# 163buffcs.com — SUSPICIOUS

> Explore the phishing investigation of 163buffcs.com, a now offline domain linked to CS2 skin scams. Understand its risks and technical details.

## Summary
PhishDestroy identifies 163buffcs.com as a generic phishing domain targeting users interested in CS2 skins, masquerading as a leading skin site with the page title "BUFF — Number one among all skin sites for CS2!". The domain was classified as low-risk due to limited detection and minimal impact evidence, but it still posed a potential threat to users seeking gaming-related content.

Technical analysis shows the domain was created on March 5, 2026, and resolved to IP address 58.64.137.69. VirusTotal flagged the domain with 2 out of 95 security vendors detecting suspicious activity, and it appears on one security blocklist. The domain was registered through NiceNIC International Group Co., Limited, indicating a likely overseas registration. These indicators suggest the infrastructure was modest but sufficient to host deceptive content aimed at phishing credentials or personal data.

Currently, 163buffcs.com is offline, mitigating immediate risk. PhishDestroy recommends users remain vigilant about gaming-related offers from unofficial sites, as low-risk domains like this can still lead to credential theft or malware. Blocking and monitoring such domains aids in preventing future exploitation attempts. Continued tracking of related infrastructure is advised to maintain proactive defenses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: BUFF — Number one among all skin sites for CS2!

## Domain Intelligence
- Registered: 2026-03-05 19:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 58.64.137.69
- IP Country: HK
- IP City: Tung Chung
- IP Org: AS17444 HKBN Enterprise Solutions Limited
- Nameservers: ["expired-ns1.niceisp.com", "expired-ns2.niceisp.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0196662b-41ea-77ec-b2c3-09800606252d.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/163buffcs.com
- Wayback Machine: https://web.archive.org/web/https://163buffcs.com
- PhishDestroy: https://phishdestroy.io/domain/163buffcs.com/
- LLM endpoint: https://phishdestroy.io/domain/163buffcs.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/163buffcs.com/
Last updated: 2026-03-19