# nebulaforge.cc — SUSPICIOUS > PhishDestroy identifies nebulaforge.cc as a malicious domain distributing fake software installers. VirusTotal shows 0/95 detections despite active threats. ## Summary PhishDestroy analysts have identified nebulaforge.cc as a malicious domain actively distributing counterfeit software installers designed to compromise user devices. This fraudulent site poses as a legitimate software repository, luring victims into downloading trojanized applications that deliver malware payloads. The threat is particularly insidious as it preys on users seeking legitimate software, potentially leading to credential theft, financial fraud, or persistent system infections. Technical analysis reveals several red flags: the domain resolves to IP 172.67.147.47, is registered through PDR Ltd. d/b/a PublicDomainRegistry.com, and was created on April 02, 2026. Most concerning is its current status on VirusTotal, with 0 out of 95 security engines detecting its malicious nature despite active distribution of harmful payloads. This low detection rate suggests either highly sophisticated obfuscation techniques or a newly emerged threat that hasn't yet been widely cataloged by security vendors. Users who have visited nebulaforge.cc should immediately cease any downloads or installations from the site and run a full antivirus scan on their devices. If any suspicious software was executed, users should revoke affected account credentials, monitor financial transactions, and consider professional malware removal services. Organizations should block this domain at the network perimeter using the IP address 172.67.147.47. As this threat remains under active investigation, users are advised to report any encounters with this domain to their security teams or through PhishDestroy's reporting portal to aid in ongoing threat intelligence efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-02 00:07:55 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 172.67.147.47 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/nebulaforge.cc - PhishDestroy: https://phishdestroy.io/domain/nebulaforge.cc/ - LLM endpoint: https://phishdestroy.io/domain/nebulaforge.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nebulaforge.cc/ Last updated: 2026-04-05