# phnrxnt.info — MALICIOUS

> phnrxnt.info is an active crypto drainer site flagged by 15 of 95 VirusTotal vendors. Verify threats and stay safe with PhishDestroy updates.

## Summary
PhishDestroy identifies phnrxnt.info as an active crypto drainer threat targeting unsuspecting users. This domain is involved in fraudulent schemes aimed at illicitly extracting cryptocurrency credentials or assets. The site remains operational, presenting an elevated risk level and requiring immediate caution from internet users.

Detailed analysis reveals that phnrxnt.info was created on March 28, 2026, and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. It resolves to the IP address 162.241.85.94 and holds an SSL certificate issued by Let's Encrypt. Security intelligence confirms that 15 out of 95 VirusTotal security vendors have flagged this domain for malicious activities. The domain is listed on one known security blocklist and is blocked by Hagezi, indicating recognized threats from multiple security communities. These technical indicators strongly corroborate the domain’s involvement in crypto draining attacks.

Currently, phnrxnt.info is classified as an elevated risk and remains active. Users are strongly advised to avoid interacting with this domain, refrain from submitting any personal or cryptocurrency wallet information, and ensure their systems and wallets are protected by updated security software. Verification of this threat can be performed at PhishDestroy, a trusted resource for real-time threat intelligence. Network defenders should consider blocking the domain and IP address to mitigate exposure. Continuous monitoring of such domains is crucial to thwart emerging crypto-related scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-28 14:22:21
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 162.241.85.94

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f64d673e-b658-46e4-8852-9dc5594e0ca9
- PhishDestroy: https://phishdestroy.io/domain/phnrxnt.info/
- LLM endpoint: https://phishdestroy.io/domain/phnrxnt.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phnrxnt.info/
Last updated: 2026-03-31