# xpm4.top — SUSPICIOUS

> Beware of xpm4.top posing as $USDC Token Airdrop. This domain is flagged as a low-risk phishing site and is currently offline. Avoid interaction.

## Summary
PhishDestroy identifies xpm4.top as a low-risk generic phishing domain impersonating a $USDC Token Airdrop. The domain’s intent appears to be to deceive users with fraudulent cryptocurrency airdrop claims.

Supporting intelligence shows that xpm4.top is listed on three separate security blocklists and has been flagged by 2 out of 95 security vendors on VirusTotal. The domain was registered recently on March 3, 2026, via NiceNIC International Group Co., Limited, and resolved to the IP address 172.67.143.240. The page title referencing "$USDC Token Airdrop" reinforces the suspicion of cryptocurrency-related phishing activity.

Currently, the domain is offline, which mitigates immediate risk to users. PhishDestroy recommends avoiding any engagement with xpm4.top or communications referencing this domain. Users should remain vigilant for similar impersonation attempts involving token airdrops and verify legitimacy through official channels before providing any personal or financial information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: $USDC Token Airdrop

## Domain Intelligence
- Registered: 2026-03-03 23:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.143.240
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: alan.ns.cloudflare.com veda.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/Vp0Z0419/3be953dae83b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/570dd3ae-2e5b-4af4-b39a-6babbf8249cc
- PhishDestroy: https://phishdestroy.io/domain/xpm4.top/
- LLM endpoint: https://phishdestroy.io/domain/xpm4.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xpm4.top/
Last updated: 2026-03-19