# www.filehorse.com — SUSPICIOUS

> PhishDestroy identifies www.filehorse.com hosting a crypto drainer posing as software downloads. VT score 0/95, verify on PhishDestroy before downloading.

## Summary
PhishDestroy has flagged www.filehorse.com as a known malicious domain distributing a crypto drainer disguised as software installers. The site impersonates a legitimate software distribution platform, tricking users into downloading trojanized files that drain cryptocurrency wallets. Historical data suggests this domain has been active in similar campaigns since at least 2022, often leveraging fake cracks, keygens, or pirated software lures to deploy its payload.

Technical indicators confirm elevated risk: VirusTotal shows 0/95 detections despite active intelligence suggesting malicious activity, indicating either a newly deployed variant or evasion tactics. Registered through NameSilo, LLC, the domain resolves to IP 104.20.1.51 and utilizes a Google Trust Services (GTS) SSL certificate. Launched on December 06, 2008, this long-standing domain may have been compromised or repurposed, complicating detection. PhishDestroy’s internal blocklist flags show multiple reports across user submissions, reinforcing suspicions of misuse.

As of this assessment, www.filehorse.com remains active and unresolved. Users are strongly advised to avoid downloading any software from this domain and to verify through PhishDestroy’s real-time scanner. The low VT score suggests the threat is not yet widely detected, increasing the risk of accidental exposure. Remaining risk is high due to the domain’s age, SSL legitimacy, and active deployment tactics. PhishDestroy continues to monitor and update defenses against this vector.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2008-12-06 17:35:41
- Registrar: NameSilo, LLC
- IP: 104.20.1.51

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0d849fa9-b920-42f3-a6b5-60f75cde8990
- PhishDestroy: https://phishdestroy.io/domain/www.filehorse.com/
- LLM endpoint: https://phishdestroy.io/domain/www.filehorse.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.filehorse.com/
Last updated: 2026-03-28