# winbox-wallet.shop — SUSPICIOUS

> Discover why winbox-wallet.shop is flagged as a crypto drainer threat. Learn about its activity, infrastructure, and current risk status here.

## Summary
PhishDestroy identifies winbox-wallet.shop as a potentially malicious crypto drainer domain currently under investigation. It aims to illicitly access cryptocurrency wallets, posing a threat to users dealing with digital assets.

The domain was registered recently on May 19, 2025, via GoDaddy.com LLC and resolves to IP address 92.113.23.254. Despite no detections on VirusTotal from 95 security vendors, its hosting and creation details warrant caution.

The domain remains active and under active monitoring. Users are advised to avoid interaction and report suspicious activity. Continued observation and further technical analysis are recommended to confirm its malicious intent.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 200)
- Page title: Winbox | Play, Win, Repeat

## Domain Intelligence
- Registered: 2025-05-19 06:25:15
- Registrar: GoDaddy.com LLC
- IP: 92.113.23.254
- Nameservers: ns1.dns-parking.com ns2.dns-parking.com

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://i.ibb.co/PsKRfKf2/497a2833faa3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/365dfe56-6f12-4921-9a4e-c0e373514917
- PhishDestroy: https://phishdestroy.io/domain/winbox-wallet.shop/
- LLM endpoint: https://phishdestroy.io/domain/winbox-wallet.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/winbox-wallet.shop/
Last updated: 2026-03-19