# testsign.lanhuikeji.com — SUSPICIOUS > testsign.lanhuikeji.com is a live crypto drainer phishing domain impersonating a major brand. Flagged by 0 of 95 VirusTotal vendors, verify immediately on. ## Summary PhishDestroy identifies testsign.lanhuikeji.com as an active crypto drainer phishing domain. The site is currently operational and poses a direct threat to cryptocurrency users, with threat actors leveraging deceptive tactics to drain digital assets from unsuspecting victims. This domain is classified under the generic phishing category, specifically targeting users through fraudulent schemes designed to harvest sensitive wallet credentials or initiate unauthorized transactions. The investigation remains ongoing as additional indicators are collected and analyzed to determine the full scope of the campaign and associated infrastructure. This domain was flagged by 0 of 95 VirusTotal vendors, indicating a low detection rate despite its malicious intent. The domain testsign.lanhuikeji.com was registered through Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) and resolves to the IP address 118.190.83.59. The domain was created on November 26, 2024, and is secured with an SSL certificate issued by Let's Encrypt, which may be used to lend false legitimacy to the fraudulent site. Trust scores and blocklist counts remain unverified at this stage, pending further analysis and cross-referencing with threat intelligence platforms. The current status of this domain is active, with no confirmed blocklist entries as of the latest assessment. Users are strongly advised to avoid interacting with testsign.lanhuikeji.com and to verify any suspicious links or domains using PhishDestroy’s real-time threat intelligence tools. To mitigate risk, ensure all cryptocurrency-related transactions are conducted through verified and secure platforms, and enable multi-factor authentication (MFA) where possible. Report any encounters with this domain to PhishDestroy immediately to contribute to collective defense efforts. Remain vigilant for further updates as this investigation progresses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-11-26 08:47:16 - Registrar: Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) - IP: 118.190.83.59 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fcc34424-aa26-4ad8-a112-be249e0b7871 - PhishDestroy: https://phishdestroy.io/domain/testsign.lanhuikeji.com/ - LLM endpoint: https://phishdestroy.io/domain/testsign.lanhuikeji.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/testsign.lanhuikeji.com/ Last updated: 2026-03-23