# xvgamb.cc — SUSPICIOUS

> xvgamb.cc is a crypto drainer domain with 0/95 VirusTotal detections. Users should avoid interacting and check their wallets for unauthorized transfers.

## Summary
PhishDestroy identifies xvgamb.cc as an active crypto drainer domain currently under investigation for malicious activity targeting cryptocurrency users. This domain, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, was created on March 19, 2026, and resolves to IP address 172.67.169.158. The domain utilizes a Let's Encrypt SSL certificate, which may be leveraged to appear legitimate and evade initial detection mechanisms. Despite its recent creation, the domain has not yet been flagged by security vendors, with VirusTotal currently reporting 0 out of 95 detections as of the latest scan.  Technical analysis reveals several red flags associated with crypto drainer operations. The domain's recent registration date suggests opportunistic domain squatting, a common tactic to exploit trending topics or services. The use of NICENIC INTERNATIONAL GROUP CO., LIMITED as the registrar is noteworthy, as this entity has been implicated in previous malicious domain registrations. The absence of detections on VirusTotal, despite active scanning, indicates either a very recent deployment or the use of sophisticated evasion techniques. The domain's infrastructure, hosted on 172.67.169.158, further aligns with known malicious IP ranges previously associated with cryptocurrency-related scams.  Users who have interacted with xvgamb.cc, whether by visiting the site or entering sensitive information, should take immediate action to secure their assets. Disconnect any connected wallets from websites or applications and revoke any permissions granted to unknown or suspicious domains. Monitor wallet transactions closely for unauthorized transfers or suspicious activity, and consider transferring remaining funds to a newly generated wallet with enhanced security measures. Report any unauthorized transactions to relevant cryptocurrency platforms and local cybersecurity authorities. Exercise heightened caution with domains that lack a track record or exhibit hallmark traits of crypto drainers, such as recent registration dates and low detection rates on security platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 19:22:21
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.169.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/xvgamb.cc
- PhishDestroy: https://phishdestroy.io/domain/xvgamb.cc/
- LLM endpoint: https://phishdestroy.io/domain/xvgamb.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xvgamb.cc/
Last updated: 2026-04-07