# xaman-aiiocations.xyz — SUSPICIOUS

> Is xaman-aiiocations.xyz safe? This domain, resolving to 188.114.97.3, is a suspected crypto drainer phishing site using a Let's Encrypt SSL cert.

## Summary
PhishDestroy identifies xaman-aiiocations.xyz as an active crypto drainer phishing domain under investigation for generic phishing activity, with no VirusTotal detections (0/95) as of seed 18b8dc. This domain mimics legitimate services to trick users into connecting crypto wallets or submitting credentials, posing a direct threat to cryptocurrency holders. No known brand impersonation or drainer kit signatures (e.g., MetaMask, WalletConnect) have been confirmed yet, but behavioral analysis remains ongoing.  This domain was flagged by PhishDestroy with exact technical indicators: VirusTotal score 0/95 (undetected), registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 188.114.97.3, created on March 30, 2026, with a Let's Encrypt SSL certificate. It remains unlisted on Google Safe Browsing (GSB) and no blocklist counts are available at this time, indicating a newly emerged threat with low detection coverage.  The domain is currently active with a 'under_investigation' status, and users are advised to block access at the network level (e.g., firewall rules targeting 188.114.97.3 or domain-level blacklists). Remaining risk is assessed as high due to active status, lack of detections, and use of trusted infrastructure (Let's Encrypt). Immediate response actions include DNS sinkholing, IP reputation updates, and user awareness campaigns to prevent interaction with this site seed 18b8dc.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 02:32:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b3b64f8d-3509-4b3e-af5a-89c885d8dbad
- PhishDestroy: https://phishdestroy.io/domain/xaman-aiiocations.xyz/
- LLM endpoint: https://phishdestroy.io/domain/xaman-aiiocations.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xaman-aiiocations.xyz/
Last updated: 2026-03-30