# ddooo.vip — MALICIOUS

> ddooo.vip is a confirmed crypto-drainer impersonating a crypto service. 13/95 security vendors flagged this domain.

## Summary
PhishDestroy identifies ddooo.vip as an active crypto-drainer scam designed to steal cryptocurrency from unsuspecting users. This malicious domain mimics legitimate crypto platforms, luring victims into connecting their wallets under the false pretense of accessing exclusive services, promotions, or high-yield opportunities. Once connected, the drainer silently siphons funds from the victim's wallet, often transferring assets to untraceable addresses or mixing services to obscure their origin. The domain specifically targets users in the cryptocurrency space, exploiting their familiarity with wallet connections and DeFi interactions to maximize the chances of a successful theft.  This domain was flagged by 13 out of 95 security vendors on VirusTotal, indicating a significant level of suspicion across multiple detection engines. The site was registered through Dominet (HK) Limited and went live on December 12, 2025, just days before the assessment, a common tactic among scammers to quickly deploy and then discard fraudulent domains. The domain resolves to IP 172.67.159.116, which is associated with a hosting provider known for harboring malicious activities. The use of a Google Trust Services SSL certificate is a deceptive tactic used to lend false legitimacy to the site, as scammers often exploit legitimate certificate authorities to appear trustworthy. These technical indicators, combined with the short domain age and high detection rate, strongly suggest that ddooo.vip is a malicious actor designed to defraud cryptocurrency users.  If you have visited ddooo.vip, disconnect your wallet immediately and revoke any permissions granted to the site. Use your wallet’s built-in allowance management tools to check for unauthorized connections and remove them. If you have entered any sensitive information, such as private keys or seed phrases, assume your wallet has been compromised and transfer your remaining funds to a new wallet. Do not attempt to interact with the site further. Report the domain to PhishDestroy to help protect others from falling victim to this scam. Always verify the legitimacy of crypto-related websites by cross-referencing domain age, SSL certificates, and third-party reviews before connecting your wallet or entering personal information.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 12:07:47
- Registrar: Dominet (HK) Limited
- IP: 172.67.159.116

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7f64888c-b2d0-4ef4-b830-bd84954fb393
- PhishDestroy: https://phishdestroy.io/domain/ddooo.vip/
- LLM endpoint: https://phishdestroy.io/domain/ddooo.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ddooo.vip/
Last updated: 2026-03-22