# agibogpt.com — SUSPICIOUS

> PhishDestroy identifies agibogpt.com as a crypto drainer impersonating AI tools, resolving to 102.223.72.41 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies agibogpt.com as a crypto drainer domain impersonating AI tools and chatbots. The site leverages a plausible name suggestive of AI capabilities (AgiBoGPT) to lure victims into connecting cryptocurrency wallets under the guise of accessing an AI service. While the current payload remains unconfirmed, the domain's structure and timing (late 2025) align with recent campaigns distributing drainer kits such as Angel Drainer or Inferno Drainer variants. Given the rapid evolution of crypto drainers and their frequent abuse of AI-themed lures, this domain poses a significant risk to cryptocurrency users seeking AI-powered tools.


The domain agibogpt.com exhibits multiple technical indicators consistent with malicious intent. It was registered on October 21, 2025, through GoDaddy.com, LLC, and resolves to IPv4 address 102.223.72.41. The SSL certificate is issued by TrustAsia Technologies, Inc., which does not inherently confirm legitimacy. VirusTotal currently shows 0 out of 95 security engines detecting any malicious content as of the latest scan. The domain has not yet been flagged by Google Safe Browsing (GSB) and remains unblocked by major threat intelligence platforms, making it active and accessible to potential victims. The absence of detections suggests either a recently deployed domain or a sophisticated evasion technique.


This domain is currently active and under active investigation by PhishDestroy. Immediate actions include ongoing monitoring of wallet drainer activity, SSL certificate tracking, and behavioral analysis of inbound traffic patterns. The absence of VirusTotal detections and GSB flags indicates a critical window of exposure for users. PhishDestroy recommends immediate blocking of agibogpt.com via DNS or firewall rules and advises cryptocurrency users to verify any AI-related web service by checking trusted directories or official project websites. The remaining risk is assessed as HIGH due to the domain's active status, lack of detection coverage, and use of timely AI-themed impersonation tactics to deceive visitors.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-10-21 19:17:45
- Registrar: GoDaddy.com, LLC
- IP: 102.223.72.41

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/agibogpt.com
- PhishDestroy: https://phishdestroy.io/domain/agibogpt.com/
- LLM endpoint: https://phishdestroy.io/domain/agibogpt.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/agibogpt.com/
Last updated: 2026-04-06