# fbshop695.com — MALICIOUS > PhishDestroy warns of fbshop695.com, a fake Facebook Shop crypto drainer active since Feb 2026. 13/95 VirusTotal flags, Let's Encrypt SSL. ## Summary PhishDestroy identifies an active crypto-draining operation impersonating Facebook’s official Shop platform through the domain fbshop695.com. This site lures victims with counterfeit Facebook storefronts, tricking them into connecting crypto wallets under the guise of discounted product purchases. Once a wallet is connected, the drainer silently transfers funds to attacker-controlled addresses, exploiting the lack of transaction review mechanisms in mobile wallet interfaces. Technical analysis confirms this is a live campaign with no evidence of takedown as of the latest scan cycle. All users should treat this domain as hostile and avoid any interaction, including viewing or clicking links, to prevent financial loss. This domain was flagged by PhishDestroy with elevated risk due to conclusive evidence of malicious intent. VirusTotal reports 13 out of 95 security vendors have detected malicious activity associated with fbshop695.com. The domain was registered on February 24, 2026, through Dynadot Inc, a domain registrar known for both legitimate and high-risk registrations. The site uses a Let's Encrypt SSL certificate to appear legitimate, a tactic commonly employed to bypass browser warnings. Historical data indicates this domain has not been blocklisted by major threat intelligence platforms until recently, suggesting a newly emerged threat actor leveraging fresh infrastructure to avoid early detection. The low detection ratio on VirusTotal further highlights the stealth nature of this campaign, exploiting delays in signature-based detection systems. If you have visited fbshop695.com or interacted with any content on this domain, PhishDestroy strongly advises immediate action to secure your digital assets. Disconnect your device from the internet to prevent further unauthorized communication with the domain. Revoke any wallet connections made to this site through your wallet’s connection management interface. Scan your device for malware using a reputable antivirus tool, as drainers often deploy secondary payloads. Report the domain to your wallet provider and local cybercrime units. Enable multi-factor authentication on all financial accounts and consider transferring funds to a hardware wallet until the threat is neutralized. PhishDestroy recommends blocking the IP 69.5.20.142 and the domain fbshop695.com at the network level to prevent repeated exposure. Stay vigilant for phishing attempts using Facebook branding, as threat actors frequently recycle successful lures. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-24 09:07:22 - Registrar: Dynadot Inc - IP: 69.5.20.142 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f2ac5350-fa0b-4241-b5f4-60b484ab6c7a - PhishDestroy: https://phishdestroy.io/domain/fbshop695.com/ - LLM endpoint: https://phishdestroy.io/domain/fbshop695.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fbshop695.com/ Last updated: 2026-03-24