# ghatfhaan.com — SUSPICIOUS > PhishDestroy identifies ghatfhaan.com as an active generic phishing domain with 0/95 VirusTotal detections. This domain resolves to IP 188.114.97. ## Summary PhishDestroy identifies ghatfhaan.com as an active generic phishing domain targeting users with a crypto drainer tool. The domain was registered through HOSTINGER operations, UAB, and resolved to IP 188.114.97.3, which hosts a known malicious payload. The domain remains undetected by VirusTotal (0/95) despite active campaign operations since November 03, 2022. The SSL certificate issued by Google Trust Services further legitimizes the domain’s appearance, reducing user suspicion. This domain exhibits multiple red flags indicative of a newly deployed phishing campaign. First, the lack of detection (0/95 on VirusTotal) suggests it is either very new or employing evasion tactics to bypass security tools. The registrar, HOSTINGER operations, UAB, has been linked to previous phishing infrastructure, though not all registrars under this brand are malicious. The IP address 188.114.97.3 is associated with Hostinger’s infrastructure, which is frequently abused for bulletproof hosting due to weak abuse policies. The domain’s creation date (November 03, 2022) aligns with a recent surge in generic phishing domains targeting cryptocurrency users. Additionally, the use of a Google Trust Services SSL certificate adds a layer of false legitimacy, tricking users into believing the site is secure. While no third-party blocklists currently flag this domain, its recent activity and payload delivery mechanism classify it as an active threat. To mitigate risks associated with ghatfhaan.com, immediate action is required. Organizations and individuals should block the domain at the DNS level and add 188.114.97.3 to network blocklists. Users interacting with cryptocurrency platforms should verify URLs manually and avoid clicking links from unsolicited sources. Security teams should deploy behavioral analysis tools to monitor for outbound connections to this IP. Given the domain’s low detection rate, proactive threat hunting is essential to identify related infrastructure. This campaign is expected to evolve rapidly, so continuous monitoring of the domain and its associated IP is critical to prevent further compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2022-11-03 11:32:57 - Registrar: HOSTINGER operations, UAB - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1bb78128-8edb-4dfe-8159-3d1be6098ffe - PhishDestroy: https://phishdestroy.io/domain/ghatfhaan.com/ - LLM endpoint: https://phishdestroy.io/domain/ghatfhaan.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ghatfhaan.com/ Last updated: 2026-03-25