# xprmarket.com — MALICIOUS

> xprmarket.com flagged for cryptocurrency wallet draining scam with 7/95 VirusTotal detections. Check the full report to assess risks before interaction.

## Summary
xprmarket.com has been identified as a cryptocurrency wallet drainer domain, designed to trick victims into connecting their wallets and siphoning funds. The domain does not appear to impersonate a specific brand but instead uses generic phishing techniques to lure users into interacting with cryptocurrency-related content. While no specific drainer kit was directly observed in available intelligence, the domain's structure and recent creation suggest it is part of an active campaign targeting cryptocurrency users.  

This domain resolves to IP 104.21.18.13 and was registered on March 13, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal reports a detection score of 7 out of 95 security vendors, indicating partial visibility among security tools. Google Safe Browsing has flagged the domain under the category SOCIAL_ENGINEERING, and it has also been included on blocklists monitored by security researchers. The domain utilizes a Let's Encrypt SSL certificate, which may contribute to a false sense of legitimacy.  

The domain remains active as of the latest assessment, with elevated risk due to its recent activity and partial detection coverage. Users are advised to avoid interacting with xprmarket.com and to report any suspicious encounters to their security teams. Organizations should consider blocking the domain at the network perimeter and updating security policies to detect similar threats. While immediate action mitigates risk, the domain's recent registration and partial blocklist coverage suggest ongoing or evolving campaigns that require continued monitoring.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-13 20:18:29
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.18.13

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4006f7a5-533b-4917-a6d0-dd65471ba921
- PhishDestroy: https://phishdestroy.io/domain/xprmarket.com/
- LLM endpoint: https://phishdestroy.io/domain/xprmarket.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xprmarket.com/
Last updated: 2026-03-23