# xmrwallet.biz — SUSPENDED (Escape Domain)

> **xmrwallet.biz was a redirect domain for xmrwallet.com scam. Suspended by registrar after abuse reports.**

## What happened

After exposure by PhishDestroy, the operator of xmrwallet.com registered **xmrwallet.biz** as a second escape domain — another redirect to the main scam site.

| Detail | Value |
|--------|-------|
| Domain | xmrwallet.biz |
| Registered | 2026-02-09 |
| Prepaid | **5 years** |
| Registrar | WebNic.cc |
| Hosting | IQWeb / DDoS-Guard (Belize), AS59692 |
| IP | 190.115.31.40 |
| Status | **SUSPENDED** |

## DNS proof — same operator

xmrwallet.biz shared **identical infrastructure** with xmrwallet.com and xmrwallet.cc:
- Same MX records: mx1/mx2.privateemail.com
- Same NS records: ns1/ns2.ddos-guard.net
- Same WOT verification token: `8a5554c915e3c17278a7`
- Same SPF: spf.privateemail.com

## Operator reaction after suspension

After both xmrwallet.biz and xmrwallet.cc were suspended, the operator:
1. Deleted GitHub Issues #35 and #36 (all proof of theft)
2. Wiped repository content
3. Provided zero technical rebuttals

Destroying evidence instead of providing a technical rebuttal. Not one. Ever.

## Main investigation

- [Full Evidence](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/)
- [Deleted Issues Archive](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/deleted.html)
- [xmrwallet.com still active — report to abuse@namesilo.com](mailto:abuse@namesilo.com)

---

*Investigation by [PhishDestroy Research](https://github.com/phishdestroy)*