# gmgn-wallet.com — SUSPICIOUS > Beware: gmgn-wallet.com is a crypto drainer domain posing as a wallet service. Resolves to IP 104.21.92.221. Avoid this site to protect crypto funds. ## Summary PhishDestroy identifies gmgn-wallet.com as an active crypto drainer domain under investigation for high-risk cryptocurrency theft activities. This domain mimics legitimate wallet services to deceive users into connecting wallets or entering private keys, enabling threat actors to drain crypto assets without authorization. The malicious infrastructure is designed to exploit user trust and urgency, particularly targeting cryptocurrency holders seeking secure storage solutions. This domain was flagged with 0 out of 95 detections on VirusTotal at the time of analysis, indicating it currently evades mainstream antivirus and security tool signatures. It was registered through CNOBIN INFORMATION TECHNOLOGY LIMITED, resolves to IP address 104.21.92.221, and holds a valid SSL certificate issued by Let’s Encrypt. Registered on March 21, 2026, the domain is newly established but already active and potentially being weaponized in ongoing campaigns. Trust and blocklist data remain limited due to its recent emergence and low detection rate, increasing the risk of successful exploitation. To mitigate exposure, users must avoid accessing gmgn-wallet.com or any associated links, especially those received via unsolicited messages or social media. Never connect wallets, input seed phrases, or approve transactions on untrusted websites. Block the domain at DNS/network level using indicators like 104.21.92.221 and report the domain to security teams and crypto fraud platforms such as Chainabuse. Monitor wallet activity for unauthorized transactions. Organizations should update threat intelligence feeds to block this domain immediately and warn stakeholders to verify website authenticity via official channels before any crypto-related interaction. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 14:04:38 - Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED - IP: 104.21.92.221 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/93812ffd-d071-490f-b42e-2b3f2de1de0e - PhishDestroy: https://phishdestroy.io/domain/gmgn-wallet.com/ - LLM endpoint: https://phishdestroy.io/domain/gmgn-wallet.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gmgn-wallet.com/ Last updated: 2026-03-22