# dhgatemall.cc — MALICIOUS

> Beware: dhgatemall.cc is a confirmed crypto drainer impersonating Gate.io. This domain was blocked by PhishDestroy on seven security checks.

## Summary
PhishDestroy has identified dhgatemall.cc as an active crypto-draining phishing site with an elevated risk rating. Unlike generic credential harvester domains, this site specifically loads a cryptocurrency wallet-draining script that silently siphons tokens once a wallet is connected.  The domain resolves to IP 172.67.137.38 and uses a Google Trust Services SSL certificate. VirusTotal shows 7 of 95 security engines flagging it, and it already appears on one prominent blocklist. Registered on 5 June 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain stood up unusually fast and is still serving malicious payloads.  Users should never connect a wallet to dhgatemall.cc; tokens drained cannot be recovered. If you visited this site, disconnect your wallet immediately, revoke any connected permissions, and scan for unauthorized transactions. Report the domain to PhishDestroy for immediate takedown so others are protected.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-05 08:03:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.137.38

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5db8d1e2-08d3-4cd9-b1d3-5f99ab5ef84d
- PhishDestroy: https://phishdestroy.io/domain/dhgatemall.cc/
- LLM endpoint: https://phishdestroy.io/domain/dhgatemall.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dhgatemall.cc/
Last updated: 2026-03-26