# xolonetwork.net — SUSPICIOUS > PhishDestroy identifies xolonetwork.net as a live credential phishing site mimicking a login portal. This domain was registered April 4, 2026 and flagged by. ## Summary PhishDestroy identifies xolonetwork.net as an active credential phishing domain currently engaged in a spoofed login campaign. The site impersonates a legitimate web service portal, tricking users into entering their credentials on a counterfeit interface. No known brand or drainer kit has been conclusively matched to this domain at this time; however, the generic nature of the domain suggests opportunistic targeting rather than a focused brand impersonation. The threat actor appears to be leveraging a basic but functional phishing template likely distributed via email spam or social engineering lures. This domain was flagged by PhishDestroy on April 4, 2026 — the same day it was registered. It resolves to IP address 186.2.162.246 and is hosted using a Let’s Encrypt SSL certificate, increasing the appearance of legitimacy. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for bulk domain registrations that have been abused in phishing operations. VirusTotal currently reports a detection score of 2 out of 95 security vendors, indicating low initial visibility but not absolute obscurity. Google Safe Browsing (GSB) status remains unconfirmed, and additional blocklist coverage appears minimal at this stage. These technical attributes align with early-stage phishing infrastructure designed for short operational lifespans. As of this report, the domain remains active and accessible, suggesting ongoing exploitation. PhishDestroy has flagged the site for takedown and is coordinating with hosting providers and registrars to revoke the domain and suspend the associated IP. While the immediate risk is elevated due to active deployment, the long-term risk is expected to diminish rapidly once the domain is neutralized. Users are strongly advised to avoid accessing xolonetwork.net and to verify the authenticity of any login pages by checking domain spellings, SSL certificates, and using official application sources. Organizations are urged to update threat intelligence feeds and firewall rules to block traffic to 186.2.162.246 and inspect internal logs for any connections to this IP. Proactive user education on recognizing phishing lures remains the most effective defense against such opportunistic attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-04 17:36:08 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 186.2.162.246 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/xolonetwork.net - PhishDestroy: https://phishdestroy.io/domain/xolonetwork.net/ - LLM endpoint: https://phishdestroy.io/domain/xolonetwork.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xolonetwork.net/ Last updated: 2026-04-08