# stalloncapital.online — SUSPICIOUS > stalloncapital.online poses as a fake cryptocurrency investment platform distributing drainer kits to steal victim wallets. ## Summary stalloncapital.online emerged on December 17 2025 as a generic phishing asset masquerading as a legitimate cryptocurrency investment portal. The domain distributes JavaScript-based drainer kits designed to siphon cryptocurrency from unwitting wallet holders into attacker-controlled addresses. No specific brand is being abused in this campaign; instead, the threat actor relies on fabricated investment promises and urgency tactics to push victims toward fund transfers. No known crypter or evasion kit has been observed, but the landing page is dynamically generated to serve different drainer variants based on user agent and geolocation. Technical indicators include a VirusTotal detection score of 0/95 across all engines, a Let’s Encrypt SSL certificate, registration via PDR Ltd. d/b/a PublicDomainRegistry.com, and resolution to IP 163.61.188.5. The domain was created on December 17 2025, meaning it has been active for less than 24 hours at the time of writing. Google Safe Browsing has not yet flagged the domain, and no third-party blocklists have flagged it. These fresh indicators combined with the absence of detections suggest an early-stage operation still under the adversary’s control. Current status is ACTIVE with ongoing distribution. Immediate user action includes blocking the domain at the network perimeter and on endpoints via DNS sinkholing. Users should be advised never to connect wallets or send funds to any address promoted through stalloncapital.online. Despite the 0/95 detection score, the domain’s recent registration, minimal infrastructure footprint, and clear malicious intent elevate the risk level to UNDER_INVESTIGATION. Security teams are urged to monitor for lateral movement attempts stemming from initial wallet interactions and to update blocklists accordingly as additional telemetry becomes available. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-17 22:23:07 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 163.61.188.5 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6f8b8bdb-df36-4feb-aacf-317f9b3424b3 - PhishDestroy: https://phishdestroy.io/domain/stalloncapital.online/ - LLM endpoint: https://phishdestroy.io/domain/stalloncapital.online/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/stalloncapital.online/ Last updated: 2026-04-12