# xaman-app.icu — SUSPICIOUS

> xaman-app.icu is a crypto drainer scam detected by 3/95 VirusTotal vendors. Registered April 6, 2026 via NICENIC INTERNATIONAL GROUP.

## Summary
xaman-app.icu operates as a crypto drainer, a type of malicious website designed to steal cryptocurrency from unsuspecting users. When victims connect their digital wallets to this fraudulent service, the site executes unauthorized transactions, draining funds without consent. Scammers often replicate legitimate platforms—such as wallet interfaces or exchange portals—to trick users into inputting credentials or authorizing transactions. This domain specifically mimics a wallet application, tricking crypto holders into linking their wallets under false pretenses.  xaman-app.icu was flagged by 3 out of 95 VirusTotal security vendors, indicating limited but confirmed malicious activity. The domain was registered on April 6, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often associated with high-risk registrations. It resolves to IP address 188.114.97.3 and holds an SSL certificate from Let's Encrypt, which may give a false sense of security to visitors. Red flags include the new domain age (under a month old at time of analysis) and its sole purpose to mimic legitimate crypto services.  If you visited this site or connected your wallet, take immediate action to secure your funds. Disconnect the wallet from any dApps or websites, revoke any unauthorized permissions using your wallet's security settings or tools like Etherscan's token approval checker, and transfer remaining assets to a cold wallet if possible. Run a malware scan on your device, change passwords for all wallet-related accounts, and monitor transactions for unauthorized activity. Report the domain to your wallet provider and relevant crypto platforms to help prevent further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 21:37:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/81fa28db-7c4e-442f-8130-375217c97339
- PhishDestroy: https://phishdestroy.io/domain/xaman-app.icu/
- LLM endpoint: https://phishdestroy.io/domain/xaman-app.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xaman-app.icu/
Last updated: 2026-04-11