# cxping.xyz — SUSPICIOUS

> cxping.xyz is actively hosting a credential harvesting phishing campaign. VirusTotal flags 0 of 95 vendors. Check the full report.

## Summary
PhishDestroy identifies cxping.xyz as a live credential harvesting phishing domain currently active in the wild. The domain is being tracked under seed 8e5086 as part of an ongoing threat intelligence operation. The phishing infrastructure is designed to mimic official login portals to steal user credentials, posing an immediate risk to individuals and organizations who may interact with spoofed correspondence linked to this domain.


This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating low detection coverage and high potential for operational success among unsuspecting victims. The domain cxping.xyz was registered through HOSTINGER operations, UAB on March 24, 2026, and is currently resolving to the IP address 63.176.8.218. A Let’s Encrypt SSL certificate has been issued, enhancing the perceived legitimacy of the phishing site. As of this report, the domain remains unlisted on major threat intelligence blocklists, with no public trust or reputation scores available.


The active status of this campaign requires immediate defensive action. Organizations and individuals are advised to block traffic to 63.176.8.218 and cxping.xyz at the network perimeter. Users should be alerted to avoid entering credentials on any cxping.xyz-hosted login forms. Security teams should monitor for inbound emails referencing cxping.xyz and scan endpoints for Indicators of Compromise (IoCs) associated with this domain and IP. Further investigation is ongoing, and updates will be provided as new intelligence emerges from seed 8e5086.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 07:50:30
- Registrar: HOSTINGER operations, UAB
- IP: 63.176.8.218

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/75ce7499-e4ae-44da-9326-21364f14d515
- PhishDestroy: https://phishdestroy.io/domain/cxping.xyz/
- LLM endpoint: https://phishdestroy.io/domain/cxping.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cxping.xyz/
Last updated: 2026-03-28