# fasoud.com — SUSPICIOUS > fasoud.com poses as a crypto giveaway scam; 0/95 VirusTotal detections despite active theft of digital assets. ## Summary fasoud.com has been profiled as a generic phishing domain under active investigation for hosting a fake giveaway scam targeting cryptocurrency users. While no specific brand is being impersonated in the seed data, the site’s structure and lure strongly resemble ‘drainer kit’ style campaigns—web pages that instruct victims to connect wallets and sign malicious transactions. This type of threat does not just harvest credentials; it directly drains funds by tricking users into approving crypto transfers via wallet signatures. The current risk level is flagged as under investigation yet remains active, with no confirmed blocklist entries or GSB listings to date, indicating the campaign may be newly launched or only lightly documented by threat intel feeds. Technical indicators confirm that fasoud.com resolves to IP 81.95.5.153 and was created on March 15, 2026, through registrar NAMECHEAP INC. The domain is secured with a Let’s Encrypt SSL certificate, which attackers often use to appear legitimate. VirusTotal currently shows 0/95 security vendor detections, suggesting low coverage from automated scanners. Given the new registration date and zero detections, the domain likely operates below most scanners’ update cycles and has not yet been widely blocked by network defenses. Historical patterns for similar registrations via NAMECHEAP with recent creation dates and Let’s Encrypt SSL in the same IP range indicate a high likelihood of future malicious activity if left unchecked. PhishDestroy identifies fasoud.com as an active threat under Tier-3 monitoring with the status still under investigation. Immediate actions include reporting the domain to hosting providers, domain registrars, and threat intelligence platforms to trigger takedowns and blocklist updates. Users should block 81.95.5.153 at the firewall level and avoid any interaction with fasoud.com including visiting, linking, or referencing it in public forums. Because the drainer kit is believed active and lacks detections, users—especially in crypto communities—should treat all promotions or giveaways on this domain as attempted theft. The residual risk remains elevated until widespread blocking is achieved and the drainer infrastructure is dismantled. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-15 21:18:10 - Registrar: NAMECHEAP INC - IP: 81.95.5.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a16c8a86-1c1a-4ee0-b224-d241c6ef2e15 - PhishDestroy: https://phishdestroy.io/domain/fasoud.com/ - LLM endpoint: https://phishdestroy.io/domain/fasoud.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fasoud.com/ Last updated: 2026-03-28