# berlusconi-cc.to — SUSPICIOUS > berlusconi-cc.to hosts a crypto drainer kit mimicking high-profile brands. VirusTotal shows 0/95 detections. Block immediately. ## Summary PhishDestroy identifies a newly active crypto drainer campaign hosted at berlusconi-cc.to, a domain flagged for brand impersonation targeting high-profile entities. Analysis of the infrastructure reveals a live deployment designed to siphon cryptocurrency from unsuspecting victims through fraudulent transaction interfaces. The domain mimics legitimate services to deceive users into authorizing malicious transactions, a technique commonly associated with advanced crypto drainer toolkits such as Angel Drainer or Inferno Drainer. While the exact drainer kit variant remains under forensic examination, the domain’s registration details and SSL configuration suggest a sophisticated setup intended to evade initial detection mechanisms. Technical indicators confirm this domain is a significant threat vector. VirusTotal currently reports 0 out of 95 security vendors detecting the domain as malicious, indicating a critical detection gap. Registered through the Government of the Kingdom of Tonga, berlusconi-cc.to resolves to IP address 172.67.70.170, a Cloudflare-operated range often abused for malicious hosting due to its anonymity and resilience. The domain was created on October 15, 2025, and utilizes a Google Trust Services SSL certificate, which may be leveraged to enhance trust perception among potential victims. Google Safe Browsing (GSB) has not yet blacklisted this domain, and public blocklists show no current coverage. This combination of factors—low detection coverage, recent creation, and use of reputable infrastructure—creates a high-risk environment for visitors. The domain is currently active and under active monitoring by PhishDestroy’s threat intelligence team. Immediate defensive actions include DNS sinkholing, IP-based blocking at the firewall, and addition to enterprise blocklists. Users are advised to avoid accessing berlusconi-cc.to and to inspect network logs for outbound connections to IP 172.67.70.170. Due to the absence of signature-based detections and the domain’s recent deployment, the risk level remains under investigation but is assessed as HIGH. Organizations are urged to implement behavioral analytics and monitor for anomalous cryptocurrency transaction patterns. Continuous threat hunting is recommended until full IOC coverage is achieved and GSB or other threat feeds flag the domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-15 20:33:00 - Registrar: Government of Kingdom of Tonga - IP: 172.67.70.170 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9bf012dd-f733-4333-9e5a-4f2cca90d8f4 - PhishDestroy: https://phishdestroy.io/domain/berlusconi-cc.to/ - LLM endpoint: https://phishdestroy.io/domain/berlusconi-cc.to/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/berlusconi-cc.to/ Last updated: 2026-03-23