# starlitproinv.cfd — SUSPICIOUS > PhishDestroy identifies starlitproinv.cfd as an active crypto drainer domain flagged by 1 of 95 VirusTotal vendors since registration on March 15, 2026. ## Summary PhishDestroy identifies starlitproinv.cfd as a crypto-draining phishing domain designed to steal cryptocurrency from unsuspecting users. The site mimics legitimate investment platforms but instead drains digital wallets by tricking victims into connecting their wallets to malicious smart contracts. Attackers often deploy such drainers following social media promotions or fake airdrop announcements. The domain resolves to IP 198.251.84.200 and uses a Let’s Encrypt SSL certificate to appear trustworthy, despite its malicious intent. This domain was flagged by PhishDestroy due to its elevated risk status and confirmed malicious activity. VirusTotal analysis shows only 1 out of 95 security vendors currently detect this threat, likely because the domain is newly active—registered on March 15, 2026, through Spaceship, Inc. New domains with low detection rates are frequently abused in crypto drainer campaigns before security vendors update their signatures. The SSL certificate issued by Let’s Encrypt adds a false sense of legitimacy, making users more likely to interact with the site. If you visited starlitproinv.cfd, especially connected a cryptocurrency wallet, immediately disconnect the wallet from any dApps and revoke suspicious permissions using tools like Etherscan’s token approval checker or your wallet’s built-in security features. Do not enter any private keys, seed phrases, or wallet connections. Clear your browser cache and consider running a malware scan. Report the domain to your antivirus provider, local cybercrime units, and PhishDestroy to help block further attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-15 16:11:28 - Registrar: Spaceship, Inc. - IP: 198.251.84.200 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/beb4c769-671e-4103-aa93-0c8c35c69cdd - PhishDestroy: https://phishdestroy.io/domain/starlitproinv.cfd/ - LLM endpoint: https://phishdestroy.io/domain/starlitproinv.cfd/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/starlitproinv.cfd/ Last updated: 2026-03-23