# uahelpwiplata.sbs — SUSPICIOUS > uahelpwiplata.sbs masquerades as CHAINPOT crypto lottery, detected as phishing lure hosted on 104.21.22.17 with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies uahelpwiplata.sbs as a live phishing domain posing as CHAINPOT, the self-proclaimed world’s largest crypto lottery, actively harvesting credentials and cryptocurrency deposits through a counterfeit lottery interface. The domain’s authoritative page title and branding closely mimic legitimate crypto-lottery services, while the underlying infrastructure remains under active SOC investigation for drainer-kit deployment. No exact drainer-kit fingerprint is confirmed at this time, but the page content and SSL certificate suggest a staged lottery façade designed to trick victims into connecting wallets and transferring funds. This domain was flagged with a VirusTotal score of 0 out of 95 antivirus engines on first submission, indicating it currently evades commodity detections. It resolves to IP address 104.21.22.17, is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and was created on April 03, 2026. Google Safe Browsing (GSB) has not yet listed the domain, and public blocklist aggregation shows zero prior listings as of the advisory snapshot. The domain remains active with under-investigation status; SOC is tracking connections and assessing the full drainer-kit payload. Users should immediately block uahelpwiplata.sbs at DNS and firewall layers, refrain from visiting the site, and treat any unsolicited “CHAINPOT” communication as highly suspect. While risk is currently rated low-to-medium due to low detections, rapid evolution of the page content and infrastructure could elevate risk without warning. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: CHAINPOT — The World's Largest Crypto Lottery ## Domain Intelligence - Registered: 2026-04-03 08:42:42 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.22.17 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/uahelpwiplata.sbs - PhishDestroy: https://phishdestroy.io/domain/uahelpwiplata.sbs/ - LLM endpoint: https://phishdestroy.io/domain/uahelpwiplata.sbs/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/uahelpwiplata.sbs/ Last updated: 2026-04-03