# xm27.top — SUSPICIOUS

> xm27.top is a crypto drainer impersonating a login page. Flagged by 2 of 95 VirusTotal vendors. Verify safety on PhishDestroy before entering credentials.

## Summary
PhishDestroy identifies xm27.top as an active crypto drainer domain designed to impersonate a login portal, posing an elevated risk to users. This domain is currently classified as a generic phishing threat and remains operational with no known takedown actions reported. The threat involves credential harvesting or cryptocurrency theft through fraudulent authentication prompts, targeting unsuspecting victims through social engineering or malicious links.  This domain was flagged by 2 of 95 VirusTotal security vendors, indicating limited but concerning detection coverage. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP address 188.114.97.3, and was created on March 27, 2026. The domain utilizes a Let's Encrypt SSL certificate, which may lend a false sense of legitimacy to potential victims. Despite its recent creation, the low blocklist count and absence of widespread vendor detection suggest this threat may be newly emerging or operating under the radar.  Due to the active status and elevated risk classification, users are strongly advised to avoid interacting with xm27.top entirely. If credentials or sensitive data were entered, immediately revoke access to affected accounts, change passwords, and monitor for unauthorized transactions. Security researchers should flag this domain in threat intelligence platforms and block both the domain and associated IP address at the network perimeter. PhishDestroy users can verify the safety status of this domain using seed 82d153 for accurate threat correlation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-27 09:57:50
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4f2bada3-3475-4d42-adac-2cc3c548d905
- PhishDestroy: https://phishdestroy.io/domain/xm27.top/
- LLM endpoint: https://phishdestroy.io/domain/xm27.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xm27.top/
Last updated: 2026-03-31