# crimsonmods.com — MALICIOUS

> ALERT: crimsonmods.com is a crypto drainer impersonating modding tools. 15/95 security vendors flag this domain as malicious. Verify now on PhishDestroy.

## Summary
PhishDestroy identifies crimsonmods.com as an active crypto drainer posing as a modding resource site, aiming to steal cryptocurrency and credentials from unsuspecting users.

This domain was flagged by 15 out of 95 security vendors on VirusTotal, blocked on two security blocklists including Maltrail and OISD, and tied to a newly registered domain from March 02, 2026. It uses a Let's Encrypt SSL certificate and resolves to IP 80.66.84.114, with registration handled by NICENIC INTERNATIONAL GROUP CO., LIMITED.

If you visited crimsonmods.com, immediately disconnect from the internet, clear browser cache and cookies, revoke any crypto wallet connections, run a full malware scan, and change passwords for sensitive accounts. Report the domain to PhishDestroy and consider using hardware wallets or verified modding platforms. Avoid interacting further with this site.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-02 18:34:59
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 80.66.84.114

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Maltrail", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/92a90926-49c8-4f15-a5d0-f264e2962057
- PhishDestroy: https://phishdestroy.io/domain/crimsonmods.com/
- LLM endpoint: https://phishdestroy.io/domain/crimsonmods.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/crimsonmods.com/
Last updated: 2026-03-26