# shibpay.net — MALICIOUS

> shibpay.net engages in credential theft targeting crypto users, flagged by 6 of 95 VirusTotal vendors. Avoid interacting with this domain immediately.

## Summary
PhishDestroy identifies shibpay.net as an active credential theft scam targeting cryptocurrency users, masquerading under a generic payment-related brand name. The domain appears designed to deceive victims into surrendering sensitive login information, likely to drain crypto wallets or compromise accounts.

Technical analysis reveals shibpay.net has a VirusTotal detection rate of 6 out of 95 security vendors, indicating moderate consensus on its malicious nature. The domain was created recently on August 30, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 104.21.46.149 and uses an SSL certificate issued by Google Trust Services, which may lend it a false sense of legitimacy. There is no current Google Safe Browsing block reported, but the domain is flagged by multiple security engines.

Currently, shibpay.net remains active and poses an elevated risk of credential theft to users, especially those involved in cryptocurrency transactions. Immediate action is recommended to block and avoid this domain. Security teams should update phishing filters to include this site and educate users on the dangers of entering credentials on untrusted crypto-related payment portals. Continuous monitoring is advised as threat actors may evolve tactics or infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-30 05:48:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.46.149

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/66cdb0ab-7177-402e-94f3-8f15cb351387
- PhishDestroy: https://phishdestroy.io/domain/shibpay.net/
- LLM endpoint: https://phishdestroy.io/domain/shibpay.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/shibpay.net/
Last updated: 2026-03-27