# winexo1021.gl — SUSPICIOUS > PhishDestroy identifies winexo1021.gl as an active wine investment phishing domain hosting a drainer kit. VT score 0/95. Check the full report. ## Summary PhishDestroy identifies winexo1021.gl as an active phishing domain masquerading as a wine investment platform, likely targeting crypto holders under the guise of high-return trading opportunities. The site employs a drainer kit designed to siphon cryptocurrency from victims’ wallets upon transaction initiation. No direct association with a legitimate wine brand or investment firm has been confirmed, suggesting the use of spoofed branding to build false credibility. The domain’s operational window remains untested, as it was registered only days ago, but the deployment of a drainer strongly indicates malicious intent to deceive visitors into authorizing unauthorized transactions. Technical indicators confirm the domain’s malicious nature and rapid deployment cycle. VirusTotal currently shows 0/95 detections, indicating it has evaded detection by major antivirus engines as of the latest scan. The domain resolves to IP address 188.114.96.3, a hosting infrastructure known to harbor multiple malicious domains. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 09, 2026, the domain features a valid Let’s Encrypt SSL certificate, which may be used to lend false legitimacy to the phishing page. Google Safe Browsing (GSB) status remains unflagged at this time, and no entries appear on major blocklists such as PhishTank or OpenPhish, reflecting the domain’s recent emergence and low detection coverage. The domain remains active and under active monitoring by PhishDestroy. No takedown or remediation action has been initiated as of this report, maintaining the risk level at 'under_investigation.' The absence of detections and blocklist entries suggests a window of opportunity for the threat actor to operate undetected. Users are strongly advised to avoid visiting winexo1021.gl and to report any suspicious interactions. Security teams should consider blocking the domain and associated IP address at the network perimeter. Remaining risk is assessed as high due to the presence of a drainer kit and the domain’s recent registration, which provides the attacker with a temporary but unobstructed platform for exploitation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-09 11:22:03 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/winexo1021.gl - PhishDestroy: https://phishdestroy.io/domain/winexo1021.gl/ - LLM endpoint: https://phishdestroy.io/domain/winexo1021.gl/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/winexo1021.gl/ Last updated: 2026-04-04