# 369zk888.com — SUSPICIOUS > 369zk888.com is a crypto drainer mimicking brands. Resolves to IP 65.8.131.71, created Oct 18, 2025, undetected by VirusTotal (0/95). ## Summary PhishDestroy identifies 369zk888.com as an active crypto drainer domain posing a direct threat to cryptocurrency investors. This malicious site is engineered to trick visitors into connecting their wallets, enabling unauthorized token transfers without consent. Once a user interacts with the page, the drainer silently approves malicious contracts that siphon funds to attacker-controlled accounts. Unlike credential theft pages that harvest login details, crypto drainers target blockchain wallets directly, making them particularly dangerous for users handling digital assets. This domain was flagged by PhishDestroy's automated monitoring systems after being registered on October 18, 2025—just days ago—through GoDaddy.com, LLC. It currently resolves to IP address 65.8.131.71 and utilizes an Amazon SSL certificate to appear legitimate. Uniquely concerning is that VirusTotal's detection engine, powered by 95 security vendors, shows 0 detections at this time (0/95), meaning most antivirus tools do not yet recognize it as malicious. This low detection rate highlights how rapidly emerging threats can evade traditional defenses, especially when leveraging newly registered domains and trusted SSL providers. If you visited 369zk888.com or interacted with it using a cryptocurrency wallet, take immediate action to protect your funds. Revoke any unauthorized wallet connections in your wallet settings—most modern wallets like MetaMask allow you to view and remove connected dApps and contracts. Transfer your remaining assets to a new, clean wallet if you suspect compromise. Report the domain to your wallet provider and consider filing a complaint with local cybercrime units or platforms like Chainalysis. Always verify URLs manually and never click links from unsolicited messages—manual typing is safer. Stay vigilant: newly registered domains with low VT detection scores are prime hunting grounds for crypto drainers targeting the unwary. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-18 12:40:35 - Registrar: GoDaddy.com, LLC - IP: 65.8.131.71 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9427e6b2-0caf-4df8-88d1-2de75691b507 - PhishDestroy: https://phishdestroy.io/domain/369zk888.com/ - LLM endpoint: https://phishdestroy.io/domain/369zk888.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/369zk888.com/ Last updated: 2026-03-24