# celorislav96.fr — MALICIOUS

> Celorislav96.fr is linked to a high-risk crypto drainer threat and appears on multiple blocklists. Learn how to stay protected today.

## Summary
PhishDestroy identifies celorislav96.fr as a high-risk crypto drainer domain designed to steal cryptocurrency wallets or credentials. This threat aims to drain victims' digital assets through malicious means.

The domain resolves to IP 188.114.97.3 and is registered via Dynadot Inc. It has been flagged by several security vendors and appears on multiple blocklists. Although currently offline, it was active since January 2026 and is associated with one AlienVault OTX threat pulse.

Users should avoid interacting with this domain or links related to it. To stay safe, ensure your wallet security, update antivirus software, and only use trusted sources for cryptocurrency transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Céloris IA v9.6 Vérifié | Portail d'Accès Sécurisé et Autorisé

## Domain Intelligence
- Registered: 2026-01-19 17:07:27
- Expires: 2027-01-19 00:00:00
- Registrar: Dynadot LLC
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["imani.ns.cloudflare.com", "seamus.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Certego", "CRDF", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Netcraft", "Seclookup", "SOCRadar", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019beadd-eabd-779e-a7ba-f27fc18eb7eb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/061cd919-066b-4d2d-9e72-4b9fcd1833db
- Wayback Machine: https://web.archive.org/web/https://celorislav96.fr
- PhishDestroy: https://phishdestroy.io/domain/celorislav96.fr/
- LLM endpoint: https://phishdestroy.io/domain/celorislav96.fr/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/celorislav96.fr/
Last updated: 2026-03-19