# cashbackterminal.xyz — MALICIOUS > cashbackterminal.xyz is a crypto drainer domain flagged by 5 of 95 VirusTotal vendors. Avoid entering wallet credentials or connecting crypto wallets. ## Summary PhishDestroy identifies cashbackterminal.xyz as an active crypto drainer domain currently engaged in malicious activities targeting cryptocurrency users. The domain is classified under generic phishing operations with a specific focus on draining digital assets from unsuspecting victims. Security systems have flagged this domain as a persistent threat, and it remains in active circulation, necessitating immediate attention from users and security professionals. This domain was flagged by 5 of 95 VirusTotal security vendors, indicating significant malicious activity. Registered through PDR Ltd. d/b/a PublicDomainRegistry.com, cashbackterminal.xyz resolves to IP address 172.67.158.26 and was created on April 11, 2026. It has appeared on 2 security blocklists and is blocked by MetaMask and SEAL, demonstrating low trustworthiness across multiple security platforms. Given its elevated risk level and active status, users are strongly advised to avoid interacting with cashbackterminal.xyz or entering any wallet credentials. The domain uses a Let's Encrypt SSL certificate, which does not guarantee legitimacy. If you have visited this domain or entered sensitive information, immediately revoke any connected wallet permissions and transfer assets to a secure wallet. Report this domain to your security provider and share intelligence to prevent further victimization. Always verify domains through official channels before engaging in financial transactions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-11 17:10:47 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 172.67.158.26 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/eaacdce1-cac3-4bb0-bad9-dce3621d6d6a - PhishDestroy: https://phishdestroy.io/domain/cashbackterminal.xyz/ - LLM endpoint: https://phishdestroy.io/domain/cashbackterminal.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cashbackterminal.xyz/ Last updated: 2026-04-12