# perle-s1.xyz — SUSPICIOUS

> PhishDestroy identifies perle-s1.xyz as a live phishing site impersonating branded login pages since March 21, 2026.

## Summary
PhishDestroy identifies perle-s1.xyz as a confirmed phishing domain hosting counterfeit login portals to harvest user credentials. The threat actor behind this campaign uses a recently registered domain (March 21, 2026) with a Let’s Encrypt SSL certificate to appear legitimate and bypass initial security checks. The infrastructure resolves to IP 188.114.96.3, a hosting range known for low reputation and abusive activity. As of this report, VirusTotal shows 0/95 detections, indicating a newly deployed and undetected threat.  This domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com, a registrar that, while legitimate, frequently allows short-lived malicious domains due to weak anti-abuse controls. The domain’s age of 0 days since creation, combined with zero detections on VirusTotal, suggests an emerging campaign with high potential for rapid expansion. The active status and operational SSL certificate indicate the threat is ongoing, and the domain is likely being used in targeted phishing emails or smishing messages to lure victims into disclosing sensitive information.  Users who have visited perle-s1.xyz should assume any data entered—including usernames, passwords, or payment details—has been compromised. Disconnect from the internet if currently connected, and revoke any reused passwords immediately. Report the domain to your organization’s security team or through PhishDestroy’s abuse portal. Avoid re-accessing the site, as it remains active and may deploy additional malware or steal session cookies. Always use password managers and multi-factor authentication to mitigate credential theft risks from such campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 17:46:07
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e97cc4f8-21b2-4bd6-897e-1e7eaeb7c8f8
- PhishDestroy: https://phishdestroy.io/domain/perle-s1.xyz/
- LLM endpoint: https://phishdestroy.io/domain/perle-s1.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/perle-s1.xyz/
Last updated: 2026-03-24