# 0xbull.xyz — MALICIOUS

> 0xbull.xyz posed as a $USDC token airdrop site to steal info. Avoid interacting and verify sources before sharing personal data online.

## Summary
PhishDestroy identifies 0xbull.xyz as a phishing domain impersonating a $USDC token airdrop service. Classified as a generic phishing threat, this domain aimed to deceive users with fraudulent promises related to cryptocurrency giveaways.

Technically, 0xbull.xyz resolved to IP address 188.114.96.3 and was registered via NiceNIC International Group Co., Limited on February 28, 2026. The domain was flagged by Google Safe Browsing for social engineering and appeared on three separate security blocklists. VirusTotal scans revealed 9 out of 95 security vendors detected suspicious activity, indicating moderate consensus on its malicious nature.

Currently, 0xbull.xyz is offline, having been taken down following exposure. Users are advised to remain cautious of similar token airdrop claims and always verify domain legitimacy before engaging. PhishDestroy continues to monitor related threats to protect the community from evolving phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: $USDC Token Airdrop

## Domain Intelligence
- Registered: 2026-02-28 21:00:03
- Expires: 2027-02-23 00:00:00
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: leanna.ns.cloudflare.com margo.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "CRDF", "CyRadar", "Fortinet", "Gridinsoft", "Kaspersky", "SOCRadar", "Sophos", "alphaMountain.ai"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/HcY8G1m/24297d18831d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/77d7a787-eff4-45b6-914c-ba0eb5f6e37d
- PhishDestroy: https://phishdestroy.io/domain/0xbull.xyz/
- LLM endpoint: https://phishdestroy.io/domain/0xbull.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/0xbull.xyz/
Last updated: 2026-03-19