# aftoll.icu — MALICIOUS

> Warning: aftoll.icu has been flagged for phishing. The domain is offline but was used to steal sensitive info. Avoid visiting this site.

## Summary
PhishDestroy identifies aftoll.icu as a medium-risk phishing domain that was actively used to deceive users into revealing personal information. Although the domain is currently offline, it previously posed a threat by impersonating trustworthy entities to trick visitors.

This phishing attack worked by directing users to aftoll.icu, where malicious actors attempted to capture login credentials or other sensitive data through fake forms or deceptive content. The domain was registered recently in February 2026 and resolved to an IP address associated with suspicious activity, leading to its inclusion on one security blocklist and detection by several antivirus vendors.

If you have visited aftoll.icu, it is advisable to change any passwords you may have entered and monitor your accounts for unusual activity. Avoid clicking links from unknown sources and use security tools to block or report similar phishing domains. Staying informed and cautious helps protect your personal information from these types of cyber threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)

## Domain Intelligence
- Registered: 2026-02-24 21:05:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 212.22.90.25
- IP Country: RU
- IP City: Moscow
- IP Org: AS216334 New Hosting Technologies LLC
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar", "ThreatHive"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/p6dL2Hv5/22ca28e9bd38.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/793c70dd-b7f5-4301-aeac-3ae745c2cd0e
- Wayback Machine: https://web.archive.org/web/https://aftoll.icu
- PhishDestroy: https://phishdestroy.io/domain/aftoll.icu/
- LLM endpoint: https://phishdestroy.io/domain/aftoll.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aftoll.icu/
Last updated: 2026-03-19