# ufz.oni.mybluehost.me — SUSPICIOUS

> Domain ufz.oni.mybluehost.me identified as crypto drainer phishing site. 4/95 VirusTotal vendors flag this malicious domain.

## Summary
PhishDestroy identifies ufz.oni.mybluehost.me as an active crypto drainer domain leveraging a generic impersonation tactic to deceive visitors. This domain, registered through Domain.com, has been flagged by security vendors for hosting malicious payloads designed to siphon cryptocurrency from unsuspecting users. No specific brand is explicitly impersonated; instead, the threat actor relies on obfuscation and a free subdomain under a legitimate hosting provider (Bluehost) to distribute drainer scripts. The infrastructure suggests opportunistic targeting rather than focused brand abuse, with the domain likely used in broad phishing campaigns to lure victims under false pretenses.

This domain resolves to IP address 69.6.192.198 and was registered on October 5, 2016. It holds a valid Let’s Encrypt SSL certificate, which may be used to establish false trust. VirusTotal analysis shows 4 out of 95 security vendors currently flag this domain as malicious, indicating moderate detection but not universal awareness. The domain is not currently listed in Google Safe Browsing (GSB) and has no known entries in major blocklists, increasing the risk of exposure to unaware users. The age of the domain suggests it may have been compromised or repurposed rather than recently registered for malicious intent.

As of this report, ufz.oni.mybluehost.me remains active and poses an elevated risk to visitors engaging with its content. Immediate blocking at the network and endpoint level is recommended to prevent accidental access. Security teams are advised to inspect DNS logs for queries to this domain and to monitor for outbound connections to 69.6.192.198. Given the low VT detection rate and absence from major blocklists, this domain exemplifies stealthy crypto drainer infrastructure. Users should avoid visiting this domain entirely and rely on updated blocklists and browser protections to mitigate exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2016-10-05 23:31:07
- Registrar: Domain.com
- IP: 69.6.192.198

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e01f9dd7-2217-4031-8c98-59c32cab2b64
- PhishDestroy: https://phishdestroy.io/domain/ufz.oni.mybluehost.me/
- LLM endpoint: https://phishdestroy.io/domain/ufz.oni.mybluehost.me/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ufz.oni.mybluehost.me/
Last updated: 2026-03-21