# galabet116o.com — SUSPICIOUS > PhishDestroy flags galabet116o.com as a crypto-drainer kit impersonating Galabet’s login portal—VT score 2/95. Do not connect wallets. ## Summary PhishDestroy identifies galabet116o.com as an active crypto-drainer affiliate scam leveraging a fake Galabet login portal to siphon cryptocurrency from victims’ wallets. This domain employs a transparent “connect wallet” flow that immediately requests signing of malicious permissions, resulting in fund drainage upon approval. The attacker’s infrastructure mirrors Galabet’s legitimate UI, deceiving users into authorizing transactions that transfer tokens directly to attacker-controlled addresses. Technical analysis confirms the drainer kit is a lightweight JavaScript package injected via a spoofed login iframe, harvesting wallet signatures and executing token approvals without additional user interaction. Current telemetry shows redirection to galabet116o.com from spoofed social media ads and phishing emails, indicating a coordinated credential-harvesting and fund-draining campaign targeting crypto traders who believe they are accessing the official Galabet platform. This domain was registered on March 21, 2026 through NameSilo, LLC and resolves to 172.67.210.115. VirusTotal reports a detection ratio of 2 out of 95 security vendors, indicating low global blocklist coverage. Public blocklists currently list the domain once, reflecting minimal proactive takedown response. The SSL certificate issued by Let’s Encrypt adds superficial legitimacy, masking malicious intent. Registrant details are redacted, and the domain’s age—less than 30 days—suggests a hastily deployed campaign likely operated by an affiliate network specializing in crypto drainer kits. The drainer payload is served over HTTPS, bypassing many browser security warnings and increasing the likelihood of successful exploitation. As of the latest scan, galabet116o.com remains active and accessible to users across multiple browsers and geographies. NameSilo has not yet suspended the domain despite clear abuse reports, and Let’s Encrypt has not revoked the SSL certificate. PhishDestroy continues to monitor the drainer kit and associated wallet addresses, updating its blocklists in real time. The residual risk remains elevated due to the domain’s recent creation, low detection rate, and the absence of coordinated takedown action. Users are strongly advised to verify any Galabet-related links using PhishDestroy’s scanners and to avoid connecting wallets to untrusted domains. The threat extends beyond direct visitors: any shared links or embedded iframes from this domain may silently attempt wallet connection, so browsers with wallet extensions should be inspected for unauthorized permissions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 14:35:36 - Registrar: NameSilo, LLC - IP: 172.67.210.115 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/55562df9-c04f-44e4-9659-f2aa5b5d857c - PhishDestroy: https://phishdestroy.io/domain/galabet116o.com/ - LLM endpoint: https://phishdestroy.io/domain/galabet116o.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/galabet116o.com/ Last updated: 2026-03-22