# wofcas.com — MALICIOUS

> wofcas.com is an active phishing domain impersonating financial services. Flagged by 5/95 VirusTotal vendors, it uses a Let's Encrypt SSL certificate.

## Summary
PhishDestroy identifies wofcas.com as an active phishing domain targeting financial services users. This domain resolves to 172.67.215.83 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 11, 2026. Security vendors have already flagged it with 5 out of 95 detections on VirusTotal, indicating elevated risk and active misuse.  This domain poses a significant threat by luring users into fraudulent financial transactions or credential theft. The presence of a Let's Encrypt SSL certificate adds a false sense of legitimacy, while its recent creation and low detection rate suggest it is a newly deployed threat actor asset. Users who interact with this domain risk exposing sensitive banking or payment information to cybercriminals. The combination of low detection and recent domain creation increases the likelihood of successful deception.  If you have visited wofcas.com or received related links, cease all interaction immediately. Do not enter any personal or financial data. Run a full system scan using reputable antivirus software. Report the domain to your IT security team or relevant cybercrime unit using the exact domain name and associated IP address (172.67.215.83). Enable multi-factor authentication on all financial accounts and monitor for unauthorized transactions. Consider blocking the domain and IP at your network perimeter to prevent further exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-11 11:06:46
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.215.83

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5cdc006a-48ab-468e-9c6d-eb1773c32736
- PhishDestroy: https://phishdestroy.io/domain/wofcas.com/
- LLM endpoint: https://phishdestroy.io/domain/wofcas.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wofcas.com/
Last updated: 2026-04-14