# xpra5.top — SUSPICIOUS

> Check if xpra5.top is safe — flagged for crypto drainer activity with only 0/95 VirusTotal detections. Verify before interaction.

## Summary
PhishDestroy identifies xpra5.top as an active crypto drainer domain currently under investigation for malicious activities targeting cryptocurrency users. The domain exhibits multiple red flags consistent with modern crypto drainer operations, including a recently registered timestamp and hosting infrastructure linked to known malicious networks. Users are advised to avoid any transactions or data entry on this domain until further analysis is completed.  This domain was flagged by PhishDestroy with a risk level marked as under investigation, pending deeper technical analysis. Key technical indicators include a domain creation date of April 05, 2026, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP address 188.114.97.3, and secured with a Let's Encrypt SSL certificate. As of current scans, VirusTotal reports 0 detections out of 95 engines, indicating it has not yet been widely flagged by antivirus or security platforms despite its suspicious characteristics. The domain remains active and accessible, with no confirmed inclusion on public blocklists at this time.  The specific threat posed by xpra5.top appears to be crypto drainer activity, a type of phishing that silently drains cryptocurrency wallets during transaction approvals or wallet connections. Given the domain's recent registration, low detection rate, and hosting on a suspicious IP, there is a plausible risk of active exploitation. Users who may have interacted with this domain should immediately revoke any connected wallet permissions, transfer assets to a secure wallet, and monitor for unauthorized transactions. Security researchers are encouraged to submit samples or reports to threat intelligence platforms to accelerate detection and mitigation efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-05 10:59:22
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/xpra5.top
- PhishDestroy: https://phishdestroy.io/domain/xpra5.top/
- LLM endpoint: https://phishdestroy.io/domain/xpra5.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xpra5.top/
Last updated: 2026-04-07