# gomberg.net — MALICIOUS

> gomberg.net is distributing a crypto drainer malware, flagged by 9 of 95 VirusTotal vendors. Avoid all crypto transactions on this domain.

## Summary
PhishDestroy identifies gomberg.net as an active crypto drainer domain engaged in fraudulent cryptocurrency extraction activities. The domain is currently classified as an elevated security threat with confirmed malicious intent targeting digital asset holders. This platform exhibits clear indicators of a crypto drainer scheme designed to illicitly transfer cryptocurrency from unsuspecting victims' wallets.


This domain was flagged by 9 of 95 VirusTotal security vendors, indicating significant malicious activity. Registered through NameCheap, Inc., this domain resolves to IP address 172.67.193.61 and was created on July 09, 2024. The domain appears on 2 security blocklists and holds a Google Trust Services SSL certificate, attempting to appear legitimate while executing crypto drainer operations.


PhishDestroy advises all users to immediately block gomberg.net on their networks and browsers. Users who have previously interacted with this domain should transfer any remaining digital assets to newly generated wallet addresses and enable additional security measures including two-factor authentication and wallet allowlisting. Report any suspicious transactions to your wallet provider and relevant cryptocurrency authorities immediately.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-07-09 12:14:40
- Registrar: NameCheap, Inc.
- IP: 172.67.193.61

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/807cf525-c556-4205-b11f-5b0244b4d704
- PhishDestroy: https://phishdestroy.io/domain/gomberg.net/
- LLM endpoint: https://phishdestroy.io/domain/gomberg.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gomberg.net/
Last updated: 2026-04-14