# sarmat24.biz — SUSPICIOUS

> sarmat24.biz is an active generic phishing domain impersonating banking login pages. Flagged by 1 of 95 VirusTotal vendors, users should avoid entering.

## Summary
PhishDestroy identifies sarmat24.biz as an active generic phishing domain operating since March 28, 2020. This domain poses an elevated risk by leveraging deceptive tactics to impersonate legitimate banking login interfaces, tricking users into surrendering sensitive credentials. No specific drainer kit or brand impersonation has been confirmed, but its structure suggests a focus on financial fraud.  

This domain exhibits multiple red flags confirmed by forensic analysis. VirusTotal flags 1 out of 95 security vendors, indicating limited but present detection. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, it resolves to IP 91.206.71.105 and holds a Google Trust Services SSL certificate—a tactic often exploited to appear legitimate. The domain was created on March 28, 2020, and remains unblocked by Google Safe Browsing (GSB) at the time of analysis.  

Current status confirms active operation with elevated risk potential. Immediate response includes blocking the domain and IP at network and endpoint levels. Users are advised to avoid accessing sarmat24.biz and report any interaction. While current blocklist adoption is low, proactive threat intelligence integration is critical to prevent credential harvesting campaigns. Remaining risk stems from potential undetected variants or infrastructure pivots, necessitating continuous monitoring.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2020-03-28 14:02:59
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 91.206.71.105

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0b66e720-2bf9-4c40-aa9f-2fc0de89b092
- PhishDestroy: https://phishdestroy.io/domain/sarmat24.biz/
- LLM endpoint: https://phishdestroy.io/domain/sarmat24.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sarmat24.biz/
Last updated: 2026-03-26