# PhishDestroy threat dossier — globalgrantscenter.com ================================================================ Fetched: 2026-04-22 08:32:24 UTC Canonical: https://phishdestroy.io/domain/globalgrantscenter.com/ ## VERDICT ---------------------------------------------------------------- HIGH THREAT — malicious activity confirmed Composite threat score: 70/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/94 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 37.49.229.75 (NL, Amsterdam) ASN: AS3920 PUSHPKT OU Hosting org: ESTOXY OU Registrar: TuringSign Inc. d/b/a Cosmotown Nameservers: ns1.controlpanel.sbs, ns2.controlpanel.sbs Registered: 2026-04-20 Page title: Home | Global Grants Center HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R13 Expires: 2026-07-19 Status: INVALID chain Fingerprint: c97fd26966ea811d25336a8e2412072e30f1790b054a02e09c46d2e2e916d4b2 Subject Alternative Names (related infrastructure — often same operator): - autodiscover.globalgrantscenter.com - cpanel.globalgrantscenter.com - cpcalendars.globalgrantscenter.com - cpcontacts.globalgrantscenter.com - mail.globalgrantscenter.com - webdisk.globalgrantscenter.com - webmail.globalgrantscenter.com - www.globalgrantscenter.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-20 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-20 15:27:51 UTC (by PhishDestroy tracker) First reported: 2026-04-20 12:28:39 UTC (abuse notice filed) Last verified: 2026-04-22 07:23:40 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019daadb-a8a7-7387-afae-2fdb2266a6ad/ URLQuery: https://urlquery.net/report/03c9a041-3a62-4ff4-91ef-3c36c7e671d7 Wayback Machine: https://web.archive.org/web/*/globalgrantscenter.com crt.sh CT logs: https://crt.sh/?q=%25.globalgrantscenter.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=globalgrantscenter.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/globalgrantscenter.com URLhaus: https://urlhaus.abuse.ch/host/globalgrantscenter.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-20 15:28:46 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies globalgrantscenter.com as a currently active crypto drainer domain designed to trick users into connecting cryptocurrency wallets under false pretenses of grant access or funding opportunities. The site masquerades as an official grant platform to harvest private keys, seed phrases, or directly drain connected wallets. Visitors who connect their wallets risk immediate loss of all digital assets, including NFTs, tokens, and stablecoins, with no possibility of recovery once the transaction is confirmed on-chain. This domain was specifically engineered to exploit trust in nonprofit funding mechanisms by offering fake grant opportunities, then executing unauthorized transfers upon wallet connection. If you encountered this site, do not interact—treat it as a high-risk scam. This domain was flagged with 0 detections out of 95 engines on VirusTotal at time of analysis, indicating it remains undetected by most antivirus platforms despite active misuse. The domain was registered on April 20, 2026, through TuringSign Inc. d/b/a Cosmotown, a registrar known for anonymized registrations that complicate anti-fraud investigations. It resolves to IP address 37.49.229.75, which hosts multiple fraudulent domains under the same pattern. The use of a free Let's Encrypt SSL certificate suggests an attempt to appear legitimate, but the certificate provides no real security—it only secures the connection to the attacker's server. The combination of recent registration, zero detections, and zero-day status makes this domain particularly dangerous, as traditional security tools have not yet learned to recognize it. If you visited globalgrantscenter.com or connected your cryptocurrency wallet to this site, immediately disconnect your wallet from any websites, refresh your browser cache, and revoke any unnecessary permissions using blockchain tools like Etherscan’s Token Approval Checker or similar for other chains. Do not interact with any pop-ups, prompts, or transaction requests that appeared during your visit. Transfer any remaining assets to a fresh wallet, generated offline or via a hardware wallet, and enable two-factor authentication on all related accounts. If funds were stolen, report the incident to your wallet provider and local cybercrime authorities. Document the domain URL, transaction hashes, and wallet addresses before they are potentially obfuscated by the attackers. Finally, update your browser and security software, and avoid searching for grant opportunities through untrusted links—only use official government or established nonprofit portals accessed directly via verified URLs. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260420-6DF65D Favicon MD5: f2b0aa80f87d3ce1721ece2f670f0f28 TLS cert SHA-256: c97fd26966ea811d25336a8e2412072e30f1790b054a02e09c46d2e2e916d4b2 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/globalgrantscenter.com/ JSON API: https://api.destroy.tools/v1/check?domain=globalgrantscenter.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io