# 943.lol — SUSPICIOUS

> 943.lol is a crypto drainer impersonating legitimate services. VirusTotal shows 0/95 detections yet. Avoid interaction and verify URLs before transactions.

## Summary
PhishDestroy identifies 943.lol as an active crypto drainer domain designed to deceive users into transferring cryptocurrency to attacker-controlled wallets. This domain was flagged due to its recent registration and association with malicious infrastructure, including a Let's Encrypt SSL certificate to appear legitimate. The domain resolves to IP 188.114.97.3, which has been linked to cryptocurrency theft campaigns targeting unsuspecting users.  This domain poses a high risk as a crypto drainer, a type of phishing attack where victims unknowingly authorize cryptocurrency transfers to fraudulent addresses. The domain was registered through NameSilo, LLC on March 23, 2026, a suspiciously recent date suggesting premeditated malicious intent. VirusTotal currently shows 0 detections out of 95 scanners, indicating this threat remains undetected by many security tools. The domain's infrastructure, including its SSL certificate and IP assignment, suggests it is part of a coordinated campaign to exploit cryptocurrency users.  Users who visited 943.lol should immediately check their cryptocurrency wallets for unauthorized transactions. Do not interact with this domain or any linked addresses. If you entered credentials or transaction details, revoke API keys and permissions associated with your wallet. Report this domain to your security team or use PhishDestroy's verification tool to confirm safety before any further engagement.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 12:42:46
- Registrar: NameSilo, LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1da142fe-1a19-467e-9ef3-496f7fc1e2da
- PhishDestroy: https://phishdestroy.io/domain/943.lol/
- LLM endpoint: https://phishdestroy.io/domain/943.lol/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/943.lol/
Last updated: 2026-03-24