# xn--kjpe-bitcoin-wjb.com — SUSPICIOUS

> Analyzing brand impersonation domain xn--kjpe-bitcoin-wjb.com. Currently a crypto drainer impersonating Bitcoin with 0/95 VirusTotal detections.

## Summary
Security researchers from PhishDestroy identified the domain xn--kjpe-bitcoin-wjb.com as a suspected brand impersonation site targeting Bitcoin users. This domain employs a homograph attack via IDN (Internationalized Domain Name) encoding to mimic the legitimate Bitcoin brand visually, potentially tricking users into entering sensitive information or downloading malicious software. While no specific crypto drainer kit has been confirmed yet, the site's structure suggests it may be used for cryptocurrency-related fraud activities based on its naming convention.  

This domain was flagged with the following technical indicators: a VirusTotal detection score of 0 out of 95 scans, registered through NAMECHEAP INC on July 19, 2020, resolving to IP address 172.67.132.87. The domain acquired an SSL certificate from Let's Encrypt, indicating active HTTPS traffic capabilities. As of the latest checks, the domain remains unblocked by Google Safe Browsing (GSB) and has not been listed on major threat intelligence blocklists, suggesting a relatively new or undiscovered threat vector.  

At present, this domain remains active and under investigation, with no confirmed detections or widespread blocking. Immediate defensive actions include updating firewall rules to block inbound and outbound connections to 172.67.132.87 and adding the domain and IP to organizational blocklists. Users should be warned against interacting with this domain, especially those handling cryptocurrency transactions. Remaining risk is assessed as moderate due to the lack of detections but high potential impact due to the brand impersonation targeting Bitcoin. Continuous monitoring is advised as additional telemetry may reveal further malicious payloads or infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bitcoin

## Domain Intelligence
- Registered: 2020-07-19 15:10:06
- Registrar: NAMECHEAP INC
- IP: 172.67.132.87

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ca29b618-a143-4822-89e4-cf5639b23a8c
- PhishDestroy: https://phishdestroy.io/domain/xn--kjpe-bitcoin-wjb.com/
- LLM endpoint: https://phishdestroy.io/domain/xn--kjpe-bitcoin-wjb.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xn--kjpe-bitcoin-wjb.com/
Last updated: 2026-03-22