# citrea.top — SUSPICIOUS

> Stay cautious: citrea.top is an active phishing domain under investigation. Avoid visiting or sharing to protect your data.

## Summary
PhishDestroy identifies citrea.top as a generic phishing domain currently classified under an active investigation status. The domain was registered recently on March 8, 2026, which aligns with common tactics used by threat actors to exploit fresh registrations for phishing campaigns. The use of a less familiar top-level domain further suggests malicious intent.

Technical indicators show citrea.top resolves to the IP address 172.67.189.91 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Despite no detections reported by VirusTotal scans at this time, the domain’s recent creation date and registrar profile contribute to its suspicion. These factors, combined with ongoing monitoring by PhishDestroy, provide grounds for caution.

Currently, citrea.top remains active and under close observation. Users are advised to exercise vigilance by avoiding interaction with this domain until further analysis confirms its safety or maliciousness. PhishDestroy will update this status as additional intelligence becomes available to aid in community defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-08 13:07:01
- Registrar: 耐思尼克国际集团有限公司
- Country: HK
- IP: 172.67.189.91
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["earl.ns.cloudflare.com.", "laura.ns.cloudflare.com."]
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ADMINUSLabs", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccd49-922c-70f5-8f6a-febd67d96535.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/28c0d144-7c62-40ae-a61a-b60ef8394cad
- Wayback Machine: https://web.archive.org/web/https://citrea.top
- PhishDestroy: https://phishdestroy.io/domain/citrea.top/
- LLM endpoint: https://phishdestroy.io/domain/citrea.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/citrea.top/
Last updated: 2026-03-19