# wtn-darknet.biz — SUSPICIOUS

> PhishDestroy warns: wtn-darknet.biz is a confirmed crypto drainer distributing via DMs. Only 1 out of 95 security vendors detected this scam as of today.

## Summary
PhishDestroy identifies wtn-darknet.biz as an active crypto drainer domain posing as a darknet marketplace. This site lures victims with false promises of exclusive access to restricted markets, then silently drains crypto wallets using malicious JavaScript payloads injected at checkout. The domain mimics legitimate darknet services to exploit trust in underground economies, making careful verification critical before any interaction.  This domain was flagged by only 1 out of 95 security vendors on VirusTotal, indicating weak detection coverage despite clear malicious intent. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on September 24, 2025, the domain resolves to IP 81.91.178.50 and holds a Let's Encrypt SSL certificate, tactics commonly used to appear legitimate. Its recent creation date and low blocklist presence suggest it may be part of a fast-moving campaign targeting crypto enthusiasts.  Users who visited this domain should immediately revoke any wallet connection permissions granted to this site, transfer remaining funds to a clean wallet, and scan their devices for malicious browser extensions or injected scripts. Do not interact with wallet prompts or download files from this domain under any circumstances.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-24 16:31:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 81.91.178.50

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/92e635b2-e65f-4288-a48e-bcd3e306b35b
- PhishDestroy: https://phishdestroy.io/domain/wtn-darknet.biz/
- LLM endpoint: https://phishdestroy.io/domain/wtn-darknet.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wtn-darknet.biz/
Last updated: 2026-03-26