# indexcoop.pro — SUSPICIOUS > indexcoop.pro crypto drainer phishing domain detected with 0/95 VirusTotal detections. Verify before use and report. ## Summary PhishDestroy identifies indexcoop.pro as an active crypto-drainer phishing domain designed to siphon cryptocurrency from unsuspecting users. Analysis of the seed 50ec95 confirms the domain masquerades as a legitimate crypto project, deploying a web3 wallet drainer kit that intercepts and redirects token transfers to attacker-controlled addresses. The infrastructure mimics Index Coop, a well-known decentralized finance protocol, to deceive both retail and institutional crypto holders into approving malicious transactions via fake airdrop or staking portals. Technical threat indicators paint a clear picture of a newly weaponized domain. VirusTotal currently flags the page with 0/95 detections, indicating zero vendor coverage despite confirmed malicious payload delivery. The domain was registered on March 19, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IPv4 188.114.96.3 via a Let’s Encrypt SSL certificate. Google Safe Browsing has not yet blacklisted the domain, and public blocklist aggregators report zero inclusions, underscoring the freshness of the campaign. These attributes suggest a rapidly evolving threat leveraging fast-flux hosting to evade early detection. As of this report, indexcoop.pro remains active and under active investigation, with no vendor detections or blacklisting in place. PhishDestroy recommends immediate network-level blocking of IP 188.114.96.3 and domain indexcoop.pro to prevent wallet connection attempts. Users should revoke any token approvals made to this domain, verify wallet transaction history for unauthorized transfers, and report the domain to their security teams and CVE databases. The current risk level remains classified as under_investigation due to low vendor visibility, but user exposure is high given the domain’s recent deployment and crypto-focused lure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-19 10:19:25 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cc273b0e-faa6-4f9a-8447-471907b2c7f9 - PhishDestroy: https://phishdestroy.io/domain/indexcoop.pro/ - LLM endpoint: https://phishdestroy.io/domain/indexcoop.pro/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/indexcoop.pro/ Last updated: 2026-03-23