# firstbonline.icu — SUSPICIOUS > Active crypto drainer domain firstbonline.icu hosts generic phishing pages; VirusTotal shows 0/95 detections. Block it immediately to protect assets. ## Summary PhishDestroy identifies an active cryptocurrency drainer phishing campaign hosted at firstbonline.icu targeting unsuspecting users. This domain impersonates a financial service under the ‘Firstbon’ brand to trick victims into authorizing malicious token transfers via a drainer kit embedded on its landing pages. No known custom drainer framework has been extracted yet, indicating either a bespoke or repurposed toolkit designed for opportunistic credential and digital asset theft. The site presents a spoofed ‘Firstbon Online’ interface aimed at harvesting private keys or signing arbitrary transactions from connected wallets. This domain was flagged for hosting a generic phishing payload with no antivirus detection as of the latest query. Technical indicators include a VirusTotal score of 0/95 detections, an IP resolution to 172.67.186.242, registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and a Let’s Encrypt SSL certificate. The domain was created on March 19, 2026, placing it under active operation for less than 48 hours at the time of writing. Google Safe Browsing (GSB) and major blocklists have not yet flagged this domain, increasing exposure to potential victims. PhishDestroy confirms this campaign is active and expanding. Immediate defensive actions are required: block firstbonline.icu at DNS and network egress layers, revoke any credentials entered on the site, and monitor wallet addresses linked to interactions. Although current antivirus evasion is high, the risk remains elevated due to the fresh creation date and unflagged status. Users and organizations should treat this domain as hostile and refrain from any interaction. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-19 15:56:52 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.186.242 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e239ab07-4a32-44a0-a172-16d1fbcf2bb9 - PhishDestroy: https://phishdestroy.io/domain/firstbonline.icu/ - LLM endpoint: https://phishdestroy.io/domain/firstbonline.icu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/firstbonline.icu/ Last updated: 2026-03-23