# productionmaza.cyou — MALICIOUS

> PhishDestroy identifies productionmaza.cyou as an active fake-crypto drainer domain. This Let's Encrypt site resolves to 104.21.55.

## Summary
PhishDestroy identifies productionmaza.cyou as an active generic phishing domain posing as a cryptocurrency drainer. The site targets users with fake wallet-connect prompts to steal digital assets, exploiting brand confusion with the legitimate “Production Maza” name. No specific drainer kit hash has been released, but the domain’s behavior aligns with common JavaScript-based wallet drainers seen in 2024 campaigns.

Technical indicators include a VirusTotal detection score of 22/95 security vendors, registration through Global Domain Group LLC on March 23, 2026, resolution to IP 104.21.55.125 under a Let’s Encrypt SSL certificate, and presence on exactly one public blocklist (Hagezi). The domain is newly created, lacks historical reputation, and exhibits rapid deployment typical of opportunistic phishing campaigns.

The domain remains active and unresolved by upstream registries despite early blocklist coverage. Users should immediately block 104.21.55.125 and productionmaza.cyou at DNS and firewall layers. Remaining risk is elevated due to active hosting and low VT coverage lag, necessitating continuous monitoring and avoidance of any wallet connections to this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 15:00:13
- Registrar: Global Domain Group LLC
- IP: 104.21.55.125

## Detection Status
- VirusTotal: 22 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d20528f4-1758-41ae-98ba-ab6ad1d80a21
- PhishDestroy: https://phishdestroy.io/domain/productionmaza.cyou/
- LLM endpoint: https://phishdestroy.io/domain/productionmaza.cyou/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/productionmaza.cyou/
Last updated: 2026-03-27