# criytpwallet-eng.square.site — SUSPICIOUS

> PhishDestroy flags criytpwallet-eng.square.site as a crypto drainer site (3/95 VirusTotal detections).

## Summary
PhishDestroy identifies the domain criytpwallet-eng.square.site as an active crypto-drainer scam registered through MarkMonitor Inc. on February 05, 2019. The site impersonates a legitimate Square site but is specifically engineered to drain cryptocurrency wallets by tricking users into connecting their wallets and authorizing fraudulent transactions. The kit appears to leverage fake wallet-connect prompts and social-engineering lures centered on “crypto wallet” themes, consistent with the broader drainer-as-a-service ecosystem observed in early 2024 campaigns.  

Technical indicators confirm elevated risk: VirusTotal reports 3 out of 95 security vendors flagged the domain; the SSL certificate is issued by Let’s Encrypt; the site resolves to IP 74.115.51.5; and the domain was registered through MarkMonitor Inc., a common choice for bulk domain squatting. Historical WHOIS data shows the registrant details are redacted, and the domain has remained active for over five years, suggesting sustained malicious use rather than a short-lived phishing campaign. Public blocklists such as Google Safe Browsing (GSB) and PhishDestroy’s internal feeds currently list the domain with medium detection coverage, implying partial but not universal blocking across user bases.  

As of the latest scan, criytpwallet-eng.square.site remains active and capable of cryptocurrency theft via wallet-draining mechanisms. PhishDestroy recommends immediate network-level and endpoint blocking of the domain and its resolving IP (74.115.51.5) due to the confirmed presence of a crypto drainer. Users should avoid visiting the site, refrain from connecting any wallets, and report any unauthorized transactions to their wallet provider and relevant financial authorities. The residual risk remains elevated while the domain is active, and continued monitoring is advised as drainer infrastructure frequently shifts hosting providers and domain names to evade detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2019-02-05 14:02:28
- Registrar: MarkMonitor Inc.
- IP: 74.115.51.5

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/criytpwallet-eng.square.site
- PhishDestroy: https://phishdestroy.io/domain/criytpwallet-eng.square.site/
- LLM endpoint: https://phishdestroy.io/domain/criytpwallet-eng.square.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/criytpwallet-eng.square.site/
Last updated: 2026-04-07