# investigbot.com — MALICIOUS > This site at investigbot.com poses as a threat intelligence tool but is actively harvesting credentials. ## Summary PhishDestroy identifies investigbot.com as an active credential-harvesting scam site designed to trick users into submitting login details under the guise of a threat intelligence tool. The domain mimics legitimate security services to deceive visitors into believing they are accessing a professional platform, when in reality, any inputted credentials are immediately compromised and likely sold on dark web markets or used for follow-on attacks. Users who interact with this site risk exposing corporate, personal, or financial account credentials to malicious actors. This domain was flagged by 6 of 95 VirusTotal security vendors, registered on December 11, 2024, and hosted on IP 66.29.142.74 through NAMECHEAP INC with a Let's Encrypt SSL certificate. Its recent creation and low detection rate at time of analysis (6/95) suggest it is part of an emerging campaign, leveraging newly registered domains to evade early detection mechanisms. The use of a free SSL certificate further enhances its credibility deception, as visitors may assume the site is trustworthy due to the padlock icon in their browser. If you visited investigbot.com, do not enter any credentials, personal information, or financial data. Immediately change passwords for any accounts you may have entered, enable multi-factor authentication on all critical accounts, and scan your device for malware using a reputable security tool. Report the domain to your IT security team or file a complaint with your national cybercrime unit. Monitor accounts closely for unauthorized access and consider using identity theft protection services if sensitive data was submitted. Avoid revisiting the site, as it remains active and poses an ongoing risk. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-12-11 10:29:30 - Registrar: NAMECHEAP INC - IP: 66.29.142.74 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/18f5beab-e780-480c-9192-5e451802cecc - PhishDestroy: https://phishdestroy.io/domain/investigbot.com/ - LLM endpoint: https://phishdestroy.io/domain/investigbot.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/investigbot.com/ Last updated: 2026-03-29