# mixeraggregator.com — MALICIOUS

> Explore the phishing risks linked to mixeraggregator.com, a crypto mixer site flagged for suspicious activity and now offline. Stay informed and protected.

## Summary
PhishDestroy has identified mixeraggregator.com as a medium-risk phishing domain primarily targeting cryptocurrency users. The domain masqueraded as a platform promoting top Bitcoin mixers and blenders for 2025, aiming to deceive visitors into divulging sensitive information under the guise of legitimate crypto services.

Technical analysis reveals that mixeraggregator.com was registered on February 21, 2026, through NiceNIC International Group Co., Limited. It resolved to IP address 104.21.32.1 and appeared in 13 AlienVault OTX threat pulses. VirusTotal scans flagged it with 9 detections out of 95 security vendors, while the domain was listed on 7 separate security blocklists. The page title "Top Bitcoin Mixers 2025 | Best Crypto Mixers & Blenders" was designed to lure cryptocurrency users seeking anonymity services.

Currently, the domain is offline following takedown actions, mitigating further risk to unsuspecting users. PhishDestroy recommends continued monitoring of related domains and caution when engaging with crypto mixer websites, as attackers frequently exploit this niche for phishing campaigns. Users should rely on verified platforms and maintain robust security practices to avoid credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Top Bitcoin Mixers 2025 | Best Crypto Mixers & Blenders

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.32.1
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dora.ns.cloudflare.com", "trevor.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Fortinet", "Lionic", "Phishing Database", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 7 hits
  Lists: ["PhishDestroy", "MetaMask", "Polkadot", "SEAL", "Enkrypt", "Codeesura", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019910fa-07cf-7512-8bdc-4e0fc3eb0944.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/61b9861a-1a60-4f4b-959f-66e4fc6e0805
- PhishDestroy: https://phishdestroy.io/domain/mixeraggregator.com/
- LLM endpoint: https://phishdestroy.io/domain/mixeraggregator.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mixeraggregator.com/
Last updated: 2026-03-19