# goldmares.top — SUSPICIOUS > PhishDestroy identifies goldmares.top (generic phishing) with 0/95 VirusTotal detections impersonating a brand. Avoid interaction. Report immediately. ## Summary PhishDestroy identifies goldmares.top as an active generic phishing domain impersonating an unidentified brand to deliver credential theft payloads. The domain was registered on August 04, 2025 through Gname.com Pte. Ltd., resolving to IP 172.67.140.120. No drainer kit or specific brand has been confirmed; however, the threat type aligns with credential harvesting campaigns targeting unsuspecting users. The domain leverages a Google Trust Services SSL certificate to appear legitimate, increasing the likelihood of successful deception. Analysis suggests this infrastructure may be part of a broader campaign to harvest login credentials or sensitive information. This domain exhibits several concerning technical indicators. VirusTotal currently flags it with 0/95 detections, indicating it remains undetected by most antivirus engines as of seed 610593. The domain was created on August 04, 2025, and is registered via Gname.com Pte. Ltd., a registrar known for accommodating high-risk registrations. It resolves to IP 172.67.140.120, hosted on Cloudflare infrastructure, and is not currently flagged by Google Safe Browsing (GSB). The absence of detections and recent registration date suggest this is a newly deployed threat with potential for rapid expansion. Blocklist aggregators have not yet flagged this domain, further increasing its window of opportunity for exploitation. The domain goldmares.top is currently active and classified as a high-risk generic phishing threat under investigation. PhishDestroy assesses the immediate risk as elevated due to the lack of detection coverage, recent registration, and use of trusted SSL certificates. No active blocklists currently flag this domain, allowing it to remain accessible to potential victims. Users are strongly advised to avoid interacting with this domain or any associated links. Organizations should implement network-level blocking via DNS sinkholing or firewall rules targeting the IP and domain. Continuous monitoring is recommended as this campaign may escalate or pivot to new brands. Remaining risk is high until detections improve or the domain is blocked by major security vendors. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-08-04 08:13:59 - Registrar: Gname.com Pte. Ltd. - IP: 172.67.140.120 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/57855343-0573-415c-908c-bb52de8493c3 - PhishDestroy: https://phishdestroy.io/domain/goldmares.top/ - LLM endpoint: https://phishdestroy.io/domain/goldmares.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/goldmares.top/ Last updated: 2026-03-28