# PhishDestroy threat dossier — dropcoin.info ================================================================ Fetched: 2026-06-27 04:25:43 UTC Canonical: https://phishdestroy.io/domain/dropcoin.info/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: cryptocurrency ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 14/91 security vendors flagged this domain Flagging vendors: ADMINUSLabs, Criminal IP, alphaMountain.ai, BitDefender, Chong Lua Dao, CRDF, CyRadar, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, Lionic, SOCRadar URLQuery: 2 detections Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.67.167.199 (US, San Francisco) ASN: ASAS13335 CLOUDFLARENET - Cloudflare, Inc., US Hosting org: AS13335 Cloudflare, Inc. Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: carlane.ns.cloudflare.com, shane.ns.cloudflare.com Registered: 2026-03-26 Expires: 2027-03-26 Page title: Lovable App HTTP response: 403 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E7 Expires: 2026-08-22 Status: INVALID chain Fingerprint: 209ed47b7ca1e9e428f9b769a71c6b66798dbfbf8aec6ad984caa9663b18d67b ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-03-26 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-17 16:30:08 UTC (by PhishDestroy tracker) First reported: 2026-06-17 18:39:59 UTC (abuse notice filed) Last verified: 2026-06-27 06:17:06 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019ed5fb-9929-732c-a451-3b68914b500a/ URLQuery: https://urlquery.net/report/6e6bc171-4415-4750-a5b4-23dbfeadece2 Wayback Machine: https://web.archive.org/web/*/dropcoin.info crt.sh CT logs: https://crt.sh/?q=%25.dropcoin.info Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=dropcoin.info AlienVault OTX: https://otx.alienvault.com/indicator/domain/dropcoin.info URLhaus: https://urlhaus.abuse.ch/host/dropcoin.info/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-25 20:22:14 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, dropcoin.info, is identified as an active cryptocurrency phishing threat designed to deceive users into disclosing sensitive wallet credentials or transferring digital assets to fraudulent addresses. Phishing sites of this nature often mimic legitimate cryptocurrency platforms, wallets, or decentralized applications (dApps) to exploit users through fake login portals, fraudulent token airdrops, or counterfeit investment schemes. The site may employ social engineering tactics, such as promises of high returns or urgent security alerts, to manipulate victims into interacting with malicious smart contracts or revealing private keys. Given the irreversible nature of blockchain transactions, users who fall victim to such schemes typically suffer permanent financial losses with no recourse for recovery. Analysis indicates that dropcoin.info exhibits multiple high-risk indicators. The domain was registered on March 26, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently associated with fraudulent domains. Security vendors have flagged the domain in 14 out of 95 scans, with detection engines specifically categorizing it as a phishing threat. The site resolves to the IP address 172.67.167.199, a Cloudflare-protected endpoint that obscures the true origin of the malicious infrastructure. Additional red flags include the use of a Let’s Encrypt SSL certificate, which provides encryption but does not validate legitimacy, and the presence of the page title 'Lovable App,' a generic label often used to mask malicious intent. The domain is also blocked by multiple security blocklists, including PhishDestroy, MetaMask, and SEAL, further corroborating its fraudulent nature. Users who have visited dropcoin.info or interacted with its content should take immediate action to mitigate potential risks. First, disconnect any wallets or accounts linked to the site and revoke permissions for all connected dApps using a blockchain explorer or wallet management tool. Scan the device used to access the site with updated security software to detect and remove any malware or keyloggers that may have been installed. If credentials, private keys, or seed phrases were entered, transfer all remaining assets to a new, secure wallet and monitor the compromised wallet for unauthorized transactions. Report the domain to relevant fraud reporting platforms and consider filing a complaint with cybercrime authorities if financial losses occurred. To prevent future incidents, verify the authenticity of cryptocurrency platforms by cross-referencing official sources and using browser extensions or security tools that block known phishing domains. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260617-127406 TLS cert SHA-256: 209ed47b7ca1e9e428f9b769a71c6b66798dbfbf8aec6ad984caa9663b18d67b ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/dropcoin.info/ JSON API: https://api.destroy.tools/v1/check?domain=dropcoin.info Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 170,767 domains (12,434 alive under monitoring, 157,933 confirmed takedowns/dead). Site: https://phishdestroy.io