# dep36t.icu — SUSPICIOUS

> Dep36t.icu is a recently registered site detected as a phishing page harvesting user logins. Created April 3 2026, it returns 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies dep36t.icu as an active credential-theft page currently under investigation for generic phishing operations. This domain was flagged within hours of its April 3 2026 creation and hosted on IP 216.203.20.169 through NICENIC INTERNATIONAL GROUP CO., LIMITED while carrying a valid Let’s Encrypt certificate to appear legitimate. VirusTotal currently records zero antivirus engines flagging the URL, underscoring how new and undetected this campaign remains.

Technical indicators reinforce the suspicion; a domain age of nine days combined with zero detections (0/95 engines on VirusTotal) creates an unusually wide window for unsuspecting visitors to be compromised. The registrar and hosting footprint adds minimal risk friction, lowering typical defensive signals. Even the presence of a legitimate SSL certificate cannot guarantee safety, as phishers frequently exploit free issuance to gain user trust.

Users who visited dep36t.icu should immediately check any accounts where credentials may have been entered and activate two-factor authentication where available. Review browser history for follow-on redirects, scan local devices with an up-to-date antivirus suite, and consider a password reset for sensitive services. If no data was submitted, simply avoid revisiting the domain and report the URL to your browser’s safe-browsing feed to help block future visitors.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-03 23:57:56
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 216.203.20.169

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/dep36t.icu
- PhishDestroy: https://phishdestroy.io/domain/dep36t.icu/
- LLM endpoint: https://phishdestroy.io/domain/dep36t.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dep36t.icu/
Last updated: 2026-04-04