# weare10.xyz — SUSPICIOUS > weare10.xyz hosts a credential theft operation. VirusTotal reports 0/95 detections. Avoid entering personal data; block the domain immediately for safety. ## Summary PhishDestroy identifies weare10.xyz as a live credential harvesting domain designed to trick users into surrendering sensitive login credentials under the guise of a legitimate service. The domain impersonates a brand or organization through a deceptive landing page, prompting visitors to submit usernames, passwords, or financial details into fraudulent forms. Once harvested, stolen credentials are likely used to access email accounts, banking portals, or corporate systems, enabling follow-on identity theft and fraud. This campaign is currently active and has not yet been widely blocked by security vendors. This domain was flagged by PhishDestroy due to active credential harvesting behavior and low detection coverage. According to real-time telemetry, weare10.xyz shows 0 detections out of 95 VirusTotal scans, indicating it remains undetected by most antivirus engines. The domain was registered on March 26, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating bulk and privacy-protected registrations. It resolves to IP address 172.67.215.179 and uses a valid Let's Encrypt SSL certificate to appear legitimate. At the time of analysis, the domain is not listed on major threat intelligence feeds, increasing the risk of successful deception. If you visited weare10.xyz or entered any information, immediately change passwords for all accounts where you reused credentials, especially email and financial services. Enable multi-factor authentication (MFA) where available and monitor accounts for unauthorized access. Report the domain to your email provider, browser security team, and local cybercrime unit. Use a reputable DNS filtering service or browser extension to block the domain in the future. Do not re-enter credentials unless you have independently verified the legitimacy of the service. Stay vigilant for further phishing campaigns leveraging similar tactics. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-26 19:15:45 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.215.179 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/weare10.xyz - PhishDestroy: https://phishdestroy.io/domain/weare10.xyz/ - LLM endpoint: https://phishdestroy.io/domain/weare10.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/weare10.xyz/ Last updated: 2026-04-03