# app.xpjqwxgz.top — SUSPICIOUS > Domain app.xpjqwxgz.top is a live credential theft phishing page flagged under investigation. Resolves to IP 172.67.161.232 with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies app.xpjqwxgz.top as an active credential theft phishing domain designed to harvest login credentials under the guise of a legitimate service or application portal. The domain mimics trusted domains to deceive users into entering sensitive credentials, which are then exfiltrated by actors for malicious use such as account takeover or further fraudulent activities. Given the absence of detection on VirusTotal as of the latest scan (0/95 engines), this domain remains under active investigation but poses an immediate threat to unwary users. This domain was flagged as part of a generic phishing campaign and exhibits several red flags consistent with malicious intent. Registered through NameSilo, LLC on June 19, 2025, app.xpjqwxgz.top currently resolves to a Cloudflare IP address (172.67.161.232). Despite utilizing a Let's Encrypt SSL certificate—often exploited by phishers to appear legitimate—the domain remains undetected in VirusTotal’s 95-vendor scan, indicating a low-profile campaign likely still building reputation or employing evasion tactics. Its recent creation and low detection rate highlight the need for heightened vigilance. Users who visited or entered credentials on app.xpjqwxgz.top should immediately change passwords on any accounts where the same or similar credentials were reused. Enable multi-factor authentication (MFA) where available and monitor accounts for unusual activity. If credentials were entered, consider revoking session tokens and running a malware scan on the device used for access. Report the domain to your security team or PhishDestroy for further analysis. Always verify the legitimacy of URLs via trusted sources before providing sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-06-19 07:53:44 - Registrar: NameSilo, LLC - IP: 172.67.161.232 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/app.xpjqwxgz.top - PhishDestroy: https://phishdestroy.io/domain/app.xpjqwxgz.top/ - LLM endpoint: https://phishdestroy.io/domain/app.xpjqwxgz.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app.xpjqwxgz.top/ Last updated: 2026-04-09