# maxwin-erisirmhizli.com — SUSPICIOUS > Beware of maxwin-erisirmhizli.com, a crypto drainer phishing site detected with 0/95 VirusTotal detections. Verify URLs via PhishDestroy before clicking. ## Summary PhishDestroy identifies the domain maxwin-erisirmhizli.com as an active crypto drainer phishing campaign currently under investigation. This domain is configured to impersonate cryptocurrency services without disclosing the target brand, following a pattern of luring users into connecting their wallets to fraudulent smart contracts. The infrastructure is actively resolving and presents immediate risk to cryptocurrency users. Security telemetry reveals that 0 out of 95 VirusTotal scanning engines have flagged this domain to date, suggesting low initial detection despite its malicious intent. The domain resolves to IP address 104.21.66.78 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on March 18, 2026, and currently operates with a valid Let's Encrypt SSL certificate. At the time of this advisory, the domain remains unlisted on major threat intelligence blocklists, resulting in elevated exposure risk. Due to the active status of this campaign and the lack of detection, PhishDestroy recommends immediate action. Block network-level access to 104.21.66.78 at the firewall and DNS level. Users should avoid accessing this domain and report any recent wallet connections to PhishDestroy for forensic analysis. Organizations are advised to update browser and endpoint protection rules to flag this domain and its IP as malicious. This advisory will be updated as the investigation progresses and additional indicators emerge. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-18 09:52:44 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.66.78 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fa06a3e0-0d85-447f-b211-cc302b610bfd - PhishDestroy: https://phishdestroy.io/domain/maxwin-erisirmhizli.com/ - LLM endpoint: https://phishdestroy.io/domain/maxwin-erisirmhizli.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/maxwin-erisirmhizli.com/ Last updated: 2026-03-23