# hold-in.fun — SUSPICIOUS

> PhishDestroy flags hold-in.fun as a crypto-draining phishing site. VT shows 0/95 detections since creation on March 10, 2025.

## Summary
PhishDestroy identifies hold-in.fun as a live crypto-draining phishing domain designed to trick visitors into connecting wallets and signing malicious transactions that silently drain funds. The site masquerades as a legitimate crypto service, luring users with fake giveaways, airdrops, or urgent alerts that prompt wallet connections. Once the wallet is linked, the drainer initiates unauthorized token transfers and NFT approvals, often going unnoticed until balances vanish. This is a high-risk operation because it exploits the irreversible nature of blockchain transactions, leaving victims with no chargeback or recovery path.

This domain was flagged after VirusTotal scanned it and returned 0 detections out of 95 engines, indicating stealth deployment. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 10, 2025, and resolved to IP 188.114.96.3. It uses a Let’s Encrypt SSL certificate to appear legitimate, a common tactic to bypass browser warnings. The short domain age combined with zero detections suggests a recently launched, rapidly evolving threat that has not yet been widely blacklisted.

If you visited hold-in.fun, disconnect your wallet immediately and revoke any token approvals using tools like revoke.cash or etherscan.io. Do not interact with any prompts or sign transactions. Run a full antivirus scan and change passwords for crypto-related accounts. Report the domain to PhishDestroy and your browser’s security team. Avoid future exposure by bookmarking only trusted crypto platforms and never clicking links from unsolicited messages. Monitor wallet activity closely for unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-10 03:43:33
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6544094e-a2e7-4593-bb76-cd831fe4c9cc
- PhishDestroy: https://phishdestroy.io/domain/hold-in.fun/
- LLM endpoint: https://phishdestroy.io/domain/hold-in.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hold-in.fun/
Last updated: 2026-03-22