# fashcup.com — SUSPICIOUS

> PhishDestroy identifies fashcup.com as a live phishing domain luring victims with fake fashion discounts. VT score 0/95. Check the full report.

## Summary
PhishDestroy identifies fashcup.com as an active phishing site posing as a fashion retail portal to harvest payment credentials and personal data. The domain exhibits classic phishing red flags—rapid registration (April 04, 2025), freshly issued SSL via Google Trust Services, and hosting on a bulletproof IP address (104.21.51.28). The threat actors appear to be leveraging a generic drainer kit repurposed for credential theft under the guise of high-end fashion promotions.

Technical indicators confirm the site’s hostile intent: VirusTotal currently flags 0/95 security engines, indicating zero detection as of the latest scan, while the domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The SSL certificate issued by Google Trust Services is valid but does not mitigate the risk, as it is commonly abused for short-lived phishing campaigns. The IP address 104.21.51.28 resolves through Cloudflare, a tactic often used to evade takedowns and delay takedown response.

This domain is currently active and under active monitoring by PhishDestroy. The site has not yet been widely blacklisted, maintaining a low detection footprint despite its malicious nature. Users are strongly advised to avoid interacting with fashcup.com and report any encountered instances immediately. The remaining risk is high due to the domain’s youth, evasive infrastructure, and lack of current blocklist presence. Immediate blocking at the network level is recommended for organizations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 02:17:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.51.28

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8c2a1f42-ae41-46fd-902a-276dced0f304
- PhishDestroy: https://phishdestroy.io/domain/fashcup.com/
- LLM endpoint: https://phishdestroy.io/domain/fashcup.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fashcup.com/
Last updated: 2026-03-27