# www.connect.provaultcopy.com — SUSPICIOUS > provaultcopy.com hosts a crypto drainer phishing scam. Flagged by 0/95 VirusTotal vendors, verify URLs before clicking to stay safe. Report to PhishDestroy. ## Summary PhishDestroy identifies provaultcopy.com as an active crypto drainer phishing domain impersonating ProVault Copy services. The domain is currently under investigation but remains accessible, posing an immediate threat to unsuspecting users. This scam employs deceptive tactics to trick victims into connecting cryptocurrency wallets and draining funds. This domain was flagged by 0 of 95 VirusTotal vendors, indicating it has not yet been widely recognized as malicious. Registered through TuringSign Inc. d/b/a Cosmotown, provaultcopy.com resolves to IP address 86.107.77.57 and holds a Let's Encrypt SSL certificate. The domain was created on July 14, 2025, making it a recently deployed threat infrastructure. PhishDestroy's internal analysis shows the domain remains unlisted on most blocklists, with trust scores reflecting its early-stage malicious activity. Provaultcopy.com is an active threat requiring immediate attention. Users are advised to avoid visiting or interacting with this domain. If this domain was encountered, PhishDestroy recommends disconnecting any connected cryptocurrency wallets, scanning devices for malware, and verifying URLs through PhishDestroy's verification tools. Report any suspicious interactions to PhishDestroy to aid in threat mitigation and blocklisting efforts. Stay vigilant against crypto drainer phishing campaigns targeting wallet connections. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-14 13:35:58 - Registrar: TuringSign Inc. d/b/a Cosmotown - IP: 86.107.77.57 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8735d9c1-0874-48cc-ae3e-5257a551aeb4 - PhishDestroy: https://phishdestroy.io/domain/www.connect.provaultcopy.com/ - LLM endpoint: https://phishdestroy.io/domain/www.connect.provaultcopy.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.connect.provaultcopy.com/ Last updated: 2026-03-23