# wykosp.com — SUSPICIOUS

> PhishDestroy identifies wykosp.com as a live crypto drainer domain with 1/95 VirusTotal detections. This elevated-risk website steals cryptocurrency wallet.

## Summary
PhishDestroy confirms wykosp.com operates as an active crypto drainer, posing an elevated risk to cryptocurrency users. This domain mimics legitimate services to deceive victims into exposing wallet credentials, enabling direct fund theft.  This domain was flagged by PhishDestroy after VirusTotal recorded 1/95 security vendors detecting malicious activity. The domain was registered on March 17, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 185.114.97.3. Let's Encrypt issued its SSL certificate, and its recent creation date suggests a short-lived campaign targeting unsuspecting users.  Mitigation requires immediate action: block wykosp.com at the network and DNS levels, and warn cryptocurrency holders about this threat. Users should verify URLs before entering wallet credentials and use hardware wallets for additional security. Report the domain to security teams and blocklists to prevent further infections.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 15:30:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2c18352f-b29d-4cae-837c-541f4d5e06ef
- PhishDestroy: https://phishdestroy.io/domain/wykosp.com/
- LLM endpoint: https://phishdestroy.io/domain/wykosp.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wykosp.com/
Last updated: 2026-03-20