# bitcoguru.com — SUSPICIOUS

> bitcoguru.com is a crypto drainer site pushing generic phishing with 0/95 VirusTotal detections. Blocked by PhishDestroy & MetaMask now. Avoid clicking.

## Summary
bitcoguru.com is a live crypto drainer domain that currently conducts generic phishing campaigns aimed at cryptocurrency holders and Web3 users. The site uses brand impersonation tactics—posing as a legitimate crypto education resource—to trick visitors into connecting wallets or entering seed phrases. No known drainer kit signature is publicly attached yet, but behavioral patterns align with clipboard-hijacking malware and fake wallet-drain scripts hosted on the same server range.

Technical indicators confirm elevated risk: VirusTotal shows 0/95 detections as of the seed timestamp abbfaa. Domain registration through Global Domain Group LLC resolves to IP 172.67.146.105. The domain was created on March 30, 2026—an unusually recent date suggesting premeditated malice—and already appears on 3 independent security blocklists. Despite a Let's Encrypt SSL certificate, Google Safe Browsing has not yet flagged the domain.

The domain is currently active and blocked by PhishDestroy, MetaMask, and SEAL, placing it in a responsive containment status. However, given the zero VT score and unflagged GSB status, new variants could emerge rapidly. Remaining risk is high until major browser and extension blocklists universally propagate, so users should avoid all interactions and assume compromise if previously visited.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 12:45:17
- Registrar: Global Domain Group LLC
- IP: 172.67.146.105

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/822e8ceb-d994-4b2f-b4b9-8c8d16e1cc88
- PhishDestroy: https://phishdestroy.io/domain/bitcoguru.com/
- LLM endpoint: https://phishdestroy.io/domain/bitcoguru.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bitcoguru.com/
Last updated: 2026-03-31