# riverstone-autosales.com — SUSPICIOUS > PhishDestroy flags riverstone-autosales.com as an active crypto drainer posing as a fake auto dealership. Verify this domain on PhishDestroy before interacting. ## Summary PhishDestroy analysts identify riverstone-autosales.com as a recently activated crypto drainer domain designed to impersonate a legitimate auto dealership. The domain leverages a deceptive naming strategy to trick users into connecting cryptocurrency wallets or submitting payment details under the guise of vehicle purchases. This tactic aligns with a growing trend of phishing campaigns targeting crypto holders through fake transaction portals and malicious checkout pages. This domain was flagged by PhishDestroy on receipt of telemetry indicating crypto-drainer kit signatures embedded in the site’s JavaScript payloads. Technical indicators confirm its elevated risk profile: VirusTotal shows detection by only 1 out of 95 participating security vendors, the domain was registered on March 10, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, and it resolves to IP 104.21.21.108 with a Let's Encrypt SSL certificate. Google Safe Browsing currently has no classification for this domain, which remains absent from major blocklists, indicating a newly emergent and rapidly evolving threat. As of this report, riverstone-autosales.com remains active and unblocked across most threat intelligence platforms. PhishDestroy has issued proactive blocks and continues to monitor for related infrastructure. However, the low detection rate, fresh registration, and lack of widespread blocklisting underscore an elevated risk to potential visitors. Users are strongly advised to verify any interaction with this domain using PhishDestroy’s real-time lookup tool before proceeding with any transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-10 12:17:11 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.21.108 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fe41e501-f1e0-48cf-a1f0-1190e29a0d6c - PhishDestroy: https://phishdestroy.io/domain/riverstone-autosales.com/ - LLM endpoint: https://phishdestroy.io/domain/riverstone-autosales.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/riverstone-autosales.com/ Last updated: 2026-03-23