# maxwin-qdresinizhizli.vip — SUSPICIOUS

> maxwin-qdresinizhizli.vip is a newly active fake QNB loan site pushing illegal quick-cash scams. VirusTotal shows 0/95 detections so far.

## Summary
PhishDestroy identifies maxwin-qdresinizhizli.vip as an active generic phishing domain impersonating QNB Resolve to harvest banking credentials. Security telemetry shows zero detections on VirusTotal (0/95 engines) and no block-list flags as of seed a21f7f, indicating the threat remains under the radar while aggressively targeting users with fraudulent quick-loan offers.

This domain was flagged on March 17, 2026, only days ago, through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 104.21.60.156 on a newly issued Let’s Encrypt SSL certificate—evidence of a fast, low-cost campaign aiming to mimic legitimate financial portals. Analysts note the rapid setup and low detection rate, suggesting the operators are leveraging short-lived infrastructure to evade blacklists while rapidly cycling domains.

Users who visited maxwin-qdresinizhizli.vip should immediately cease interaction, clear browser cache and cookies tied to the site, and run a full antivirus scan. Avoid entering any personal or banking details on this domain. If credentials were submitted, contact your bank and change passwords immediately. Report the site to your antivirus vendor and financial institution to aid in takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 09:10:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.60.156

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9656b609-3e09-4507-b367-2fd2125daf9a
- PhishDestroy: https://phishdestroy.io/domain/maxwin-qdresinizhizli.vip/
- LLM endpoint: https://phishdestroy.io/domain/maxwin-qdresinizhizli.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/maxwin-qdresinizhizli.vip/
Last updated: 2026-03-23