# zknight.xyz — SUSPICIOUS > PhishDestroy identifies zknight.xyz as a HTX brand impersonation domain with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies zknight.xyz as a domain engaged in active brand impersonation targeting HTX cryptocurrency exchange users. This malicious domain is currently under investigation and remains operational as of the latest intelligence update. Brand impersonation scams of this nature are designed to deceive victims into revealing sensitive account credentials or transferring digital assets under the false pretense of an official HTX platform or support channel. zknight.xyz exhibits multiple indicators of malicious intent and operational sophistication. The domain resolves to IP address 188.114.97.3 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 22, 2026. Security analysis reveals that the domain utilizes a Let’s Encrypt SSL certificate and has not yet been flagged by any of the 95 VirusTotal vendors, resulting in a 0/95 detection rate. While currently unblocked across major threat intelligence platforms, the absence of detections highlights the importance of proactive monitoring and underscores the evolving tactics employed by threat actors to evade detection. This domain has not been listed on any known blocklists at the time of assessment. The current status of zknight.xyz remains active and unresolved. Given the targeting of HTX users and the domain’s recent creation, there is a heightened risk of credential harvesting or crypto-draining campaigns being deployed. Users are strongly advised to avoid interacting with this domain or any associated links. Organizations should consider blocking the IP address 188.114.97.3 and the domain at the network perimeter. Additionally, users should verify all URLs through official HTX channels and enable multi-factor authentication on their accounts. PhishDestroy continues to monitor this domain and will update its status as new intelligence becomes available. Immediate reporting of any observed suspicious activity is encouraged to mitigate potential financial losses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: HTX ## Domain Intelligence - Registered: 2026-03-22 09:29:19 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5f494771-be19-459b-8fb9-15135bc43825 - PhishDestroy: https://phishdestroy.io/domain/zknight.xyz/ - LLM endpoint: https://phishdestroy.io/domain/zknight.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/zknight.xyz/ Last updated: 2026-03-23