# proposal-standx.xyz — SUSPICIOUS > proposal-standx.xyz hosts a fake invoice phishing scam that drains crypto wallets. Detected on VirusTotal with 0/95 flags. Check the full report. ## Summary PhishDestroy identifies proposal-standx.xyz as an active invoice-themed phishing domain designed to trick users into approving fraudulent cryptocurrency transactions. The site mimics legitimate payment proposal platforms, likely targeting freelancers or businesses expecting invoices. No specific drainer kit hash or brand impersonation has been confirmed in initial analysis, though the payload appears to leverage a generic crypto-draining script embedded in the site’s JavaScript payload. Technical indicators for proposal-standx.xyz reveal a low detection profile and a recently established infrastructure: the domain scored 0 out of 95 on VirusTotal at the time of analysis, remains unlisted in Google Safe Browsing (GSB), and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. It resolves to IP address 188.114.96.3 and was created on March 30, 2026. The domain uses a valid Let's Encrypt SSL certificate, likely to enhance perceived legitimacy. Based on open-source intelligence (OSINT), no public blocklist entries were found for this domain as of this investigation. The campaign is currently active, with a risk level marked as 'under_investigation' due to the absence of widespread detections. Immediate mitigation includes adding the IP and domain to organizational blocklists and disabling access to the Let's Encrypt certificate authority link. Users are advised to avoid visiting the site, verify payment instructions via official channels, and report any unauthorized cryptocurrency transactions immediately. Remaining risk includes potential escalation if the domain gains traction in phishing forums or begins impersonating recognizable brands. Continuous monitoring of IP 188.114.96.3 and related artifacts is recommended. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-30 12:41:45 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/557c5d6e-2172-4417-b05c-3cd3414d06b5 - PhishDestroy: https://phishdestroy.io/domain/proposal-standx.xyz/ - LLM endpoint: https://phishdestroy.io/domain/proposal-standx.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/proposal-standx.xyz/ Last updated: 2026-03-31