# kyosk.ws — SUSPICIOUS

> kyosk.ws is a credential harvesting phishing domain flagged by 2 of 95 VirusTotal vendors. This domain uses a Let's Encrypt SSL certificate and poses an.

## Summary
kyosk.ws is a currently active credential harvesting phishing domain engaging in unauthorized data collection. This domain is classified under the generic phishing threat type, specifically designed to deceive users into submitting sensitive information such as login credentials, financial details, or personal data. The phishing infrastructure is operational and poses an elevated risk to potential victims, necessitating immediate awareness and caution.  kyosk.ws was flagged by 2 of 95 VirusTotal security vendors, with additional indicators including resolution to IP address 138.124.50.240. The domain was registered through DYNADOT LLC on March 17, 2026, and utilizes a Let's Encrypt SSL certificate to appear legitimate. The low detection rate on VirusTotal, combined with the recent domain creation and hosting infrastructure, suggests a relatively new and potentially evasive phishing operation. Trust scores remain critically low due to the absence of established reputation and the domain's active phishing behavior.  The current status of kyosk.ws is active, with active measures recommended to mitigate exposure. Users and organizations should implement network-level blocking for this domain and its associated IP address (138.124.50.240) to prevent accidental access. Security teams should monitor for any related domains or infrastructure that may emerge from this campaign. Additionally, users who have interacted with this domain should immediately change passwords for any accounts potentially exposed and enable multi-factor authentication where available. Reporting this domain to relevant authorities and threat intelligence platforms is strongly encouraged to aid in broader mitigation efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 19:40:49
- Registrar: DYNADOT LLC
- IP: 138.124.50.240

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9ec955c1-f11c-4633-9eb8-865ce7dd68a1
- PhishDestroy: https://phishdestroy.io/domain/kyosk.ws/
- LLM endpoint: https://phishdestroy.io/domain/kyosk.ws/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kyosk.ws/
Last updated: 2026-03-29