# itspopepepe.xyz — SUSPICIOUS

> itspopepepe.xyz is a crypto drainer phishing domain flagged by 1/95 VirusTotal scanners. Avoid clicking links or connecting wallets.

## Summary
PhishDestroy identifies itspopepepe.xyz as an active crypto drainer phishing domain designed to deceive users into connecting cryptocurrency wallets or entering seed phrases. This domain mimics legitimate crypto services to initiate unauthorized transactions or steal digital assets. The threat actor leverages social engineering tactics, such as spoofed interfaces or fake giveaways, to trick victims into approving malicious transactions or revealing sensitive wallet information.  This domain was flagged by PhishDestroy on July 25, 2025, with a VirusTotal detection ratio of 1 out of 95 security vendors, indicating low but present suspicion among the security community. The domain resolves to IP address 92.205.93.163 and uses a Let's Encrypt SSL certificate to appear legitimate. It was registered through Porkbun, LLC, a domain registrar known for anonymity-friendly services, which may facilitate the domain's short operational lifespan. The combination of recent registration, low detection ratio, and anonymity-focused hosting suggests this is a targeted or emerging threat.  Users who visited itspopepepepe.xyz should immediately disconnect any connected wallets, revoke any unauthorized permissions, and scan their devices for malware. Do not enter any seed phrases, private keys, or transaction approvals on this domain. Report the domain to your wallet provider and relevant cybersecurity authorities. If you interacted with this site, consider transferring remaining funds to a new wallet and enabling multi-factor authentication on all crypto-related accounts. Monitor your wallet transactions closely for any unauthorized activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-25 14:48:52
- Registrar: Porkbun, LLC
- IP: 92.205.93.163

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9688d5c8-fa02-427b-940e-ccacf7c8fbb2
- PhishDestroy: https://phishdestroy.io/domain/itspopepepe.xyz/
- LLM endpoint: https://phishdestroy.io/domain/itspopepepe.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/itspopepepe.xyz/
Last updated: 2026-03-26