# xires.weebly.com — MALICIOUS

> PhishDestroy identifies xires.weebly.com as hosting a brand impersonation phishing scheme. This site is flagged by 19 of 95 VirusTotal vendors and must be.

## Summary
PhishDestroy identifies xires.weebly.com as a live brand impersonation phishing domain currently active and flagged by multiple security vendors. The site masquerades under the pretense of a legitimate service to deceive users into disclosing sensitive information such as login credentials or financial data. There are no indications of remediation or takedown, and the domain remains accessible via Weebly hosting infrastructure.

This domain was flagged by 19 of 95 VirusTotal vendors, blocked by OISD via the open-source intelligence-driven blocklist (OISD Blocklist), and resolved to IP address 74.115.51.9. It was registered through Safenames Ltd on March 29, 2006, and continues to operate under a Let's Encrypt SSL certificate. The site has accrued a history of abuse, placing it among a limited set of long-standing domains consistently used in phishing campaigns.

Despite its age, this domain is currently an elevated risk due to active abuse in social engineering campaigns. PhishDestroy recommends users avoid visiting xires.weebly.com entirely. If the domain is encountered—especially in unsolicited emails, advertisements, or search results—it should be reported immediately to your email provider, browser vendor, and relevant cybersecurity authorities. Network defenders should block the domain at DNS and firewall levels using the listed IP and domain name, and consider investigating any internal access or credential exposure related to this site.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2006-03-29 00:25:07
- Registrar: Safenames Ltd
- IP: 74.115.51.9

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/beb02c09-37ab-4bf9-95aa-da4fac00b35b
- PhishDestroy: https://phishdestroy.io/domain/xires.weebly.com/
- LLM endpoint: https://phishdestroy.io/domain/xires.weebly.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xires.weebly.com/
Last updated: 2026-03-29