# casiflex.cc — SUSPICIOUS

> casiflex.cc is a crypto drainer phishing site with 0/95 VirusTotal detections. Impersonates trusted brands to steal crypto assets. Block immediately.

## Summary
PhishDestroy identifies casiflex.cc as an active crypto drainer phishing domain designed to mimic legitimate services and steal cryptocurrency assets from unsuspecting users. The domain leverages deceptive branding to trick victims into connecting wallets or entering private keys, facilitating unauthorized fund transfers. While no specific drainer kit has been publicly linked to this domain, its infrastructure and behavior align with known crypto-draining campaigns targeting Web3 users.  This domain was flagged by PhishDestroy under investigation for credential theft and crypto drainer activity. Technical indicators include a VirusTotal detection score of 0/95, registration via Gname.com Pte. Ltd., and resolution to IP 104.21.74.100. The domain was created on March 08, 2026, and secured with a Let’s Encrypt SSL certificate. It remains unlisted on Google Safe Browsing (GSB) and has not yet been added to major threat intelligence blocklists, indicating a low but rising risk profile.  As of this report, casiflex.cc remains active and poses a credible threat to cryptocurrency users. Immediate actions include blocking the domain and IP at the network and DNS levels. Users are advised to avoid interaction with this domain and verify all crypto-related sites via official channels. PhishDestroy continues to monitor this threat, but due to its recent emergence and low detection rate, the risk level remains under investigation. Users should prioritize wallet security and enable multi-factor authentication on all platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-08 12:10:40
- Registrar: Gname.com Pte. Ltd.
- IP: 104.21.74.100

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/casiflex.cc
- PhishDestroy: https://phishdestroy.io/domain/casiflex.cc/
- LLM endpoint: https://phishdestroy.io/domain/casiflex.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/casiflex.cc/
Last updated: 2026-04-04