# getstether.net — SUSPICIOUS > getstether.net caught distributing a fake Steth drainer kit. VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies getstether.net as a live domain hosting a generic phishing campaign designed to impersonate Steth token services. The domain leverages homograph confusion, replacing the letter 'i' with 'l' to mimic the legitimate Steth platform (steth.dev). False brand association is further reinforced through SSL trust indicators, including a Google Trust Services certificate, a tactic increasingly favored by phishing kits to bypass browser warnings. Although current detections on VirusTotal remain at 0/95, the domain’s infrastructure and naming pattern strongly suggest early-stage deployment of a drainer kit targeting cryptocurrency users transferring tokens via fake wallet interfaces. Technical indicators confirm high-risk components: the domain was created on August 20, 2024, and resolves to IP 104.21.76.63. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for bulk registrations that often correlate with malicious infrastructure. The site’s SSL certificate, issued by Google Trust Services, adds superficial legitimacy but does not correlate with the actual Steth project. As of the latest scan, VirusTotal reports 0 malicious detections out of 95 engines, leaving it undetected by standard defenses despite active deployment. The domain remains active and under active monitoring with a status of 'under_investigation'. PhishDestroy has flagged the unique seed bb50ba to track evolution and distribution vectors as the kit potentially spreads across social media and phishing forums. While the immediate risk is categorized as 'under_investigation', the absence of detection and recent creation date elevate the threat level to critical for users interacting with wallet services. Users are advised to avoid clicking links related to getstether.net, verify all URLs through official channels, and report any suspicious transactions immediately. Full forensic indicators and mitigation steps are available in the PhishDestroy threat database. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-08-20 17:17:18 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.76.63 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/47bb1b68-25bb-4ac2-aeae-93336f88ac1c - PhishDestroy: https://phishdestroy.io/domain/getstether.net/ - LLM endpoint: https://phishdestroy.io/domain/getstether.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/getstether.net/ Last updated: 2026-03-27