# stoxfi.net — SUSPICIOUS

> stoxfi.net is a crypto drainer phishing site with 0/95 VirusTotal detections. Immediate action is required to block this domain and prevent fund loss.

## Summary
PhishDestroy identifies stoxfi.net as an active crypto drainer phishing domain impersonating legitimate cryptocurrency platforms. The threat level is currently under investigation but poses a critical risk due to its operational status and lack of detection on VirusTotal. This domain should be treated as high-risk until further analysis confirms its intent or takedown efforts succeed.

This domain was flagged with a 0/95 detection ratio on VirusTotal, indicating no antivirus or security vendor has flagged it yet despite its active status. It resolves to IP address 188.114.97.3, uses a Let’s Encrypt SSL certificate, and was registered on March 20, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain’s recent creation date and hosting on a shared IP with minimal reputation suggest it is newly deployed with malicious intent. No blocklist entries or trust scores are currently available for review, increasing the risk of undetected compromise.

To mitigate exposure to this crypto drainer, users should immediately block stoxfi.net at the network and DNS levels. Cryptocurrency users should verify URLs before entering credentials or connecting wallets, and avoid clicking on promotional links from unknown sources. Organizations should update firewall rules and endpoint protections to flag this domain as malicious. If any interaction with this domain has occurred, disconnect wallets, revoke permissions, and conduct a full security audit of connected devices.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-20 14:05:19
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/98d89704-b6a5-45f3-84f3-ced646244062
- PhishDestroy: https://phishdestroy.io/domain/stoxfi.net/
- LLM endpoint: https://phishdestroy.io/domain/stoxfi.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/stoxfi.net/
Last updated: 2026-03-23