MalwareTips
DANGEROUS

Crypto scam / wallet-drainer

Signals match fake investment platforms and wallet drainers. Never connect a wallet, paste a seed phrase, or deposit crypto here.

Security Review

Is p2p.cryptomus.com legit or a scam?

Our verdict:Dangerous· 25/100

Official P2P crypto exchange subdomain of Cryptomus; parent company hit with record FINTRAC fine for AML violations; mixed user complaints about fund theft and withdrawal failures.

Top reasons
Parent company Xeltox Enterprises Ltd. received a record CAD $176.96 million FINTRAC fine in October 2025 for 2,593 anti-money-laundering violations.independent review aggregator shows 2.7/5 rating with multiple recent complaints of stolen funds, failed withdrawals, and unresolved cases lasting months.Independent trust aggregators rate the domain at 2/100, indicating high perceived risk.
p2p.cryptomus.comScanned 4h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 42·MT 40
Category tags
cryptocurrencyp2p exchangepayment processing#Crypto Fraud#Data Harvester72% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/91
All engines report clean
Domain Age
9 years old
Registered Aug 31, 2017
MT Intelligence
Suspicious
High likelihood · 72% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
Cryptomus operates as a legitimate, FinCEN-registered Money Services Business incorporated in British Columbia. However, the parent company Xeltox Enterprises Ltd. received a record CAD $176.96 million penalty from FINTRAC in October 2025 for 2,593 anti-money-laundering violations, including failure to report suspicious transactions linked to fraud, ransomware, and sanctions evasion. independent review aggregator shows a 2.7/5 rating from 503 reviews with multiple recent complaints of stolen funds and failed withdrawals, though the company responds to some disputes. Independent reviewers on Cryptwerk and ProductHunt report positive experiences with escrow and dispute resolution, suggesting the platform itself has functional safeguards. The subdomain p2p.cryptomus.com is not a clone and appears to be the official P2P section. The combination of a major regulatory fine, mixed user complaints, and Russia-linked operational ties creates elevated risk despite legitimate registration and some positive user feedback.
Full dossier
Analysis complete

Page Content

The page is a functional P2P crypto exchange interface offering peer-to-peer trading of Bitcoin, USDT, Ethereum, and other cryptocurrencies with a 0.1% taker fee. The site loads as a JavaScript single-page app with navigation menus, trade listings, and community features. No direct contact email, phone, or postal address is published on the page itself; support is routed through Telegram and a contact form.

Infrastructure

Domain age is 3,202 days (approximately 8.8 years), registered with NameCheap. SSL certificate is valid (issued by Google Trust Services) with 55 days to expiry. Hosting IP 104.26.0.48 has zero abuse reports and a clean reputation score. No malware, phishing, or browser blocklist detections across our antivirus network or sandbox analysis.

Domain History

The subdomain p2p.cryptomus.com is part of the established cryptomus.com domain and is not a clone or homoglyph. The parent company, Xeltox Enterprises Ltd., was incorporated in British Columbia, Canada, and operates under the Cryptomus brand. WHOIS privacy is disabled, showing legitimate registration details.

Web Reputation

Independent trust aggregators rate the domain at 2/100 (high risk). independent review aggregator shows 2.7/5 stars from 503 reviews with complaints of stolen funds, failed withdrawals, and unresolved cases spanning months. Reddit and Bitcointalk posts reference scam associations, though some note these relate to an older ICO. Cryptwerk and ProductHunt cite reliable dispute resolution and legitimate operations. The parent company received a record CAD $176.96 million FINTRAC fine in October 2025 for 2,593 AML violations, including failure to report suspicious transactions linked to fraud, ransomware, CSAM, and sanctions evasion.

Risk Factors
7
  • Parent company Xeltox Enterprises Ltd. received a record CAD $176.96 million FINTRAC fine in October 2025 for 2,593 anti-money-laundering violations.
  • independent review aggregator shows 2.7/5 rating with multiple recent complaints of stolen funds, failed withdrawals, and unresolved cases lasting months.
  • Independent trust aggregators rate the domain at 2/100, indicating high perceived risk.
  • No direct contact email, phone, or postal address published on the page; support funneled through Telegram.
  • Operations linked to Russia and Eastern Europe despite Canadian incorporation; uses virtual Vancouver mailbox address with no physical Canadian staff per FINTRAC findings.
  • Scam network fingerprint detects Telegram herding pattern and contactless-crypto template common in fraud schemes.
  • FINTRAC fine cites failure to report suspicious transactions linked to fraud, ransomware, and sanctions evasion.
Positive Signals
5
  • Domain age of 3,202 days demonstrates long operational history.
  • Registered as Money Services Business (MSB) with FinCEN and incorporated in Canada with active business status.
  • SSL certificate valid and issued by trusted Google Trust Services.
  • Zero malware, phishing, or browser blocklist detections across our antivirus network.
  • Cryptwerk and ProductHunt reviewers report working dispute resolution and successful fund recovery from scammers.
AI Recommendation
Do not deposit funds without thorough due diligence. Review the FINTRAC fine details and independent review aggregator complaints carefully. If you choose to use the platform, start with a small test transaction, enable all available security features, and keep detailed records of all transactions and communications. Consider alternative P2P exchanges with cleaner regulatory histories.
Scam network detected
2 linked domains correlated

Scam network fingerprint detects Telegram herding pattern (t.me) and contactless-crypto template common in fraud schemes. Zero contact information on a crypto/payment page is atypical for legitimate operators. However, p2p.cryptomus.com is a subdomain of the established cryptomus.com parent domain, not a separate clone or farm-network site.

cryptomus.comt.me
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of p2p.cryptomus.com
LIVE RENDER
p2p.cryptomus.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for p2p.cryptomus.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
8.8 yrs
Registered Aug 2017
Business registration
Active · Canada
Site traces back to an actively registered business.
Independent review aggregators
2/100 · low trust
Average across 1 independent review aggregator.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
5 scam reports · 15 complaints · 4 positive
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
2/100
High riskopen
Key findings
7 headline facts from open-web research
  • p2p.cryptomus.com is the official P2P trading subdomain of cryptomus.com, offering peer-to-peer crypto trades (BTC, USDT, etc.) with low fees (0.1% taker).
  • Parent company Xeltox Enterprises Ltd. received a record CAD $176.96 million FINTRAC fine in Oct 2025 for 2,593 AML violations, including failure to report suspicious transactions linked to fraud, ransomware, CSAM, and sanctions evasion; co
  • Trustpilot shows mixed reviews (2.7/5 from 503 reviews) with multiple recent complaints of stolen funds, failed withdrawals, and "scam" accusations; company responds to some.
  • Older scam associations exist with a prior Cryptomus ICO (unrelated per some reviews); current platform has positive P2P feedback on Cryptwerk and ProductHunt citing reliable escrow and dispute resolution.
  • Registered as MSB with FinCEN; incorporated in Canada (BC) but uses virtual Vancouver address and has no physical Canadian staff per FINTRAC findings; Russia-linked operations noted by TRM Labs and Krebs on Security.
  • Review sites like CryptoRadar note past scam reports under the name but deem current operations separate and legitimate with CertiK audits and security features; ScamDoc/Gridinsoft give moderate/low trust scores.
  • Platform publishes its own guides on avoiding P2P scams; no direct scam reports found specifically targeting the p2p.cryptomus.com subdomain.
Scam reports (5)
Direct quotes from public scam databases, forums, and news.
  • Trustpilotopen

    "This people are scammers stay away, they took my 500 USDT, I made a withdrawal to my trust wallet but it never arrived"

  • Trustpilotopen

    "They stole my money. I have sent them everything. 5 months and they keep saying ur case under investigation"

  • Trustpilotopen

    "Guys n gals this is a scam website take care"

  • Redditopen

    "Cryptomus SCAM going live again. REMINDER. Im a guy who was scammed by a company called CRYPTOMUS back to 4 years ago."

  • Bitcointalkopen

    "I can confirm that cryptomus.com is shady at best and that they think that having a company registration is enough to make them a legitimate business."

Positive reviews (4)
Quotes indicating the site is legitimate.
  • Cryptwerkopen

    "The platform is reliable, and there are always plenty of offers available. I’ve never run into scammers, and all the coins have been clean."

  • Cryptwerkopen

    "I often use this P2P exchange... Recently, I encountered a scammer who faked the payment proof. I opened a dispute, and it was resolved quickly — they returned my funds."

  • ProductHuntopen

    "I like that they're a legit, serious company. They've already saved us a couple of times from scammers trying to launder money through our service."

  • 0xProcessingopen

    "Yes, Cryptomus is an official and legitimate payment gateway. The company is registered as a Money Services Business (MSB) with FinCEN."

Business registration
Status: active · Canada

Xeltox Enterprises Ltd. (operating as Cryptomus, formerly Certa Payments Ltd.), incorporated in British Columbia with Vancouver address (mailbox service). Registered MSB with FinCEN. Primary operations appear Russia-linked/Eastern Europe (Uzbekistan/Spain reps). Appealing record FINTRAC fine.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found 5 scam reports and 4 positive reviews across independent platforms. independent review aggregator complaints allege stolen funds, failed withdrawals, and unresolved cases lasting months; the company responds to some disputes. Reddit and Bitcointalk posts reference scam associations, though some distinguish between an older ICO and current operations. Cryptwerk and ProductHunt reviewers report positive experiences with escrow and dispute resolution. The parent company Xeltox Enterprises Ltd. received a record CAD $176.96 million FINTRAC fine in October 2025 for 2,593 anti-money-laundering violations, including failure to report suspicious transactions linked to fraud, ransomware, CSAM, and sanctions evasion. Business registration confirms the company is incorporated in British Columbia, Canada, and registered as a Money Services Business with FinCEN, though operations are linked to Russia and Eastern Europe with a virtual Vancouver address and no physical Canadian staff per FINTRAC findings.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Funnels users into Telegram — common herding channel for crypto scams.
  • Zero contact info on a crypto/gambling page — legitimate operators publish a licence and address.
Linked signals (2)
t.mePattern · Contactless Crypto

Antivirus Engines

Clean pass · verified
Clean across 91 engines

We cross-check every URL against our antivirus network of 91 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious59Harmless91Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render
Page rendered in a safe sandbox
Requests made0
Unique IPs0
Countries0
Detected brandsNone

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles7
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.
  • Links to 7 social profiles.

Domain & Encryption

Domain History
Age9 years old
RegistrarNameCheap, Inc.
RegisteredAug 31, 2017
ExpiresAug 31, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 2, 2026 (55d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Server Reputation

Hosting
CountryUnknown
NetworkUnknown
IP addressUnknown
Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Crypto Fraud
Crypto Fraud
Moderate likelihood
0/100
  • AI analyst tagged this as crypto fraud / wallet-drainer.
  • AI analyst categorised the site as crypto-themed.
Job / Task / Survey Scam
Low-level signals
0/100
  • Referral-program structure detected.

Crypto scam / wallet-drainer indicators

The page shows patterns common to crypto-investment scams, fake airdrops, and wallet drainers.

  • Do not interact with p2p.cryptomus.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Never paste your seed phrase anywhere

    Legitimate wallets, exchanges and support staff will never ask for your 12/24-word recovery phrase. Typing it into any website — even one that looks real — gives attackers full access to your funds.

  • If you already connected a wallet

    Revoke token approvals immediately using revoke.cash or Etherscan's Token Approvals tool. Move remaining funds to a fresh wallet (new seed phrase). Assume the original wallet is compromised.

  • Report the wallet and URL

    File a report at IC3 (FBI Internet Crime Complaint Center) or your country's cybercrime portal. Recovery is unlikely, but reports help law enforcement map the network.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

storage.cryptomus.comgoogletagmanager.comcryptomus.complay.google.comskynet.certik.comresolvex.cominstagram.comyoutube.comlinkedin.comreddit.comdiscord.ggapp.cryptomus.comdoc.cryptomus.comt.me

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

  • Our automated security review flags p2p.cryptomus.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

0
Trust / 100
Final Verdict·p2p.cryptomus.com
DANGEROUS

p2p.cryptomus.com is the official P2P trading subdomain of Cryptomus, a Canadian-registered crypto exchange. The parent company faced a record CAD $176.96 million FINTRAC fine in October 2025 for 2,593 AML violations including failure to report suspicious transactions tied to fraud and ransomware. Multiple independent review aggregator complaints allege stolen funds and failed withdrawals, though some independent reviewers cite working dispute resolution. Do not deposit funds without understandi

Do not deposit funds without thorough due diligence. Review the FINTRAC fine details and independent review aggregator complaints carefully. If you choose to use the platform, start with a small test transaction, enable all available security features, and keep detailed records of all transactions and communications. Consider alternative P2P exchanges with cleaner regulatory histories.

AV engines
91
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
kopras-shoring.com
23m ago
Read the review
Dangeroustrust1
coins-claim.com
25m ago
Read the review
Dangeroustrust45
myslimforce.com
2h ago
Read the review
Dangeroustrust1
getdstudio.app
2h ago
Read the review
Dangeroustrust1
playzip.com
2h ago
Read the review
Dangeroustrust37
marketing.silverfrog.hu
3h ago
Read the review
Dangeroustrust1
puregamb.com
4h ago
Read the review
Dangeroustrust1
kepovex.com
4h ago
Read the review
Dangeroustrust33
roulether.com
4h ago
Read the review
Dangeroustrust8
loregamb.com
4h ago
Read the review
Dangeroustrust1
potawin.com
4h ago
Read the review
Dangeroustrust1
qerugamb.com
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
Scanned by
JackStaff
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.