# xpmarketlabs.com — SUSPICIOUS > PhishDestroy identifies xpmarketlabs.com as a malicious phishing domain posing as a generic marketplace. This domain, created March 29, 2026, resolves to IP 172. ## Summary PhishDestroy identifies xpmarketlabs.com as an active phishing domain leveraging a generic marketplace theme to deceive users. The domain exhibits no affiliation with legitimate marketplaces and is classified under the 'generic_phishing' threat type. No specific brand impersonation or drainer kit attribution was observed in current intelligence, suggesting opportunistic credential harvesting or payment fraud campaigns. This domain was flagged by 1 out of 95 VirusTotal security vendors, indicating low but present detection across industry tools. It resolves to IP address 172.67.182.197 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 29, 2026. The domain utilizes a Let's Encrypt SSL certificate, which does not inherently validate legitimacy. Current blocklist association and Google Safe Browsing (GSB) status remain unverified in available data; however, the domain's recent creation and minimal detection suggest it is likely operating in early campaign stages. As of analysis, xpmarketlabs.com remains active and poses an elevated risk to users engaging with its content. PhishDestroy recommends immediate avoidance and blocking at the network level. Security teams should monitor for downstream infrastructure or campaign expansion. While the risk is elevated due to active status and minimal vendor detection, the lack of widespread blocklisting limits immediate systemic impact. Users are advised to verify domains via trusted sources before interaction and report any suspicious activity to their security provider. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-29 22:42:19 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.182.197 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/xpmarketlabs.com - PhishDestroy: https://phishdestroy.io/domain/xpmarketlabs.com/ - LLM endpoint: https://phishdestroy.io/domain/xpmarketlabs.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xpmarketlabs.com/ Last updated: 2026-04-02