# csg2run.com — SUSPICIOUS

> csg2run.com hosts a crypto drainer (0/95 VirusTotal detections). Immediate suspicion advised to protect digital assets. Act now to block access.

## Summary
PhishDestroy identifies active crypto drainer activity on domain csg2run.com, currently under investigation with a high-risk designation. This domain was flagged as a generic phishing host but exhibits technical indicators consistent with cryptocurrency theft operations, including drainer scripts and wallet connection prompts. Early-stage analysis suggests a focus on siphoning funds from unsuspecting crypto users through fraudulent transaction approvals.  csg2run.com was registered on April 13, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 104.21.11.153 with a Google Trust Services SSL certificate. Despite zero detections on VirusTotal (0/95), it has appeared on 1 security blocklist, including PhishDestroy’s active defenses. The domain’s recent creation date and low detection rate indicate either a newly deployed campaign or evasion tactics designed to bypass early-stage scrutiny.  Mitigation for crypto drainer threats requires immediate action: block domain access at the network and endpoint level, scan devices for unauthorized wallet extensions or browser modifications, and verify all crypto transaction approvals on a clean, offline device. Users should avoid interacting with any prompts or links from csg2run.com and report suspicious activity to their security provider. Organizations are advised to deploy DNS filtering rules targeting this domain and monitor for lateral movement if initial compromise is suspected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-13 04:47:22
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.11.153

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5f9a03b3-399f-4425-ac88-9e1ff4200d6e
- PhishDestroy: https://phishdestroy.io/domain/csg2run.com/
- LLM endpoint: https://phishdestroy.io/domain/csg2run.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/csg2run.com/
Last updated: 2026-03-27