# flowus.cc — SUSPICIOUS

> PhishDestroy analysts identify flowus.cc as a crypto drainer domain flagged by 3 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies the domain flowus.cc as an active crypto drainer currently targeting users of the legitimate FlowUs cloud storage platform. The malicious infrastructure is designed to deceive visitors into connecting their cryptocurrency wallets under false pretenses, leading to unauthorized fund transfers. This domain is classified as an elevated-risk threat due to its active deployment and potential for significant financial harm to unsuspecting users.  This domain was flagged by 3 of 95 VirusTotal vendors and is registered through Web Commerce Communications Limited dba WebNic.cc. It resolves to IP address 95.182.97.78 and operates with a valid Let's Encrypt SSL certificate. Registered on November 05, 2025, this domain represents a newly emerged threat with minimal but growing detection coverage. Users should note the recent registration date and low VirusTotal detection as indicators of elevated risk.  As of current analysis, flowus.cc remains active and poses an ongoing risk to cryptocurrency holders. PhishDestroy recommends immediate blocking of this domain at the network and endpoint levels. Users are advised to verify any FlowUs-related links through official channels and avoid clicking unsolicited links. Additionally, enabling multi-factor authentication on cryptocurrency wallets and using hardware wallets for large holdings can mitigate the risk of unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-05 21:37:59
- Registrar: Web Commerce Communications Limited dba WebNic.cc
- IP: 95.182.97.78

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c1923c60-f3d4-489d-86bf-6a7eb12c0300
- PhishDestroy: https://phishdestroy.io/domain/flowus.cc/
- LLM endpoint: https://phishdestroy.io/domain/flowus.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/flowus.cc/
Last updated: 2026-03-25