Flagged .icu Domains
5 domains using the .icu extension have been flagged by threat-intelligence feeds. The .icu extension is among the most-abused top-level domains in published phishing-landscape data, which is why it appears frequently in scam infrastructure.
Flagged .icu Domains
5 shownFrequently Asked Questions
Are all .icu websites scams?
No. The .icu extension is among the most-abused top-level domains in published phishing-landscape data, which is why it appears frequently in scam infrastructure. Many legitimate sites use .icu. This page lists only the specific .icu domains flagged by threat-intelligence feeds — not the extension as a whole.
Why do scammers use .icu domains?
Scammers favour cheap, fast-to-register extensions with slower abuse enforcement, because they expect the domain to be taken down within days. Registration cost and enforcement speed — not the extension's purpose — drive the choice.
How do I check if a specific .icu site is safe?
Look it up here or on Google Safe Browsing and VirusTotal, and check its registration date with a WHOIS lookup. Very new domains imitating an established brand are a strong warning sign.
Stop the next phishing attack before you click.
NordPass autofill only triggers on real domains. Fake login pages cannot trick it into entering your credentials.