# 0xpa.top — SUSPICIOUS

> 0xpa.top is a newly created domain (April 3, 2026) hosting a fake crypto wallet scam. Users should avoid interacting with it.

## Summary
PhishDestroy identifies 0xpa.top as a malicious domain posing as a cryptocurrency wallet service to steal funds. This site was registered on April 3, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 188.114.96.3. The domain uses a Let’s Encrypt SSL certificate to appear legitimate, a common tactic to deceive security tools. Current VirusTotal scans report 0/95 detections, indicating it remains under the radar while actively targeting users.


This domain specifically impersonates legitimate crypto wallet interfaces to trick users into entering private keys or seed phrases, enabling attackers to drain digital assets. Its recent creation date (April 3, 2026) suggests a hastily deployed campaign, likely leveraging urgency (e.g., 'limited-time offers') to prompt hasty actions. The registrar, NICENIC INTERNATIONAL GROUP CO., LIMITED, has been associated with prior phishing infrastructure, raising further suspicion. The lack of blocklist entries or detections on VirusTotal does not guarantee safety—many phishing sites evade detection for days or weeks before being flagged.


If you visited 0xpa.top, immediately cease all interactions and check your cryptocurrency wallets for unauthorized transactions. Revoke any permissions granted to wallet-related apps and change passwords linked to crypto accounts. Use a reputable malware scanner to audit your devices for keyloggers or trojans. Report the domain to your browser’s safe-browsing tools and block it via firewall rules. Avoid re-engaging with the site entirely—its legitimacy is unverified and likely malicious.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-03 17:17:55
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/0xpa.top
- PhishDestroy: https://phishdestroy.io/domain/0xpa.top/
- LLM endpoint: https://phishdestroy.io/domain/0xpa.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/0xpa.top/
Last updated: 2026-04-04