# fancup.pro — SUSPICIOUS

> fancup.pro is a credential harvesting phishing site hosted on IP 46.224.117.47 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies fancup.pro as an active credential harvesting phishing site currently under investigation. This domain poses a high-risk threat by impersonating legitimate services to steal user credentials. The threat actor behind this campaign is leveraging a recently registered domain (December 15, 2025) to evade detection while targeting unsuspecting users with fake login pages.  This domain was flagged by PhishDestroy with risk level marked as active and threat type classified as generic_phishing. It resolves to IP address 46.224.117.47, was registered through PDR Ltd. d/b/a PublicDomainRegistry.com, and holds a valid SSL certificate issued by Let's Encrypt. Notably, VirusTotal currently shows 0/95 detection engines flagging this domain, indicating it remains under the radar of most security vendors. The domain's recent creation date (December 15, 2025) suggests a short-lived campaign designed to exploit newly registered domains before they are widely recognized as malicious. No current presence on major blocklists was detected at the time of analysis, which may contribute to its low detection rate.  To mitigate the risk posed by fancup.pro, users should immediately block this domain at the network and endpoint levels. Organizations should update firewall rules, DNS sinkholes, or proxy blocks to prevent access to 46.224.117.47 and any associated subdomains. End users who may have interacted with this domain should change their credentials immediately, enable multi-factor authentication on all accounts, and scan their devices for malware. Security teams should monitor for any new domains registered by the same registrar or IP range, as this threat actor may rapidly shift infrastructure. Reporting this domain to PhishDestroy and relevant authorities (such as CERT teams or domain registries) can help accelerate its takedown and protect other potential victims.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-15 16:23:33
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 46.224.117.47

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/35d6c4ae-48a0-4798-8dbc-541d42b4b6d4
- PhishDestroy: https://phishdestroy.io/domain/fancup.pro/
- LLM endpoint: https://phishdestroy.io/domain/fancup.pro/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fancup.pro/
Last updated: 2026-03-28