Our automated security review flags xpenv.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is xpenv.com safe to use?

No — xpenv.com scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does xpenv.com have a valid SSL certificate?

Yes. xpenv.com presents a valid TLSv1.3 certificate issued by Let's Encrypt · E7, expiring in 77 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

How old is the xpenv.com domain?

xpenv.com is 1 month old, registered on 5/8/2026 through HOSTINGER operations, UAB. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.

Has xpenv.com been flagged by antivirus engines?

2 out of 92 antivirus engines in our malware network flagged xpenv.com as malicious or suspicious (2 outright malicious). Even one detection is a meaningful signal.

Is xpenv.com on any phishing or malware blacklists?

No. xpenv.com is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is xpenv.com hosted?

xpenv.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the xpenv.com report updated?

This is a permanent record of the scan run on June 9, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around xpenv.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Security Review

Is xpenv.com legit or a scam?

Our verdict:Dangerous· 1/100

SafeSuspiciousDangerous

31-day-old Web3 messenger with wallet-entry prompt flagged by antivirus engines as phishing and malicious; no verifiable business identity.

Top reasons

Domain registered only 31 days ago; new crypto-adjacent domains are commonly used for short-lived fraud operations.Prominent wallet-connection call-to-action combined with Web3 framing matches credential-harvesting patterns used in crypto drainers.Flagged as phishing by Fortinet and malicious by Chong Lua Dao; independent scanner assigned 30/100 trust score.

xpenv.comScanned 10h ago

Post Facebook

Trust score

DANGEROUS

Heuristics 0·MT 40

Category tags

crypto frauddata harvester#Crypto Drainer#Data Harvester78% MT confidence

Technical red flags (2)

2 of 92 engines flagged Domain is 31 days old

Warning signals (1)

Scam-network signals (25/100)

Positive signals (3)

Not on major blacklists Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

2/92

Engines flagged this URL

Domain Age

31 days old

Registered May 8, 2026

MT Intelligence

Suspicious

High likelihood · 78% confidence

DANGEROUS

Crypto scam / wallet-drainer

2 of 92 antivirus engines flag this page. Signals match fake investment platforms and wallet drainers. Never connect a wallet, paste a seed phrase, or deposit crypto here.

Website Preview

LIVE RENDER

xpenv.com

1Visual risk score 62/100

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

/ 100

High visual risk

Visual red flags detected in the screenshot

The page presents as a Web3 private messaging tool branded 'XPENV' with a wallet entry prompt and a self-legitimizing 'academic research bridge' legal notice overlay; the wallet input CTA combined with the Web3 framing and absence of verifiable identity information are notable risk indicators.

Visual risk62/100

What our vision model saw

5 signals

Prominent 'Enter Register Wallet' call-to-action button on a private messaging app landing page raises concern about wallet credential harvesting

Modal overlay with 'Legal notice — academic research bridge' framing attempts to establish legitimacy while prompting terms acceptance before full page interaction

Subtitle reads 'Private Web3 Messenger' — combination of wallet entry prompt and Web3 messaging context is a common pattern in crypto phishing interfaces

Page background is nearly fully dark/obscured with low-contrast UI elements, consistent with a partially rendered or intentionally minimal interface

No visible company information, contact details, or verifiable trust indicators beyond the self-declared legal notice text

MT Intelligence

Advanced threat intelligence

MT Security Analyst

High scam likelihoodengineMT · Guardiantrust40/100

MT AgentLive web researchVisual inspectionNetwork correlation

Confidence

The domain was registered only 31 days ago and hosts a Web3 messaging application that prominently displays a wallet-connection call-to-action. Two antivirus engines (Chong Lua Dao and Fortinet) flagged the page as malicious and phishing respectively, and an independent security scanner assigned it a 30/100 trust score. The site provides no contact email, phone, postal address, or verifiable company registration — a hallmark of ephemeral fraud operations. The combination of a new domain, crypto-wallet interaction, missing business identity, and antivirus detections aligns with known drainer-farm patterns. While the page claims to be an official Stellar-based messenger and includes technical documentation, the absence of any independent positive reviews, business registration, or legitimate operator identity, coupled with the wallet-harvesting interface and fresh registration, elevates the fraud risk substantially.

Full dossier

Analysis complete

Page Content

The page presents itself as 'XPENV — Private Web3 Messenger (official)' and describes a decentralized messaging application built on the Stellar blockchain. A prominent 'Enter Register Wallet' button serves as the primary call-to-action. The page includes a modal overlay framed as a 'Legal notice — academic research bridge' that requests terms acceptance before full interaction. The interface is minimalist with low-contrast dark styling and no visible company information, team details, or verifiable trust indicators beyond self-declared legitimacy claims.

Infrastructure

The domain is hosted on Cloudflare (IP 172.67.181.41) with a valid Let's Encrypt SSL certificate expiring in 77 days. The hosting IP has zero abuse reports and a clean reputation score (0/100). No redirects or homoglyph indicators were detected. The site does not appear in global traffic rankings.

Domain History

Registered 31 days ago (May 9, 2026) via Hostinger, with privacy protection disabled. The fresh registration age is consistent with disposable fraud infrastructure. No historical reputation data or prior complaints are available for the domain.

Web Reputation

Two of 92 antivirus engines flagged the page: Chong Lua Dao (malicious) and Fortinet (phishing). An independent security scanner assigned a 30/100 trust score, citing the new domain age and crypto-wallet adjacency as elevated-risk factors. No major browser blocklists flagged the URL. No business registration, an independent review aggregator reviews, or independent trust-aggregator scores were found. The page was promoted via a Bitcointalk thread (May 12, 2026) with technical details but no critical community feedback.

Risk Factors

Domain registered only 31 days ago; new crypto-adjacent domains are commonly used for short-lived fraud operations.
Prominent wallet-connection call-to-action combined with Web3 framing matches credential-harvesting patterns used in crypto drainers.
Flagged as phishing by Fortinet and malicious by Chong Lua Dao; independent scanner assigned 30/100 trust score.
Zero contact information (no email, phone, or postal address) and no verifiable business registration anywhere.
Self-declared 'academic research bridge' legal notice overlay appears designed to establish false legitimacy before wallet interaction.
No independent positive reviews, user testimonials, or trust-aggregator scores; absence of legitimate operator identity.
Matches deterministic fingerprint for contactless-crypto-new-domain pattern typical of drainer farms.

Positive Signals

Valid SSL certificate issued by Let's Encrypt with 77 days remaining.
Hosting IP (172.67.181.41) has zero abuse reports and clean reputation.
No major browser blocklists flagged the URL.
Page does not appear to be a clone of an established messenger brand.

AI Recommendation

Do not enter your wallet credentials or connect any cryptocurrency wallet to this site. The combination of a brand-new domain, wallet-harvesting interface, antivirus detections, and complete absence of verifiable business identity indicates high fraud risk. If you are interested in Stellar-based messaging, verify any application through official Stellar Foundation channels and established cryptocu

Next-gen fraud intelligence

Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for xpenv.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age

1 months

Registered May 2026

Business registration

No public record found

Could not match the site to a registered company — common for small sites.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

1 scam report

Key findings

7 headline facts from open-web research

Domain registered May 9, 2026 (31 days old as of scan), hosted on Cloudflare with valid Let's Encrypt SSL
PCRisk security scan (May/June 2026) gave 30/100 trust score; flagged by 2 of 91 engines for potentially suspicious/phishing/malicious activity; no major blacklists hit
Promotes as private self-destructing Web3 messenger on Stellar blockchain using AES-256-GCM encryption in transaction MEMOs, Soroban for usernames, and Freighter wallet for signing (desktop/extension only)
Promoted via Bitcointalk.org thread (May 12, 2026) describing technical details and linking directly to xpenv.com; appears promotional with no critical replies found
YouTube videos and Portuguese Wikipedia entry describe it as decentralized ephemeral messaging on Stellar; page disclaims affiliation with stellar.org or banks
No Trustpilot, ScamAdviser, or ScamDoc scores available; no user complaints or independent reviews located beyond the security scanner flags
Requires Freighter browser extension for wallet signing; crypto-adjacent new domain with wallet interaction matches common patterns for elevated fraud risk per scanner

Scam reports (1)

Direct quotes from public scam databases, forums, and news.

PCRisk Scanneropen
"Trust score 30/100, flagged by 2/91 engines (phishing-related and malicious classifications). Newly registered cryptocurrency- or wallet-adjacent sites can carry elevated risk because fraudulent operations often rely on fresh domains."

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

We searched scam-report databases, consumer-review sites, and general web sources for xpenv.com. One independent security scanner flagged it with a 30/100 trust score, noting the 31-day-old domain and crypto-wallet interaction as elevated-risk indicators. No user complaints, scam reports, or positive reviews were located. The domain was promoted via a Bitcointalk thread with technical documentation but no critical community feedback. For a newly registered crypto-adjacent site with wallet-interaction features and no independent positive reviews, the absence of established user feedback is expected — but combined with the antivirus detections and missing business identity, it does not reduce the fraud risk.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score

0/100

ClearLowModerateHighCritical

Evidence (1)

Zero contact info, crypto/gambling content, and the domain is only 31 days old — hallmark of a drainer farm.

Linked signals (1)

Pattern · Contactless Crypto NEW Domain

Antivirus Engines

Detection matrix · live

2 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

2Malicious0Suspicious59Harmless92Engines

of 92

Chong Lua Dao

Malicious· malicious

Fortinet

Malicious· phishing

2 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbersNone

Postal addressNot listed

Linked social profiles0

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No phone number listed on the page.
No postal address visible on the page.

Domain & Encryption

Domain History

Age31 days old

RegistrarHOSTINGER operations, UAB

RegisteredMay 8, 2026

ExpiresMay 8, 2027

Owner privacyVisible

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerLet's Encrypt · E7

ExpiresAug 25, 2026 (77d)

Self-signedNo

Hosting & Technology

HostingCloudflare, Inc.

Server locationUS

Web servercloudflare

Redirect Chain

Hops

Cross-domain

Lookalike

Punycode

1301http://xpenv.com/
2200https://xpenv.com/

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file0

ISPCloudflare, Inc.

Usage typeContent Delivery Network

Scam-Type Likelihood

1 scam-type patterns detected

Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Crypto Fraud

Crypto Fraud

Moderate likelihood

33/100

AI analyst tagged this as crypto fraud / wallet-drainer.
AI analyst categorised the site as crypto-themed.

Scam-Type Likelihood

1 of 13 categories showed signals

Top match: Crypto Fraud

Crypto Fraud

Moderate likelihood

33/100

AI analyst tagged this as crypto fraud / wallet-drainer.
AI analyst categorised the site as crypto-themed.

Crypto scam / wallet-drainer indicators

The page shows patterns common to crypto-investment scams, fake airdrops, and wallet drainers.

Do not interact with xpenv.com
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
Never paste your seed phrase anywhere
Legitimate wallets, exchanges and support staff will never ask for your 12/24-word recovery phrase. Typing it into any website — even one that looks real — gives attackers full access to your funds.
If you already connected a wallet
Revoke token approvals immediately using revoke.cash or Etherscan's Token Approvals tool. Move remaining funds to a fresh wallet (new seed phrase). Assume the original wallet is compromised.
Report the wallet and URL
File a report at IC3 (FBI Internet Crime Complaint Center) or your country's cybercrime portal. Recovery is unlikely, but reports help law enforcement map the network.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

VirusTotal

ListedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

static.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review flags xpenv.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
No — xpenv.com scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
Yes. xpenv.com presents a valid TLSv1.3 certificate issued by Let's Encrypt · E7, expiring in 77 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
xpenv.com is 1 month old, registered on 5/8/2026 through HOSTINGER operations, UAB. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
2 out of 92 antivirus engines in our malware network flagged xpenv.com as malicious or suspicious (2 outright malicious). Even one detection is a meaningful signal.
No. xpenv.com is not currently listed on the major browser blocklist feeds that modern browsers use.
xpenv.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
This is a permanent record of the scan run on June 9, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around xpenv.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

Trust / 100

Final Verdict·xpenv.com

DANGEROUS

XPENV is a newly registered Web3 messaging app (31 days old) that prompts users to connect cryptocurrency wallets. The combination of wallet-credential harvesting, zero contact information, and flagging by multiple antivirus engines matches patterns common to crypto-drainer operations.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

workdeadlinededicate.com

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.