# app.rainf.icu — SUSPICIOUS

> PhishDestroy identifies app.rainf.icu as an active fake login portal phishing domain. Flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
app.rainf.icu has been identified as an active fake login portal phishing domain, currently under investigation by PhishDestroy. This domain is being tracked for its role in deceptive credential harvesting campaigns targeting unsuspecting users. The threat remains active as of the latest assessment.  This domain was flagged by 0 of 95 VirusTotal vendors, indicating it has not yet been widely detected by security solutions. It was registered through PDR Ltd. d/b/a PublicDomainRegistry.com, resolves to IP 172.67.141.183, and was created on March 30, 2026. Current blocklist counts and trust scores are pending further analysis due to its recent discovery.  Users and organizations are advised to avoid interacting with app.rainf.icu and to report any observed phishing activity involving this domain. Implement email filtering rules to block messages referencing this domain or its associated infrastructure. If exposure is suspected, reset credentials and enable multi-factor authentication where applicable to mitigate potential account compromise. Monitor network traffic for connections to IP 172.67.141.183 as an indicator of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 12:49:25
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.141.183

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/49623a28-668d-4618-b295-4537ecf47f97
- PhishDestroy: https://phishdestroy.io/domain/app.rainf.icu/
- LLM endpoint: https://phishdestroy.io/domain/app.rainf.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app.rainf.icu/
Last updated: 2026-04-01