# cryptomixer-mixer2.vip — SUSPICIOUS > PhishDestroy identifies cryptomixer-mixer2.vip as a crypto drainer domain with 4/95 VirusTotal detections. Immediate block recommended to prevent fund loss. ## Summary PhishDestroy identifies cryptomixer-mixer2.vip as an active crypto drainer domain designed to trick users into connecting wallets for fund extraction. The domain mimics legitimate crypto mixing services, leveraging urgency and trust-building techniques to deceive victims into authorizing malicious transactions. No direct association with a major brand was observed in available intelligence, suggesting a standalone operation targeting crypto users directly. This domain resolves to IP 172.67.199.89 and is flagged by 4 out of 95 VirusTotal security vendors. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 29, 2026. The domain uses a Let’s Encrypt SSL certificate but has no presence in Google Safe Browsing (GSB) and remains unlisted on major threat intelligence platforms at this time. As of the latest analysis, cryptomixer-mixer2.vip remains active with an elevated risk profile. Immediate blocking at network and endpoint levels is advised due to its crypto drainer functionality. Users should avoid interaction and report any sightings. While current detection is limited, proactive monitoring and domain takedown requests are recommended to mitigate ongoing abuse. Remaining risk remains elevated due to active operation and low initial detection coverage. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-29 14:10:32 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.199.89 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/cryptomixer-mixer2.vip - PhishDestroy: https://phishdestroy.io/domain/cryptomixer-mixer2.vip/ - LLM endpoint: https://phishdestroy.io/domain/cryptomixer-mixer2.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cryptomixer-mixer2.vip/ Last updated: 2026-04-02