# xrp.emmn.io — SUSPICIOUS

> xrp.emmn.io is linked to generic phishing targeting crypto users. Avoid interaction and never share personal info. Stay safe online.

## Summary
PhishDestroy identifies xrp.emmn.io as a medium-risk generic phishing domain impersonating crypto airdrop offers. The domain aims to deceive users into revealing sensitive information under the guise of a cryptocurrency promotion.

The domain was registered on February 21, 2026, and resolves to IP 191.96.56.44. It appears on one security blocklist, and VirusTotal flags it by 3 out of 95 vendors, indicating some detection but limited coverage so far.

Currently active, xrp.emmn.io should be avoided. Users are advised to refrain from interacting with this domain or providing any credentials. Security teams should monitor its activity and update blocklists to mitigate risk.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 530)
- Page title: Crypto Airdrop

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 191.96.56.44
- IP Country: US
- IP City: Phoenix
- IP Org: AS47583 Hostinger International Limited
- SSL Issuer: R13

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["CRDF", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199d393-178d-774d-abdd-da233d2d1a7a.png
- PhishDestroy: https://phishdestroy.io/domain/xrp.emmn.io/
- LLM endpoint: https://phishdestroy.io/domain/xrp.emmn.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xrp.emmn.io/
Last updated: 2026-03-19