# fco-mains.cc — MALICIOUS > PhishDestroy identifies fco-mains.cc as a crypto drainer phishing site with a 20/95 VirusTotal detection rate. Avoid this domain immediately and verify safety. ## Summary PhishDestroy identifies fco-mains.cc as a HIGH-RISK crypto drainer phishing domain designed to deceive users into unknowingly transferring cryptocurrency to threat actor-controlled wallets. The domain impersonates legitimate financial or trading platforms, luring victims with fake login portals or fraudulent investment opportunities. Once accessed, victims are prompted to connect their cryptocurrency wallets, and embedded malicious scripts execute unauthorized transactions, draining funds without the user’s consent. Security researchers have observed similar campaigns targeting users of platforms like MetaMask, Trust Wallet, and centralized exchanges, with this domain specifically engineered to bypass basic browser security warnings through the use of a legitimate Let’s Encrypt SSL certificate. This domain was flagged by PhishDestroy with a HIGH risk assessment after being detected on 5 separate security blocklists, including PhishingArmy, StevenBlack, OISD, Hagezi, and CERT-PL. VirusTotal analysis confirms malicious activity with 20 out of 95 security vendors flagging the domain as unsafe. The domain was registered on March 23, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often associated with high-risk or disposable domains used in phishing campaigns. The domain resolves to IP address 188.114.96.3, which has been linked to previous cryptocurrency scams and malware distribution. The use of a legitimate SSL certificate adds a false sense of security, making it more likely for unsuspecting users to interact with the site without hesitation. Given the recent creation date, rapid escalation in malicious activity, and widespread blocklist coverage, the threat posed by this domain is both immediate and severe. Users who have visited fco-mains.cc should immediately disconnect any connected cryptocurrency wallets and revoke any permissions granted to suspicious domains. Do not enter any credentials, private keys, or wallet addresses on this site. Run a full antivirus scan to detect and remove any potential malware or keyloggers installed by the site. If you have interacted with the domain, check your wallet transaction history for unauthorized transfers and report any suspicious activity to your wallet provider or exchange. For further verification, users can check the domain’s safety status on reputable threat intelligence platforms like PhishDestroy, VirusTotal, or Google Safe Browsing. Always verify the legitimacy of financial or trading platforms by cross-referencing official websites and using trusted bookmarks or direct URLs. Remain vigilant for phishing attempts, as threat actors frequently rotate domains and tactics to evade detection. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-23 10:09:26 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 20 vendors flagged - Google Safe Browsing: clean - Blocklists: 5 hits Lists: ["PhishingArmy", "StevenBlack", "OISD", "Hagezi", "CERT-PL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/fco-mains.cc - PhishDestroy: https://phishdestroy.io/domain/fco-mains.cc/ - LLM endpoint: https://phishdestroy.io/domain/fco-mains.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fco-mains.cc/ Last updated: 2026-04-02