# rcclub.cc — SUSPICIOUS

> rcclub.cc is a credential theft domain with only 1/95 VirusTotal detections. Avoid entering sensitive data—block immediately.

## Summary
PhishDestroy identifies rcclub.cc (seed: 4ec6a2) as an active credential theft domain with elevated risk. This domain poses a direct threat to user credentials and should be treated as untrusted.  rcclub.cc was flagged by only 1 out of 95 VirusTotal security vendors, indicating weak detection coverage despite clear malicious indicators. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar with mixed reputation known for hosting high-risk domains. The domain resolves to IP address 172.67.150.14, which falls within Cloudflare’s infrastructure—a common choice for malicious actors to mask origin and evade takedowns. Registered on November 2, 2016, the domain has evaded major blocklists for years, suggesting long-term abuse potential. Its SSL certificate is issued by Google Trust Services, a legitimate CA, which may be misused to create a false sense of security and bypass browser warnings.  Given its credential theft nature, rcclub.cc is likely designed to mimic legitimate login portals to harvest usernames and passwords. The low detection rate on VirusTotal (1/95) and lack of active blocklisting imply this domain remains under the radar of most defenses, making it especially dangerous for unsuspecting users. Technical analysis suggests it may be used in spear-phishing campaigns targeting specific communities or brands, leveraging social engineering to drive traffic.  To mitigate risk, users should immediately block rcclub.cc at the network and DNS levels using updated blocklists. Never enter credentials, payment details, or sensitive data on this domain. If you suspect exposure, change passwords on unrelated services and enable multi-factor authentication (MFA) where available. Organizations should deploy advanced threat intelligence tools to monitor for related infrastructure and proactively block ASNs or IPs known to host such domains. Report any interactions with rcclub.cc to your security team or through official phishing reporting portals. Stay vigilant—credential theft domains like this one evolve to bypass defenses and exploit trust.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2016-11-02 17:16:39
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.150.14

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/acef18bd-6f63-44a7-af3a-77c674fc2655
- PhishDestroy: https://phishdestroy.io/domain/rcclub.cc/
- LLM endpoint: https://phishdestroy.io/domain/rcclub.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rcclub.cc/
Last updated: 2026-03-26