# rij.proxysales.cc — MALICIOUS > rij.proxysales.cc is a crypto drainer scam domain flagged by 20 of 95 VirusTotal vendors. Avoid storing funds on this site. Report it immediately. ## Summary PhishDestroy identifies rij.proxysales.cc as an active crypto drainer domain currently distributing malicious payloads to unsuspecting cryptocurrency users. This domain is weaponized to facilitate unauthorized fund transfers by deceiving victims into connecting their wallets or entering transaction details into fraudulent interfaces. The risk level is elevated, indicating imminent danger to individuals interacting with this link. This domain was flagged by 20 of 95 VirusTotal security vendors and resolves to IP address 95.182.116.28. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 1, 2025, the domain is associated with multiple blocklist entries due to confirmed malicious behavior. The SSL certificate is issued by Let’s Encrypt, a legitimate authority often abused by threat actors to lend false credibility to malicious domains. PhishDestroy recommends immediate action: block rij.proxysales.cc at network and endpoint levels, cease all interactions with this domain, and report the incident to relevant cybersecurity authorities. Users who have already interacted with this domain should revoke any connected wallet permissions, transfer remaining assets to a secure wallet, and conduct a full device security scan. Continue monitoring for similar domains using seed 70fff5. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-11-01 08:57:54 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 95.182.116.28 ## Detection Status - VirusTotal: 20 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d7ce5703-abbc-484a-9e72-b292d9d5d393 - PhishDestroy: https://phishdestroy.io/domain/rij.proxysales.cc/ - LLM endpoint: https://phishdestroy.io/domain/rij.proxysales.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rij.proxysales.cc/ Last updated: 2026-03-23