# xpmarketlive.info — SUSPICIOUS

> PhishDestroy identifies xpmarketlive.info as a live XP Market phishing site launched March 16, 2026. VirusTotal already shows 0/95 detections—block it now.

## Summary
xpmarketlive.info is an active phishing domain masquerading as the legitimate XP Market trading platform in order to harvest cryptocurrency wallet credentials and personal financial data. Threat actors registered the domain through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 16, 2026 and immediately deployed a Let’s Encrypt SSL certificate to increase victim trust. The site resolves to IP 188.114.96.3, an infrastructure node that currently evades antivirus detection with a clean 0/95 VirusTotal score.  This phishing campaign relies on look-alike branding and time-sensitive “limited-time offers” to convince visitors to connect wallets and sign malicious EIP-712 permit messages that drain tokens. The domain is less than one month old and still absent from all major threat-intel feeds, giving it a wide window to operate before signatures mature. Because the registrar (NICENIC) allows near-instant registrations and the certificate authority issues certificates automatically, the infrastructure can pivot quickly, creating an asymmetric advantage over static blocklists.  Users who visited this page should immediately disconnect any connected wallets using wallet disconnect buttons or revoke any token approvals at etherscan.io or similar block explorers. Rotate all exposed seed phrases and enable hardware-wallet signing for future transactions. Report the domain to your antivirus vendor and share wallet addresses or transaction hashes linked to this site with incident-response teams. Monitor credit-card statements for fraudulent charges if personal or payment data was entered.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-16 18:49:03
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b9302c3e-8b38-4533-b28a-02d5a79a7950
- PhishDestroy: https://phishdestroy.io/domain/xpmarketlive.info/
- LLM endpoint: https://phishdestroy.io/domain/xpmarketlive.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xpmarketlive.info/
Last updated: 2026-03-23