# https-nsocks.net — SUSPICIOUS

> https-nsocks.net is a live generic phishing domain distributing SOCKS5 proxy malware. Check the full report.

## Summary
PhishDestroy identifies the active phishing domain https-nsocks.net as a high-risk generic phishing campaign distributing SOCKS5 proxy malware kits. This domain does not impersonate a specific brand, indicating a broad, opportunistic attack targeting users seeking proxy services. The infrastructure supports malicious payload delivery, with no affiliation to legitimate proxy providers. The threat is classified as elevated due to the active distribution of malware through deceptive means, including fake proxy software downloads or configuration files.

Technical indicators confirm malicious activity: VirusTotal flags the domain with a score of 2/95 security vendors, indicating low initial detection but high potential for malicious behavior. The domain was registered through Hosting Concepts B.V. d/b/a Registrar.eu on March 04, 2024, and resolves to IP 185.43.220.18. The threat utilizes a Let's Encrypt SSL certificate to appear legitimate, and as of the latest analysis, it remains unlisted on Google Safe Browsing (GSB). With 2 active blocklists tracking this domain, the risk of exposure to unsuspecting users is significant, particularly for those searching for proxy services or anonymity tools.

This phishing campaign is currently active and distributing malicious payloads. Immediate response actions include blocking the domain at the network level, flagging the associated IP (185.43.220.18) in firewall rules, and updating endpoint security signatures to detect SOCKS5 proxy malware. End users should avoid downloading proxy software from untrusted sources and verify the legitimacy of any proxy services through official channels. Despite mitigation efforts, the remaining risk is elevated due to the active nature of the campaign and the lack of widespread detection. Users are advised to exercise caution when accessing proxy-related services and report any suspicious activity to their security teams.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-03-04 10:06:37
- Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
- IP: 185.43.220.18

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fcac3c7b-9fe3-4c95-9ba9-4fdcf9f1eefd
- PhishDestroy: https://phishdestroy.io/domain/https-nsocks.net/
- LLM endpoint: https://phishdestroy.io/domain/https-nsocks.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/https-nsocks.net/
Last updated: 2026-03-24