payoneergw.com.cn
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of payoneergw.com.cn
The website appears to present itself as a Chinese-language digital wallet and payment platform using the PAYONEER name and branding. Its page title and metadata describe services such as digital asset storage, asset management, multi-currency support, transfers, and security controls, while the homepage screenshot promotes registration, login, wallet features, and USDT transfers.
Based on the domain structure, this does not appear to be an official Payoneer domain. The address combines the well-known Payoneer brand name with additional letters ("gw") under a .com.cn domain, which may indicate an unofficial or look-alike site rather than a primary corporate property. The content also shifts from mainstream payments branding toward cryptocurrency-style wallet messaging, which may not align with the expected identity of the legitimate financial brand.
Safety Assessment for payoneergw.com.cn
This domain shows multiple risk indicators at the time of this scan. It was flagged by 13 out of 91 security engines, with many of those detections classifying it as phishing or malicious. In addition, the domain closely resembles the Payoneer brand and may be a look-alike site intended to benefit from user trust in that name. The screenshot, title, and metadata all prominently use PAYONEER branding while promoting wallet and digital-asset functions, which raises further concern about possible impersonation.
A malware scan also reported one flagged script file (nb.js) as malicious, although blacklist databases were largely clean at the time of this scan. That combination can occur with newer or narrowly targeted phishing pages that have not yet propagated widely across blocklists. The very low trust score provided with the scan context is consistent with the broader pattern of phishing-related signals.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site was reachable over HTTPS with a valid Let's Encrypt certificate expiring in July 2026. It appears to be served by nginx from IP address 154.194.137.70, hosted by Starbow Ltd in Chai Wan, Hong Kong. DNSSEC is not enabled, and WHOIS lifecycle details such as creation and expiry dates were not available in the provided scan data.
From a security perspective, the main technical concern is not the TLS setup itself but the surrounding reputation and content signals: multiple phishing detections, a flagged JavaScript file, and branding that appears inconsistent with the domain. The site also uses plain HTTP URLs for many referenced resources in the scan output, which may further weaken trust in the implementation.
Share your experience with this website. Was it safe? Did you encounter any issues?