# woniuobi.com — SUSPICIOUS

> woniuobi.com exposed as a crypto drainer phishing site with 4/95 VirusTotal detections. Block immediately and avoid cryptocurrency transactions.

## Summary
PhishDestroy identifies woniuobi.com as an active crypto drainer phishing domain designed to steal cryptocurrency assets from unsuspecting victims. The site masquerades as a legitimate cryptocurrency platform, luring users with false promises of high returns or urgent account alerts. This threat employs a drainer kit that automatically transfers victim funds to attacker-controlled wallets upon wallet connection, exploiting wallet signature requests for unauthorized transactions.  

 Technical indicators confirm the elevated risk profile of woniuobi.com. The domain was registered through Dynadot Inc on April 07, 2026, and resolves to IP address 54.215.31.113. VirusTotal analysis shows 4 out of 95 security vendors have flagged the domain as malicious. The site utilizes a Let's Encrypt SSL certificate to appear legitimate. Google Safe Browsing does not currently list the domain, and additional blocklist intelligence remains under investigation.  

 As of the latest assessment, woniuobi.com remains active and poses an elevated threat to cryptocurrency users. PhishDestroy has flagged this domain for immediate remediation and urges users to avoid interaction. Organizations and individuals are advised to block the domain at the network level and update blocklists. While current detection remains limited, proactive threat hunting is recommended due to the domain's recent creation and active infrastructure. Users should verify URLs, avoid clicking unsolicited links, and use hardware wallets for enhanced security.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-07 22:20:14
- Registrar: Dynadot Inc
- IP: 54.215.31.113

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/woniuobi.com
- PhishDestroy: https://phishdestroy.io/domain/woniuobi.com/
- LLM endpoint: https://phishdestroy.io/domain/woniuobi.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/woniuobi.com/
Last updated: 2026-04-09