# depop.order5315.cfd — SUSPICIOUS > Analyzing depop.order5315.cfd, a Depop credential theft phishing domain detected on March 26, 2026. Check the full report. ## Summary PhishDestroy identifies depop.order5315.cfd as an active credential-harvesting domain masquerading as a legitimate Depop order page. The site is designed to deceive users into entering their Depop login credentials, which are then exfiltrated to attacker-controlled infrastructure. Affected users risk account takeover, unauthorized transactions, or identity theft. Domains like this exemplify the persistent threat of spoofed login portals in e-commerce ecosystems. This domain was flagged during routine SOC monitoring after exhibiting indicators of fraudulent behavior. VirusTotal analysis (0/95 detections as of analysis) confirms its stealthy nature, while registration details reveal it was created on March 26, 2026, through Web Commerce Communications Ltd. The domain resolves to IP 104.21.27.72 and utilizes a Let’s Encrypt SSL certificate—a tactic often leveraged to appear legitimate. Correlation with known phishing kits suggests this may be part of a broader campaign targeting Depop’s user base. If you’ve visited depop.order5315.cfd or entered credentials on the page, immediately reset your Depop password and enable two-factor authentication. Review recent orders for unauthorized activity and monitor linked payment methods for suspicious transactions. Contact Depop support via official channels to report the incident and request account review. Avoid clicking links in unsolicited emails or messages, as these often lead to similar phishing traps. Proactive verification of URLs—especially domains with randomized subpaths like order5315—remains critical to avoiding credential compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-26 21:53:09 - Registrar: Web Commerce Communications Ltd - IP: 104.21.27.72 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6568e30e-caa8-4c6e-8cef-cac25d5f6984 - PhishDestroy: https://phishdestroy.io/domain/depop.order5315.cfd/ - LLM endpoint: https://phishdestroy.io/domain/depop.order5315.cfd/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/depop.order5315.cfd/ Last updated: 2026-03-31