# atgamb.cc — SUSPICIOUS

> atgamb.cc linked to generic phishing delivering crypto drainer kit, 0/95 VirusTotal detections at launch, investigate immediately before wallet interaction.

## Summary
PhishDestroy identifies atgamb.cc as a live generic phishing domain currently serving a cryptocurrency drainer kit. The site masquerades under a newly registered name and is being promoted to harvest private keys, seed phrases, and wallet credentials from unsuspecting cryptocurrency users. No specific brand is being impersonated in this iteration, but the payload is designed to empty wallets across multiple chains once victims authorize malicious transactions. The domain exhibits classic short-lived campaign characteristics aimed at rapid fund extraction before takedown.  atgamb.cc resolves to 188.114.96.3 via a Let’s Encrypt SSL certificate. Domain registration occurred on April 02, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, indicating recent acquisition and low reputation. VirusTotal detection remains at 0/95 as of initial analysis, confirming zero sandbox or antivirus coverage. Google Safe Browsing (GSB) has not yet flagged the domain, and no public blocklists have been updated to include this IP or domain. The combination of fresh registration, low VT score, and high-risk payload suggests an early-stage campaign with high evasion potential.  This domain is ACTIVE and poses an immediate risk to cryptocurrency users visiting or interacting with it. No takedown actions have been reported at this stage due to the 0/95 detection status and lack of prior history. Users should block the domain at DNS level, avoid any wallet connections, and report the site to GSB, VirusTotal, and local CERT teams. Remaining risk is HIGH until payload signatures mature and detection rates improve. Proactive blocking is strongly advised.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-02 16:19:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/atgamb.cc
- PhishDestroy: https://phishdestroy.io/domain/atgamb.cc/
- LLM endpoint: https://phishdestroy.io/domain/atgamb.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/atgamb.cc/
Last updated: 2026-04-07