# user-apyx.xyz — SUSPICIOUS

> PhishDestroy identifies user-apyx.xyz as an active credential harvesting domain registered March 30, 2026. VT score 0/95. Check the full report.

## Summary
PhishDestroy identifies user-apyx.xyz as an active credential harvesting domain currently impersonating a generic login portal to steal user credentials. This domain was flagged by PhishDestroy’s automated pipeline under seed 2ad3ea and is categorized as a generic phishing domain designed to harvest login credentials from unsuspecting users. The infrastructure suggests a drainer kit deployment, likely targeting users through phishing emails or social engineering campaigns to capture credentials in real time.  

This domain resolves to IP address 185.53.179.128 and was registered through Dynadot LLC on March 30, 2026. VirusTotal currently shows 0/95 detection engines flagging this domain, indicating it is not yet widely recognized as malicious. This low detection rate highlights the stealthy nature of the campaign and the need for proactive monitoring. The domain has not been flagged by Google Safe Browsing (GSB) and remains unlisted on major blocklists, further increasing its potential reach and effectiveness. The combination of a newly created domain, low detection, and absence from blocklists makes this a high-risk phishing vector.  

As of the latest assessment, user-apyx.xyz remains active and under investigation. PhishDestroy has flagged this domain for immediate takedown and reputation management. Users are strongly advised to avoid visiting this domain and to report any suspicious emails or messages linked to it. While the domain is not yet widely blocked, organizations should update firewall rules and endpoint protections to include IP 185.53.179.128 and domain user-apyx.xyz. Remaining risk is assessed as high due to low detection and active infrastructure, with potential for rapid expansion if unchecked. Enhanced user awareness and network-level defenses are critical to mitigate exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 17:00:33
- Registrar: Dynadot LLC
- IP: 185.53.179.128

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/user-apyx.xyz
- PhishDestroy: https://phishdestroy.io/domain/user-apyx.xyz/
- LLM endpoint: https://phishdestroy.io/domain/user-apyx.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/user-apyx.xyz/
Last updated: 2026-04-02