# www.teahousefinance.xyz — SUSPICIOUS > teahousefinance.xyz is a credential theft site flagged by 0 of 95 VirusTotal vendors, mimicking financial services. Avoid entering login details. ## Summary PhishDestroy identifies teahousefinance.xyz as an active credential theft domain impersonating financial services. The domain is currently under investigation by security researchers and has not been fully classified, but available telemetry suggests malicious intent centered on harvesting user credentials and sensitive financial information. Users are advised to exercise extreme caution and avoid any interaction with this domain until further analysis is completed. This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating it has not yet been widely detected by automated security systems. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP address 188.114.96.3, and holds a Let's Encrypt SSL certificate. Notably, it was created on April 03, 2026, which suggests it is a recently deployed infrastructure likely intended for short-term malicious campaigns. The lack of VirusTotal detections combined with recent registration and common bulletproof hosting IP assignment places this domain at an elevated risk for future exploitation. As of this assessment, teahousefinance.xyz remains an active and unblocked threat vector. Given the absence of current detections, the domain may be leveraged in credential phishing campaigns targeting users seeking financial services or investment opportunities. It is strongly recommended that users do not visit, bookmark, or enter any personal or financial information on this domain. Security teams should update network blocklists to include this domain and IP address (188.114.96.3) immediately. Exercise heightened vigilance for similar domains, avoid clicking unsolicited links, and verify all financial service websites through official channels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-03 15:05:27 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/www.teahousefinance.xyz - PhishDestroy: https://phishdestroy.io/domain/www.teahousefinance.xyz/ - LLM endpoint: https://phishdestroy.io/domain/www.teahousefinance.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.teahousefinance.xyz/ Last updated: 2026-04-04