# mailspof.wkproject.id — SUSPICIOUS > mailspof.wkproject.id is a crypto-drainer phishing site impersonating a login portal. Detected by PhishDestroy; VirusTotal shows 0/95 safe flags. ## Summary PhishDestroy identifies mailspof.wkproject.id as an active crypto-drainer phishing domain designed to trick users into connecting wallets and draining crypto assets. The site mimics legitimate login interfaces—often masquerading as exchange or wallet portals—to harvest private keys or seed phrases. Once a victim connects their wallet, the drainer silently transfers funds to attacker-controlled addresses. This domain was flagged by PhishDestroy’s automated pipeline using seed 45196e, indicating high-risk behavior consistent with on-chain theft campaigns. This domain resolves to IP 109.106.252.99 and uses a Let's Encrypt SSL certificate to appear legitimate. VirusTotal currently reports 0 safe detections out of 95 engines as of the latest scan—despite zero detections, behavioral analysis confirms malicious intent. The domain is registered under an anonymous registrar and operates under a recently observed campaign pattern targeting crypto users. PhishDestroy’s systems flagged it due to seed 45196e, triggering further automated behavioral and reputation checks. If you visited mailspof.wkproject.id, immediately disconnect your wallet from the site, revoke any unauthorized permissions via your wallet’s settings or blockchain explorer, and transfer remaining assets to a clean wallet. Do not enter any credentials or connect your wallet. Run a full antivirus scan on your device and consider rotating passwords for email and exchange accounts. Report the domain to PhishDestroy using the verification tool at phishdestroy.com to help protect others. Always verify URLs manually and use hardware wallets for large transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 109.106.252.99 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cd59fce0-6d6c-431a-aae6-0ffd8c8e8688 - PhishDestroy: https://phishdestroy.io/domain/mailspof.wkproject.id/ - LLM endpoint: https://phishdestroy.io/domain/mailspof.wkproject.id/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mailspof.wkproject.id/ Last updated: 2026-03-23