# zxjkj66898.com — SUSPICIOUS > PhishDestroy identifies zxjkj66898.com as a crypto drainer phishing domain. Only 1/95 VirusTotal engines flagged it. Block access immediately. ## Summary PhishDestroy identifies zxjkj66898.com as an elevated-risk crypto drainer domain currently active and propagating malicious payloads. This domain was registered through Alibaba Cloud Computing Ltd. d/b/a HiChina on October 21, 2025, and resolved to IP 8.155.147.147 at the time of analysis. It leverages a Let’s Encrypt SSL certificate to masquerade as a legitimate service while facilitating credential theft and fund misdirection in crypto transactions. Detection by security vendors remains critically low, with only 1 out of 95 VirusTotal engines identifying the malicious nature of this domain, indicating a high likelihood of successful deception. The domain presents multiple red flags consistent with advanced phishing infrastructure. It was created within the last month, demonstrating rapid deployment typical of opportunistic threat actors. The registration through HiChina suggests cost-conscious threat actors leveraging low-cost infrastructure, while the IP address 8.155.147.147 has been intermittently associated with malicious domains, further reducing its trustworthiness. The SSL certificate issued by Let’s Encrypt enhances the appearance of legitimacy, tricking users into trusting the domain. Despite its recent creation, the domain has already been implicated in active crypto drainer campaigns, with low detection rates highlighting the evasiveness of the threat. To mitigate risk, users must immediately block zxjkj66898.com at the network and host level. Block the domain via DNS filtering, host file entries, or enterprise firewall rules referencing both the domain and resolved IP. Exercise extreme caution when receiving any communication referencing crypto wallets, QR codes, or payment links. Validate all transactions manually using trusted out-of-band channels. Report this domain to your security team and relevant threat intelligence platforms (e.g., VirusTotal, AbuseIPDB). If you have interacted with this domain, revoke any connected wallet permissions, transfer remaining assets to a cold wallet, and scan all devices for malware. Stay vigilant and prioritize verified transaction verification to prevent irreversible fund loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-21 03:36:34 - Registrar: Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) - IP: 8.155.147.147 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/09d0e244-34f7-46e2-8986-74a3300ff484 - PhishDestroy: https://phishdestroy.io/domain/zxjkj66898.com/ - LLM endpoint: https://phishdestroy.io/domain/zxjkj66898.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/zxjkj66898.com/ Last updated: 2026-03-23