# shopei.cc — MALICIOUS

> Shopei.cc is an active phishing domain posing high risk. Avoid interacting with it and report suspicious messages linked to this site.

## Summary
PhishDestroy identifies shopei.cc as an active phishing threat with a high risk level. This domain targets users by masquerading under the familiar 'Shopee' brand, aiming to steal sensitive information through deceptive tactics.

Supporting intelligence reveals that shopei.cc resolves to IP address 188.114.96.3 and is registered via Gname.com Pte. Ltd. The domain was created on March 12, 2026, which is relatively recent, often a characteristic of fraudulent domains. It currently appears on three separate security blocklists and is flagged by 21 out of 95 security vendors on VirusTotal, reinforcing its malicious use.

Users should avoid clicking on any links or providing credentials associated with shopei.cc. Network defenders are advised to block access to this domain and monitor for related phishing attempts. The domain remains active and poses an ongoing threat, necessitating continued vigilance and proactive mitigation.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Shopee

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["amy.ns.cloudflare.com", "cleo.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 21 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "OpenPhish", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce222-5eac-7575-8dd4-1e3b6d915808.png
- PhishDestroy: https://phishdestroy.io/domain/shopei.cc/
- LLM endpoint: https://phishdestroy.io/domain/shopei.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/shopei.cc/
Last updated: 2026-03-19