# xnx-xr.com — SUSPICIOUS

> Phishing alert: xnx-xr.com is a crypto drainer impersonating legitimate services. Flagged by 0 of 95 VirusTotal vendors, verify safety on PhishDestroy.

## Summary
PhishDestroy identifies xnx-xr.com as a generic phishing domain currently active and under investigation for potential cryptocurrency drainer activity. The domain is not yet flagged by automated detection systems but exhibits multiple red flags consistent with malicious intent, warranting heightened scrutiny from security researchers and end-users alike.

This domain was flagged by PhishDestroy after being blocked by a single security blocklist. VirusTotal currently shows 0 detections out of 95 vendor engines, indicating the domain has not yet been widely recognized as malicious despite its recent registration. Technical indicators include registration through NICENIC INTERNATIONAL GROUP CO., LIMITED with a domain creation date of April 25, 2025, resolution to IP address 188.114.97.3, and use of a Google Trust Services SSL certificate. The domain has appeared on 1 security blocklist, suggesting early-stage malicious deployment with potential for rapid expansion across detection systems.

Given the active status of this domain, the absence of VirusTotal detections despite blocklisting, and the specific threat of cryptocurrency drainer activity, users are strongly advised to avoid interaction with xnx-xr.com. PhishDestroy recommends manual verification of any links or websites associated with this domain before engagement. Security researchers should monitor this domain for evolving threat behaviors while endpoint protection systems may need manual updates to include this indicator. Immediate reporting of any suspicious interactions with this domain to PhishDestroy is encouraged to aid in threat containment and prevention of further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-25 13:33:44
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/34a851a7-62aa-478e-b4ea-bf1376b70411
- PhishDestroy: https://phishdestroy.io/domain/xnx-xr.com/
- LLM endpoint: https://phishdestroy.io/domain/xnx-xr.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xnx-xr.com/
Last updated: 2026-03-27