# sh2.us — SUSPICIOUS

> sh2.us is a phishing domain flagged by 3 of 95 VirusTotal vendors. It poses an elevated risk by targeting users with generic phishing scams. Avoid interaction.

## Summary
The domain sh2.us is actively involved in generic phishing attacks, aiming to deceive users into divulging sensitive information. No specific brand or drainer kit has been directly linked, but its use suggests broad-based credential or data harvesting without targeting a particular entity.

Technical analysis reveals sh2.us was registered on January 09, 2013, through ENOM, INC. It currently resolves to IP address 69.118.39.66. VirusTotal reports 3 out of 95 security vendors identify it as malicious. Additionally, the domain appears on 2 separate security blocklists and is blocked by notable services such as MetaMask and SEAL. It operates with a Let's Encrypt SSL certificate, adding a veneer of legitimacy despite malicious intent.

At present, sh2.us remains active and poses an elevated phishing risk to users. Due to its blocking by various security platforms and its blacklisting status, users should avoid visiting the domain or interacting with any content from it. Continued monitoring and blocking are advisable to mitigate possible credential theft and fraud stemming from this ongoing threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2013-01-09 04:06:49
- Registrar: ENOM, INC.
- IP: 69.118.39.66

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/55d89c5d-c0b6-4ebd-bb93-899a87070733
- PhishDestroy: https://phishdestroy.io/domain/sh2.us/
- LLM endpoint: https://phishdestroy.io/domain/sh2.us/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sh2.us/
Last updated: 2026-03-27