# xaman-download.icu — SUSPICIOUS

> PhishDestroy identifies xaman-download.icu as a crypto drainer impersonating legitimate download portals.

## Summary
PhishDestroy has flagged xaman-download.icu as an active crypto drainer posing as a software download portal. This domain employs brand impersonation tactics to deceive users into connecting crypto wallets and draining funds. Given its active status and the absence of detections despite recent creation, the risk remains under investigation but warrants immediate scrutiny.  

This domain was registered on April 06, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and currently resolves to IP 172.67.182.158. The SSL certificate issued by Let’s Encrypt lends it a veneer of legitimacy, while its zero detections on VirusTotal (0/95) suggest it has evaded detection thus far. Despite its recent appearance, the lack of historical data on blocklists or trust scores increases the potential for harm, particularly for users seeking software downloads.  

To mitigate exposure to this threat, users should avoid interacting with xaman-download.icu entirely. Block the domain and associated IP (172.67.182.158) at the network perimeter. Verify software sources through official channels and employ wallet address screening tools to detect drainer signatures. Organizations should update threat intelligence feeds to include this domain and monitor for signs of compromise in their environments.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 21:37:15
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.182.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/edd24699-895c-491a-a190-1a1a5253516c
- PhishDestroy: https://phishdestroy.io/domain/xaman-download.icu/
- LLM endpoint: https://phishdestroy.io/domain/xaman-download.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xaman-download.icu/
Last updated: 2026-04-11