# etcprotocol.com — MALICIOUS

> PhishDestroy identifies etcprotocol.com as an active credential harvesting phishing domain. Flagged by 15 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies etcprotocol.com as an active credential harvesting phishing domain targeting unsuspecting users. The domain is currently engaged in malicious activity with an elevated risk level, posing a significant threat to organizations and individuals alike.

This domain, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, was created on September 18, 2025, and resolves to IP address 188.114.96.3. Security vendors have taken notice, with 15 out of 95 VirusTotal scanners flagging the domain for malicious activity. The presence of a Google Trust Services SSL certificate may contribute to a false sense of legitimacy, further enhancing the domain's deceptive potential.

Given the domain's active status and the substantial number of security vendors flagging it, PhishDestroy recommends immediate action to mitigate potential risks. Organizations and individuals should block access to etcprotocol.com at the network and endpoint levels. Conduct a thorough review of any accounts that may have interacted with this domain, particularly focusing on credentials entered into potentially fraudulent forms. Enhanced monitoring for related indicators of compromise is strongly advised to prevent credential theft and subsequent misuse.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-18 00:58:13
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/54011661-119b-4372-8837-7b88fa280ce4
- PhishDestroy: https://phishdestroy.io/domain/etcprotocol.com/
- LLM endpoint: https://phishdestroy.io/domain/etcprotocol.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/etcprotocol.com/
Last updated: 2026-03-23