# www-sun.io — SUSPICIOUS

> www-sun.io poses as a cryptocurrency drainer scam with 0/95 VirusTotal detections. Users should avoid interacting with this domain to prevent fund theft or.

## Summary
PhishDestroy identifies www-sun.io as a high-risk cryptocurrency drainer scam domain currently under investigation. This domain is designed to mimic legitimate cryptocurrency services with the intent of deceiving users into connecting wallets or entering private keys, enabling direct fund theft. The threat type is classified as a generic phishing drainer kit, which is a specialized form of phishing attack targeting digital assets.  

This domain was flagged by PhishDestroy with a VirusTotal detection score of 0/95, indicating no current antivirus or security vendor has flagged it despite its malicious intent. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP address 172.67.183.120. The domain was created on April 13, 2026, and secured with a Let’s Encrypt SSL certificate, which may be used to lend false credibility to the site. At the time of analysis, the domain has not been listed on Google Safe Browsing (GSB) or any major blocklists, which is unusual given its active drainer kit deployment.  

The current status of www-sun.io remains active, with no takedown or mitigation measures observed at this stage. PhishDestroy recommends immediate avoidance of this domain and advises users who may have interacted with it to revoke any connected wallet permissions and transfer funds to a secure wallet not linked to the domain. The remaining risk is classified as high due to the active drainer kit deployment and absence of vendor detection. Users should report this domain to their antivirus providers and security platforms to aid in blocking efforts. The domain’s recent creation date and lack of historical detections suggest it is a newly deployed threat, likely evolving to evade detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-13 22:01:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.183.120

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4e0ce1e2-dec8-4eac-b631-c2ade719d4d5
- PhishDestroy: https://phishdestroy.io/domain/www-sun.io/
- LLM endpoint: https://phishdestroy.io/domain/www-sun.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www-sun.io/
Last updated: 2026-04-14