# wallet4.nexretail9.monster — SUSPICIOUS

> wallet4.nexretail9.monster is a live crypto-drainer posing as a wallet service. It resolves to 188.114.96.3 and remains undetected on VirusTotal.

## Summary
wallet4.nexretail9.monster has been placed under investigation as an active cryptocurrency-draining domain.

The domain resolves to IP address 188.114.96.3, is registered via Dynadot LLC, and carries a Google Trust Services SSL certificate. Registered on 2025-10-27, it currently shows zero detections out of 95 VirusTotal engines and has not yet been listed on any major threat intelligence feeds. Despite its professional-grade SSL certificate, the domain’s recent creation and complete lack of detections suggest it is a newly deployed, evasive asset intended to siphon funds from unsuspecting cryptocurrency users.

Mitigation requires immediate network and DNS blocking of wallet4.nexretail9.monster and the associated IP 188.114.96.3. Users should treat any requests for wallet credentials or transaction approvals from this domain as hostile indicators. All cryptocurrency wallet access should be performed only through verified, official platforms and hardware devices. Security teams are advised to append this domain and IP to organizational blocklists and to monitor for outbound connections to the same infrastructure as potential exfiltration attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-10-27 12:21:31
- Registrar: Dynadot LLC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0328c1cd-44cf-4a32-9aae-34c75e93ac54
- PhishDestroy: https://phishdestroy.io/domain/wallet4.nexretail9.monster/
- LLM endpoint: https://phishdestroy.io/domain/wallet4.nexretail9.monster/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wallet4.nexretail9.monster/
Last updated: 2026-03-29