# ozempischapotheek.com — SUSPICIOUS > ozempischapotheek.com is a generic phishing domain impersonating a pharmacy to deploy crypto drainers. VirusTotal flags 1/95 vendors. Disconnect immediately. ## Summary PhishDestroy identifies active crypto-draining phishing infrastructure hosted at ozempischapotheek.com. This domain mimics a legitimate pharmacy site to trick users into connecting cryptocurrency wallets under the guise of prescription fulfillment or discount offers. Upon connection, the page loads a malicious JavaScript crypto-drainer that silently approves and drains tokens from connected wallets without further user interaction. This domain was flagged by VirusTotal on 1/95 security vendors, indicating minimal detection coverage despite clear malicious intent. It resolves to IP 92.113.23.8 and was registered on March 17, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED using a Let’s Encrypt SSL certificate, providing a false veneer of legitimacy. The combination of recent registration date, low detection rate, and active hosting context suggests a newly deployed campaign targeting users seeking discounted or hard-to-find medications. If you accessed ozempischapotheek.com or entered any wallet information: immediately revoke any token approvals using tools like revoke.cash or your wallet’s built-in approval manager. Disconnect the wallet from all dApps and consider transferring remaining assets to a new wallet with a clean seed phrase. Report the domain to your antivirus vendor and monitor wallet activity for unauthorized transactions. Disable auto-approval in wallet settings and avoid clicking unsolicited links offering medical discounts or financial incentives. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-03-17 01:20:05 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 92.113.23.8 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ed12cb33-17fa-4181-81a1-6b51b2acc98b - PhishDestroy: https://phishdestroy.io/domain/ozempischapotheek.com/ - LLM endpoint: https://phishdestroy.io/domain/ozempischapotheek.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ozempischapotheek.com/ Last updated: 2026-03-27