# xpa8.top — SUSPICIOUS

> PhishDestroy identifies xpa8.top as a live credential-harvesting page. WHOIS shows creation 2024-04-23 and VirusTotal 0/95 undetected.

## Summary
PhishDestroy has opened an active investigation into the recently registered domain xpa8.top that is currently resolving to IP 188.114.97.3 and hosting a generic credential-harvesting landing page. This domain was flagged under seed be2111 and exhibits behavior consistent with mass phishing campaigns designed to trick victims into surrendering usernames and passwords. While it remains undetected by security vendors as of this report (0 detections on VirusTotal), the page is actively live and serving its malicious content, indicating an ongoing rather than dormant threat.  Investigators confirmed the domain was created on 2024-04-23 and continues to operate without active blocklisting despite its zero-detection status. The infrastructure relies on a Let’s Encrypt SSL certificate to appear legitimate and enhance phishing success rates. DNS resolution consistently points to 188.114.97.3, a known bulletproof hosting range often associated with short-lived phishing operations. The unique seed identifier be2111 has been assigned to correlate related samples and track the campaign’s evolution.  If you have visited xpa8.top or entered any credentials, immediately change those passwords on a clean device and enable multi-factor authentication where available. Run a reputable antivirus scan and review account activity for unauthorized logins. Report the domain to your IT security team or via your organization’s phishing portal to aid in takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/xpa8.top
- PhishDestroy: https://phishdestroy.io/domain/xpa8.top/
- LLM endpoint: https://phishdestroy.io/domain/xpa8.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xpa8.top/
Last updated: 2026-04-09