# x114j.xyz — MALICIOUS

> PhishDestroy identifies x114j.xyz as an active crypto drainer scam. VirusTotal flags 15/95 vendors; verify this domain now.

## Summary
x114j.xyz is an active crypto drainer domain flagged by 15 out of 95 VirusTotal security vendors, indicating elevated risk. Registered on March 26, 2026, through Gname.com Pte. Ltd., the domain resolves to IP 45.196.247.27 and uses a Let's Encrypt SSL certificate. No specific brand impersonation is documented, suggesting a generic crypto drainer kit may be in operation. Technical indicators confirm this domain is weaponized for cryptocurrency theft, with a VirusTotal detection rate of 15/95 and no known blocklist entries as of the current analysis.  This domain exhibits classic phishing infrastructure traits: recent creation, low VT coverage, and hosting on a bulletproof IP range. The registrar, Gname.com Pte. Ltd., has a history of enabling malicious domains, while the IP 45.196.247.27 belongs to a subnet frequently associated with cybercrime. The Let's Encrypt certificate provides a false sense of legitimacy, tricking users into believing the site is secure. Given the absence of brand targeting, the threat actor likely employs a universal crypto drainer script designed to siphon funds from any connected wallet.  As of this report, x114j.xyz remains active and unblocked by major threat intelligence platforms. Immediate action is required: users should avoid this domain entirely and verify unknown links using PhishDestroy’s real-time scanner. The elevated risk level and lack of takedown suggest ongoing malicious operations. While the domain’s recent creation limits historical data, the VT score and infrastructure analysis confirm active malicious intent. Users with recent interactions are urged to revoke wallet permissions and scan for unauthorized transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 13:27:06
- Registrar: Gname.com Pte. Ltd.
- IP: 45.196.247.27

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/47b3ebb7-e395-4cff-a2cd-1396e6c37cf4
- PhishDestroy: https://phishdestroy.io/domain/x114j.xyz/
- LLM endpoint: https://phishdestroy.io/domain/x114j.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/x114j.xyz/
Last updated: 2026-04-01