# g90x.xyz — MALICIOUS > g90x.xyz is a PayPal credential harvesting domain flagged by 12 of 95 VirusTotal vendors. Immediate threat analysis required. Check the full report. ## Summary PhishDestroy identifies g90x.xyz as an active PayPal credential harvesting campaign targeting users with fraudulent login pages. The domain is currently operational and has been confirmed as malicious by multiple threat intelligence sources. This is a high-risk phishing operation designed to steal sensitive financial credentials under the guise of PayPal security updates or account verification processes. This domain was flagged by 12 of 95 VirusTotal security vendors, indicating widespread detection of malicious activity. It was registered through Gname.com Pte. Ltd. on March 18, 2026, and resolves to IP address 45.196.247.27. The domain utilizes a Let's Encrypt SSL certificate, which may lend false legitimacy to phishing attempts. With 12 detections on VirusTotal, this domain exhibits a concerning threat profile and should be treated as hostile. Current trust scores from analysis platforms remain critically low due to confirmed phishing payloads. Given the active status and confirmed PayPal credential harvesting activity, immediate action is required. Users should block g90x.xyz at the network and DNS levels. Organizations are advised to update firewall rules, SIEM signatures, and email security gateways to detect and block traffic to this domain. Additionally, users who may have entered credentials should immediately reset their PayPal passwords, enable two-factor authentication, and monitor accounts for unauthorized transactions. Exercise extreme caution with any communication referencing PayPal account verification from this domain or associated infrastructure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-18 07:31:36 - Registrar: Gname.com Pte. Ltd. - IP: 45.196.247.27 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2fdc84bd-eb3c-4f23-8b94-2fc2f1fadfc8 - PhishDestroy: https://phishdestroy.io/domain/g90x.xyz/ - LLM endpoint: https://phishdestroy.io/domain/g90x.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/g90x.xyz/ Last updated: 2026-03-22