# mxafgan.biz — SUSPICIOUS

> mxafgan.biz is a newly registered domain (Oct 18, 2024) posing as a fake login portal. Avoid entering credentials—it has 0/95 VirusTotal detections but is.

## Summary
PhishDestroy identifies mxafgan.biz as a high-risk domain currently under investigation for hosting a fake login scam designed to steal user credentials. This domain was flagged due to its suspicious activity pattern, including a recent registration date and association with a known phishing threat type labeled as generic_phishing. The domain resolves to IP address 188.114.96.3 and utilizes a Google Trust Services SSL certificate, which may falsely imply legitimacy to unsuspecting users. Notably, VirusTotal currently shows 0 out of 95 security engines detecting the domain, indicating it has not yet been widely blacklisted despite its malicious intent. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on October 18, 2024, a timeframe that aligns with the rapid deployment of phishing infrastructure.  This domain poses a significant threat as a credential harvesting tool, likely mimicking legitimate login pages to trick users into entering sensitive information such as usernames, passwords, or financial details. The use of a valid SSL certificate and a newly registered domain are common tactics to bypass initial security checks and establish a false sense of trust. The absence of detections on VirusTotal suggests that traditional security measures have not yet flagged this domain, increasing the risk of exposure for unwary users. The combination of a fresh registration, specific phishing threat type, and lack of current detections makes this domain particularly dangerous for individuals or organizations that may interact with it.  If you have visited mxafgan.biz, immediately cease any interaction with the site and avoid entering any personal or financial information. Check your accounts for any unauthorized activity, especially if you entered credentials on the site. Use a reputable antivirus or anti-malware tool to scan your device for potential infections. Report the domain to your local cybersecurity authority or through platforms like Google Safe Browsing, PhishTank, or your organization's security team. To prevent future exposure, consider blocking the domain at your network level using DNS filtering or firewall rules. Stay vigilant for phishing emails or messages that may direct you to similar fraudulent sites, and always verify the authenticity of login portals by checking the URL and SSL certificate details before entering sensitive data.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-10-18 11:02:41
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/443abbed-f57e-4829-b910-fb93d2166d2e
- PhishDestroy: https://phishdestroy.io/domain/mxafgan.biz/
- LLM endpoint: https://phishdestroy.io/domain/mxafgan.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mxafgan.biz/
Last updated: 2026-03-26