# wkhyi2tdqzxha8.com — MALICIOUS > Investigating wkhyi2tdqzxha8.com: Social engineering phishing page flagged by 12 of 95 VirusTotal vendors. Check the full report. ## Summary The domain wkhyi2tdqzxha8.com is actively engaged in social engineering phishing activities and has been confirmed as a high-risk threat to users. Security researchers identify this domain as a live phishing page designed to deceive visitors through fraudulent tactics, currently marked as active and unmitigated. No specific brand impersonation has been identified in this instance. PhishDestroy analysis reveals that wkhyi2tdqzxha8.com has been flagged by 12 of 95 VirusTotal security vendors, signaling widespread detection of malicious intent. Registered through GMO Internet, Inc., this domain resolves to IP address 172.67.153.145 and was created on March 23, 2026. The domain holds a valid SSL certificate issued by Let's Encrypt and appears on 1 security blocklist. Its presence in Google Safe Browsing’s SOCIAL_ENGINEERING category further corroborates the phishing threat. Trust metrics remain critically low due to active abuse and lack of historical legitimacy. Immediate action is required to neutralize this threat. Users should avoid accessing wkhyi2tdqzxha8.com and report it via their browser’s phishing warning system or security vendor portals. Network administrators are advised to block the domain at the DNS and firewall levels using the IP address 172.67.153.145 and domain name. SSL inspection policies should be enforced to prevent encrypted phishing traffic from bypassing defenses. Continuous monitoring is recommended due to the recent domain registration and high likelihood of rapid infrastructure changes. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-23 14:32:07 - Registrar: GMO Internet, Inc. - IP: 172.67.153.145 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["InversionDNS"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/wkhyi2tdqzxha8.com - PhishDestroy: https://phishdestroy.io/domain/wkhyi2tdqzxha8.com/ - LLM endpoint: https://phishdestroy.io/domain/wkhyi2tdqzxha8.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wkhyi2tdqzxha8.com/ Last updated: 2026-04-09