# gocstm.com — MALICIOUS

> gocstm.com flagged for phishing attempts and now offline. Learn about its risks and technical details to stay protected from scams.

## Summary
PhishDestroy has identified gocstm.com as a medium-risk generic phishing domain. Registered recently on March 5, 2026, this site was flagged due to suspicious activity aimed at deceiving users into revealing sensitive information. Its classification as a phishing domain is supported by security blocklists and VirusTotal detections.

Technical analysis reveals that gocstm.com resolved to IP address 188.114.97.3 and was registered through NiceNIC International Group Co., Limited. Out of 95 security vendors scanned on VirusTotal, 6 flagged this domain, while it also appeared on one security blocklist. The page title retrieved during analysis read "Suspected phishing site | Cloudflare," indicating protective measures during investigation.

Currently, the domain is taken offline, reducing immediate threat. PhishDestroy continues monitoring to ensure no resurgence or related malicious infrastructure. Users are advised to remain vigilant and avoid interacting with any communications referencing gocstm.com to prevent exposure to phishing scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-05 19:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["giancarlo.ns.cloudflare.com", "raquel.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cbf39-f78c-74f9-bb57-2dab03b6c3e7.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/gocstm.com
- Wayback Machine: https://web.archive.org/web/https://gocstm.com
- PhishDestroy: https://phishdestroy.io/domain/gocstm.com/
- LLM endpoint: https://phishdestroy.io/domain/gocstm.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gocstm.com/
Last updated: 2026-03-19