# proposal-usefelix.xyz — SUSPICIOUS

> PhishDestroy warns: proposal-usefelix.xyz is a crypto drainer active since Feb 2026. 3 of 95 security tools flag it; avoid and verify before you interact.

## Summary
PhishDestroy identifies proposal-usefelix.xyz as a live crypto drainer landing page. Visitors are prompted to connect wallets and sign malicious messages that silently drain tokens to attacker-controlled addresses.  This domain was flagged on 2 blocklists and confirmed by VirusTotal, where exactly 3 out of 95 security vendors classify it as malicious. It went live on February 27, 2026 and is registered via NICENIC INTERNATIONAL GROUP CO., LIMITED; its hosting IP is 188.114.97.3. Let’s Encrypt issued the SSL certificate, but MetaMask and SEAL have already blacklisted the hostname.  If you visited proposal-usefelix.xyz, immediately revoke any wallet approvals you signed and disconnect the site. Do not enter seed phrases or sign messages from this domain or any pop-ups it triggers. Disconnect your wallet and run a malware scan on the device before reconnecting to trusted platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-27 19:06:57
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/188b4b1c-f382-4644-a20b-39809e732c2a
- PhishDestroy: https://phishdestroy.io/domain/proposal-usefelix.xyz/
- LLM endpoint: https://phishdestroy.io/domain/proposal-usefelix.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/proposal-usefelix.xyz/
Last updated: 2026-03-27