# green-x.xyz — MALICIOUS

> Investigation of the active domain green-x.xyz linked to credential harvesting phishing. VirusTotal score 10/95 detections. Check the full report.

## Summary
PhishDestroy identifies green-x.xyz as an active credential harvesting domain posing as a legitimate service to steal user login credentials. This domain resolves to IP address 188.114.96.3 and has been flagged by 10 out of 95 VirusTotal security vendors as malicious. Registered through Spaceship, Inc. on September 21, 2025, the domain has been added to 1 security blocklist while retaining a Google Trust Services SSL certificate, adding false legitimacy to its phishing operations.  The domain green-x.xyz was created on September 21, 2025, and has already been blocked by InversionDNS and included in a single security blocklist. While the domain holds a valid SSL certificate issued by Google Trust Services, indicating an attempt to appear trustworthy, VirusTotal analysis reveals detections from 10 security vendors out of 95, highlighting its malicious nature. The combination of a recent registration date, single blocklist presence, and partial detections suggests this campaign is actively evolving to evade detection.  Users who visited green-x.xyz or interacted with its content should immediately change passwords for any accounts they may have entered, enable multi-factor authentication where available, and scan their devices for malware. Report the domain to your organization’s security team or relevant cybersecurity platforms such as PhishDestroy for further investigation. Avoid entering any personal or financial information on this domain, as it is confirmed to be involved in credential harvesting activities. Monitor financial accounts closely for any unauthorized transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-21 03:47:30
- Registrar: Spaceship, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["InversionDNS"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4fc9ad6d-5979-40cf-853a-e1a6dcce3a9f
- PhishDestroy: https://phishdestroy.io/domain/green-x.xyz/
- LLM endpoint: https://phishdestroy.io/domain/green-x.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/green-x.xyz/
Last updated: 2026-03-22