Flagged .icu Domains
10 domains using the .icu extension have been flagged by threat-intelligence feeds. The .icu extension is among the most-abused top-level domains in published phishing-landscape data, which is why it appears frequently in scam infrastructure.
Flagged .icu Domains
10 shownFrequently Asked Questions
Are all .icu websites scams?
No. The .icu extension is among the most-abused top-level domains in published phishing-landscape data, which is why it appears frequently in scam infrastructure. Many legitimate sites use .icu. This page lists only the specific .icu domains flagged by threat-intelligence feeds — not the extension as a whole.
Why do scammers use .icu domains?
Scammers favour cheap, fast-to-register extensions with slower abuse enforcement, because they expect the domain to be taken down within days. Registration cost and enforcement speed — not the extension's purpose — drive the choice.
How do I check if a specific .icu site is safe?
Look it up here or on Google Safe Browsing and VirusTotal, and check its registration date with a WHOIS lookup. Very new domains imitating an established brand are a strong warning sign.
Stop the next phishing attack before you click.
NordPass autofill only triggers on real domains. Fake login pages cannot trick it into entering your credentials.