# shopei.vip — MALICIOUS

> Shopei.vip was identified as a high-risk phishing domain and taken offline. Stay alert and avoid suspicious links. Learn more from PhishDestroy.

## Summary
PhishDestroy identifies shopei.vip as a high-risk phishing domain designed to deceive users and potentially steal sensitive information. The site posed a significant threat due to its generic phishing tactics, which can trick victims into divulging credentials or personal data. Protecting users from such scams is critical to maintaining online safety.

This domain was registered recently on March 12, 2026, and was associated with the registrar Gname.com Pte. Ltd. It resolved to IP address 104.21.74.237 and appeared on three distinct security blocklists. VirusTotal flagged it as malicious in 17 out of 95 vendor detections. The site has since been taken offline, and the page now displays a Cloudflare warning indicating a suspected phishing attempt.

Users are advised to remain vigilant and avoid interacting with suspicious domains like shopei.vip. Always verify the legitimacy of websites before submitting any personal or financial information. Employ updated antivirus and anti-phishing tools and report any suspected fraudulent sites to help prevent further attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 104.21.74.237
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["amy.ns.cloudflare.com", "cleo.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce222-3ee5-74be-88a8-4298248e9661.png
- PhishDestroy: https://phishdestroy.io/domain/shopei.vip/
- LLM endpoint: https://phishdestroy.io/domain/shopei.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/shopei.vip/
Last updated: 2026-03-19