# defax.icu — MALICIOUS

> Defax.icu hosts a phishing scam called Troll Airdrop. Avoid interacting with this site to protect your data and report suspicious activity immediately.

## Summary
PhishDestroy identifies defax.icu as an active phishing domain designed to deceive users under the guise of a "Troll Airdrop". This generic phishing threat aims to steal sensitive personal or financial information, posing a medium risk to users who engage with the site. Phishing attacks like this remain a critical cybersecurity concern because they exploit trust to gain unauthorized access to user credentials.

The domain defax.icu was created recently on February 21, 2026, and resolves to the IP address 91.92.242.155. It currently appears on two security blocklists and is flagged by 7 out of 95 antivirus vendors on VirusTotal, indicating a confirmed suspicion of malicious activity. Despite these warnings, the domain remains active and accessible, increasing the potential risk to unsuspecting users.

Users are strongly advised to avoid visiting defax.icu or downloading any content from it. If you have interacted with the site, monitor your accounts for unusual activity and change your passwords promptly. Reporting this domain to your organization's IT department or a phishing reporting service can help mitigate further harm. Staying vigilant against unexpected airdrop offers or suspicious links is essential for protecting your digital security.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Troll Airdrop

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 91.92.242.155
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS202412 Omegatech LTD
- SSL Issuer: R13

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7750-d657-70b4-9522-db2d9dfcebf8.png
- PhishDestroy: https://phishdestroy.io/domain/defax.icu/
- LLM endpoint: https://phishdestroy.io/domain/defax.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/defax.icu/
Last updated: 2026-03-19