# ens0.xyz — SUSPICIOUS

> Explore the latest findings on ens0.xyz, a newly registered domain flagged for phishing suspicion. Learn why caution is advised.

## Summary
PhishDestroy identifies ens0.xyz as a domain currently under investigation for generic phishing activity. Although it has not been detected by any antivirus or security engines to date, the domain's recent creation on March 5, 2026, raises concerns about its legitimacy. Given the increasing use of newly registered domains to facilitate phishing schemes, ens0.xyz warrants close monitoring for deceptive activity.

From an infrastructure perspective, ens0.xyz is registered through Sav.com, LLC, a registrar occasionally associated with risky domains due to lax registration policies. The domain resolves to IP address 172.67.163.180, which is hosted on infrastructure commonly used by various web services but can also be exploited by threat actors. The absence of detections on VirusTotal (0/95) as of now suggests no confirmed malicious payloads have been identified, yet this does not exclude potential phishing setups aimed at harvesting sensitive user credentials.

The domain remains active and flagged within PhishDestroy’s system with a risk level marked as under investigation. Security professionals and end users are advised to exercise caution when encountering emails or links involving ens0.xyz. It is recommended to avoid interaction until further intelligence clarifies its intent. Continuous monitoring and updating blocklists may help mitigate risks posed by this suspicious domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Crypto Tools

## Domain Intelligence
- Registered: 2026-03-06 21:07:02
- Registrar: Sav.com, LLC
- Country: US
- IP: 172.67.163.180
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["venus.ns.cloudflare.com", "arturo.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["Forcepoint ThreatSeeker"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc48c-1286-72b9-967c-9119350ad168.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/da9248c0-a3aa-451d-8390-9dfe26e82581
- Wayback Machine: https://web.archive.org/web/https://ens0.xyz
- PhishDestroy: https://phishdestroy.io/domain/ens0.xyz/
- LLM endpoint: https://phishdestroy.io/domain/ens0.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ens0.xyz/
Last updated: 2026-03-19