# PhishDestroy threat dossier — csfloat.com.co ================================================================ Fetched: 2026-05-01 00:24:34 UTC Canonical: https://phishdestroy.io/domain/csfloat.com.co/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 55/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/91 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.97.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: Hosting Concepts B.V. d/b/a Registrar.eu Nameservers: barbara.ns.cloudflare.com, marvin.ns.cloudflare.com Registered: 2026-01-18 Page title: Csfloat - CS2皮肤交易平台指南 2026 HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-06-16 Status: INVALID chain Fingerprint: 1674f85c7d5671d828bbc21c113a57c594b8cf50d879b7455724bcaebdfffb08 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-01-18 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-25 22:09:05 UTC (by PhishDestroy tracker) First reported: 2026-04-25 19:09:58 UTC (abuse notice filed) Last verified: 2026-05-01 02:47:24 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dc60a-dd32-762c-aebf-1a51cca515b4/ URLQuery: https://urlquery.net/report/d35a6bba-d520-4b22-9ce9-e1c74f969552 Wayback Machine: https://web.archive.org/web/*/csfloat.com.co crt.sh CT logs: https://crt.sh/?q=%25.csfloat.com.co Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=csfloat.com.co AlienVault OTX: https://otx.alienvault.com/indicator/domain/csfloat.com.co URLhaus: https://urlhaus.abuse.ch/host/csfloat.com.co/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-25 22:09:35 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies csfloat.com.co as an active crypto drainer campaign impersonating the Steam Community Market. The domain is currently under investigation with a status marked as active. This threat involves the unauthorized extraction of cryptocurrency assets from users through deceptive means, specifically targeting Steam users by mimicking a legitimate trading platform. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious. The domain csfloat.com.co was registered through Hosting Concepts B.V. d/b/a Registrar.eu and resolves to IP address 188.114.97.3. It was created on January 18, 2026, and currently holds a Google Trust Services SSL certificate. Despite no detections on VirusTotal, the domain's recent creation date and association with a high-risk threat type warrant immediate scrutiny. Given the lack of detections but high-risk nature of the threat, PhishDestroy advises users to exercise extreme caution when encountering csfloat.com.co. Users should verify the legitimacy of any suspicious links or domains through PhishDestroy’s platform prior to interaction. Blocking the domain at the network level and reporting it to relevant authorities is strongly recommended to prevent potential financial losses. Additionally, Steam users should cross-reference URLs with the official Steam Community Market domain (steamcommunity.com/market) to avoid falling victim to this crypto drainer campaign. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260425-BF5A55 Favicon MD5: 07b5fe4337078a835936a2a714d2e093 TLS cert SHA-256: 1674f85c7d5671d828bbc21c113a57c594b8cf50d879b7455724bcaebdfffb08 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/csfloat.com.co/ JSON API: https://api.destroy.tools/v1/check?domain=csfloat.com.co Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io