, 2023
Last Seen
Mar 26, 2026
Oct 20
First Seen
980d ago
Mar 26
Last Seen
91d ago
10
Reports
source reports
84%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

26 techniques

Feed Intelligence Summary

10 reports84% confidence
10
Source reports
84%
Confidence score
Category tags
aptbotnetc++c2command and controlcredential harvestingcredential stealingdata exfiltrationdata theftdistributed attacksindicatorinfostealerinfrastructure acquisitionreconnaissanceioclummalumma stealerlummac2malicious softwaremalwaremalware distributionmanualnetworknorth americaoperating systemphishing attackprocess injectionremote servicesresearchedsmokeloadersocial engineeringt1005t1016t1021t1021.001t1036t1041t1055t1059t1069.001t1071t1071.001t1078t1105t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1571t1573t1587.001t1590.001united stateswin32 malwarewindows malware

Activity Timeline

1 total obs
Mar 26Mar 26

Threat Activity Heatmap

· Peak: 2026-03-26
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **gstatic-service.io** has emerged as a significant indicator of compromise (IOC) linked to advanced persistent threat (APT) activities originating from the United States. First observed on October

Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
10
Reports
First seenOct 20, 2023
Last seenMar 26, 2026

VirusTotal

Not checked

WHOIS

registrar
Dynadot Inc
description
Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Admin City: REDACTED Admin Country: REDACTED Admin Organization: REDACTED Admin Postal Code: REDACTED Admin State/Province: REDACTED Creation Date: 2024-11-07T11:09:59Z DNSSEC: unsigned Domain Name: gstatic-service.io Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: ns1.csof.net Name Server: ns2.csof.net Name Server: ns3.csof.net Name Server: ns4.csof.net Registrant City: 3495bcf1839c6374 Registrant Country: US Registrant Email: fb6ff66ef97c0518s@ Registrant Fax Ext: 3495bcf1839c6374 Registrant Fax: 3495bcf1839c6374 Registrant Name: 3495bcf1839c6374 Registrant Organization: 3432650ec337c945 Registrant Phone Ext: 3495bcf1839c6374 Registrant Phone: 3495bcf1839c6374 Registrant Postal Code: 3495bcf1839c6374 Registrant State/Province: 77ab92f1911d7c5f Registrant Street: 3495bcf1839c6374 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6502620100 Registrar IANA ID: 472 Registrar URL: http://dynadot.com Registrar WHOIS Server: whois.dynadot.com Registrar: Dynadot Inc Registry Admin ID: REDACTED Registry Domain ID: 725fce061b5a45e8a70901b5e0b2405f-DONUTS Registry Expiry Date: 2025-11-07T11:09:59Z Registry Registrant ID: REDACTED Registry Tech ID: REDACTED Tech City: REDACTED Tech Country: REDACTED Tech Organization: REDACTED Tech Postal Code: REDACTED Tech State/Province: REDACTED Updated Date: 2025-02-26T13:44:49Z
references
https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf, https://www.silentpush.com/blog/lummac2
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 10 threat reports