# afs-crypto.com — SUSPICIOUS

> afs-crypto.com impersonates Crypto.com to steal credentials. This domain, flagged by 2/95 vendors and Google Safe Browsing, resolves to 188.114.97.3.

## Summary
afs-crypto.com has been classified as an elevated-risk domain actively engaged in brand impersonation of Crypto.com. The malicious domain leverages the trust associated with the legitimate Crypto.com brand to deceive users into divulging sensitive information, including login credentials and financial data. This threat vector is particularly insidious due to the widespread adoption of cryptocurrency platforms, where users are accustomed to frequent and often urgent interactions.  This domain was flagged by 2 out of 95 security vendors on VirusTotal, indicating limited but not insignificant detection. It was registered via NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for hosting a variety of domains, some of which have been associated with malicious activity. The IP address 188.114.97.3 has been linked to this domain, further correlating it with suspicious infrastructure. The domain itself was created on April 1, 2026, a suspiciously recent date that aligns with the recent uptick in such impersonation campaigns. Google Safe Browsing has flagged the domain under the category SOCIAL_ENGINEERING, confirming its use in deceptive practices. The domain also holds a valid SSL certificate issued by Let's Encrypt, which may lend an air of legitimacy to unsuspecting users. Trust scores for this domain are low, as reflected in its sparse detection on security platforms.  To mitigate the risk posed by afs-crypto.com, organizations and individuals should immediately block the domain and its associated IP address, 188.114.97.3, at the network perimeter. Users should be reminded to verify the authenticity of any domain claiming to represent Crypto.com by cross-referencing it with official sources, such as the verified URLs listed on Crypto.com’s official website. Additionally, enabling multi-factor authentication (MFA) on all cryptocurrency accounts can provide an additional layer of security against credential theft. Security teams are advised to monitor for any further domains registered under similar patterns or infrastructure and to update blocklists accordingly. Public awareness campaigns highlighting the tactics used in brand impersonation scams can also help reduce the likelihood of users falling victim to these deceptive domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Crypto.com

## Domain Intelligence
- Registered: 2026-04-01 15:51:10
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/afs-crypto.com
- PhishDestroy: https://phishdestroy.io/domain/afs-crypto.com/
- LLM endpoint: https://phishdestroy.io/domain/afs-crypto.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/afs-crypto.com/
Last updated: 2026-04-08