# cryptobotofficial.icu — MALICIOUS

> cryptobotofficial.icu is a high-risk crypto drainer flagged for social engineering. Avoid interactions; domain now offline after detection.

## Summary
PhishDestroy identifies cryptobotofficial.icu as a malicious domain associated with crypto-related scams, specifically a crypto drainer operation. The site, titled "CryptoBot | Airdrop," was designed to lure victims with promises of cryptocurrency giveaways, a common tactic to harvest sensitive information or credentials.

Technically, the domain resolved to IP address 188.114.97.3 and was registered via PDR Ltd. d/b/a PublicDomainRegistry.com on February 21, 2026. It was flagged by Google Safe Browsing for social engineering threats and appeared on at least one security blocklist. VirusTotal analysis indicated that 16 out of 95 security vendors identified the domain as malicious, confirming its high-risk nature.

Currently, cryptobotofficial.icu has been taken offline, minimizing immediate risks to users. PhishDestroy recommends that organizations and users remain vigilant for similar crypto-themed phishing attempts, maintain updated security solutions, and report any suspicious activity related to this domain or similar ones to appropriate authorities.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: CryptoBot | Airdrop

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2027-01-20 00:00:00
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: brian.ns.cloudflare.com violet.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bef21-2bbd-769e-a275-df2eed1eca6c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c4579db2-2d67-4fb6-9289-16760e24ed04
- PhishDestroy: https://phishdestroy.io/domain/cryptobotofficial.icu/
- LLM endpoint: https://phishdestroy.io/domain/cryptobotofficial.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cryptobotofficial.icu/
Last updated: 2026-03-19