# cab.alveonltd.com — SUSPICIOUS > cab.alveonltd.com is a crypto drainer mimicking Alveon Ltd. With 0/95 VirusTotal detections, verify all links via PhishDestroy before interacting to avoid theft. ## Summary PhishDestroy identifies cab.alveonltd.com as an active crypto drainer impersonating Alveon Ltd, a legitimate entity in the digital asset space. This malicious domain leverages deceptive branding to trick users into connecting their wallets or entering credentials, risking irreversible cryptocurrency losses. The threat actors behind this campaign use social engineering tactics—such as fake giveaways or fraudulent investment opportunities—to lure victims to the site. Once accessed, the domain executes JavaScript-based wallet drainers or phishing forms to siphon funds directly from connected wallets or trick users into revealing private keys or seed phrases. Given its active status and lack of current detections, the risk of compromise remains high for unsuspecting visitors. This domain was flagged through PhishDestroy’s threat intelligence pipeline after analysis of its infrastructure and behavior. The domain resolves to IP 188.114.96.3 and operates under a Let’s Encrypt SSL certificate, which may lend it an air of legitimacy. Notably, it shows 0 detections on VirusTotal out of 95 engines scanned, indicating a low signature-based detection rate. The domain was registered on March 3, 2026, through TUCOWS.COM, CO., a registrar that has historically been used in both legitimate and malicious deployments. While no active blocklist entries have been identified yet, its recent creation and clean reputation suggest it is a newly deployed threat designed to evade early detection. Users who have visited cab.alveonltd.com should immediately disconnect any connected wallets from the site, revoke any unintended token approvals via blockchain explorers like Etherscan or BscScan, and scan their devices for malware. Do not interact with any prompts or forms on the domain, and avoid re-visiting the link. Report this domain to PhishDestroy and your organization’s SOC for further analysis. If you entered credentials or wallet information, assume compromise and transfer remaining assets to a new, secure wallet. Always verify links and domains—especially those mimicking brands—using PhishDestroy’s real-time verification tools before taking any action. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-03 14:32:02 - Registrar: TUCOWS.COM, CO. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/cab.alveonltd.com - PhishDestroy: https://phishdestroy.io/domain/cab.alveonltd.com/ - LLM endpoint: https://phishdestroy.io/domain/cab.alveonltd.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cab.alveonltd.com/ Last updated: 2026-04-08