# ht.xyz — MALICIOUS

> PhishDestroy flags ht.xyz as an active crypto-draining HTX impersonation resolving to 76.76.21.123. 6 out of 95 security vendors already block this.

## Summary
PhishDestroy analysis identifies the domain ht.xyz as engaged in active brand impersonation targeting HTX cryptocurrency users, placing it at an elevated risk level. This domain resolves to the suspicious IP 76.76.21.123 and is associated with a Let’s Encrypt SSL certificate. Domain registration occurred on April 04, 2025 via Cloudflare, Inc., and VirusTotal reports detections by 6 out of 95 participating security vendors, indicating early-stage but growing suspicion among the vendor community. No public blocklist entries are currently recorded, suggesting this threat may still be propagating across threat intelligence feeds.  The threat vector here is specifically credential harvesting and potential crypto-draining, leveraging visual and textual mimicry of the HTX brand to trick users into entering wallet credentials or downloading malicious payloads. The age of the domain—less than two weeks at time of detection—implies opportunistic registration timed to coincide with market activity or platform announcements. Despite the low absolute block rate, the presence of an SSL certificate and use of Cloudflare’s infrastructure could lend false legitimacy, increasing successful lure rates. Trust scores across passive DNS and SSL reputation services remain largely neutral, giving attackers a temporary window to operate before broader detection matures.  To neutralize the risk posed by ht.xyz, users should avoid clicking any links referencing this domain or HTX-related services outside official channels. PhishDestroy subscribers can block both the domain and its resolved IP (76.76.21.123) at the network perimeter. Enterprises are advised to push updated IOCs to endpoint and proxy defenses and to conduct user awareness training emphasizing domain scrutiny and wallet address verification. Organizations using Cloudflare DNS may consider applying custom block rules at the resolver level until threat intelligence stabilizes. Regular scanning of internal DNS logs for queries to ht.xyz is recommended to identify potential internal compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: HTX

## Domain Intelligence
- Registered: 2025-04-04 14:03:00
- Registrar: Cloudflare, Inc.
- IP: 76.76.21.123

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/233ece99-774a-48a6-97cb-04f6199a8593
- PhishDestroy: https://phishdestroy.io/domain/ht.xyz/
- LLM endpoint: https://phishdestroy.io/domain/ht.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ht.xyz/
Last updated: 2026-03-25