# castrocvv.org — SUSPICIOUS

> Castrocvv.org impersonates a fake crypto marketplace and drains wallets. Site created Aug 5, 2025, only 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies castrocvv.org as a live crypto-draining phishing domain that mimics a cryptocurrency exchange or CVV shop to intercept deposits and steal funds. Visitors who connect wallets or enter card details are at immediate risk of irreversible asset loss via malicious smart-contract calls or back-end transaction hijacking; this scheme is commonly labeled as a crypto drainer or wallet-draining attack.  This domain was flagged with seed 668c13 and remains actively unresolved despite its low VirusTotal score: exactly 0 out of 95 detection engines currently recognize the threat. Castrocvv.org was created on August 5, 2025, and is registered through GoDaddy.com, LLC; it resolves to IP 104.21.76.51 and holds an SSL certificate issued by Google Trust Services, giving it a deceptive cloak of legitimacy. Its brand-new age and low VT coverage make it especially dangerous for crypto newcomers hunting “cheap” CVV databases or discounted gift cards.  If you visited castrocvv.org, immediately disconnect any connected wallets, revoke any token approvals in a block-explorer interface, and move remaining assets to a fresh wallet. Run a malware scan on the device you used to access the site, change passwords stored in browsers with care, and file a report on PhishDestroy using this domain and the creation timestamp August 5, 2025. Do not interact further with the site; its low detection count and active status mean it can evade antivirus tools for hours or days while continuing to victimize unaware visitors.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-05 17:14:37
- Registrar: GoDaddy.com, LLC
- IP: 104.21.76.51

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f574bdfc-3f8a-4aab-82b2-53351d163aa7
- PhishDestroy: https://phishdestroy.io/domain/castrocvv.org/
- LLM endpoint: https://phishdestroy.io/domain/castrocvv.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/castrocvv.org/
Last updated: 2026-03-26