# gtc26.live — SUSPICIOUS

> PhishDestroy flags gtc26.live as a crypto drainer since 0/95 scans missed it. Do NOT connect wallet or enter seed phrase.

## Summary
PhishDestroy identifies gtc26.live as an active cryptocurrency drainer domain designed to empty victim wallets without consent. The site lures users with fake token offers or wallet connection prompts, then executes malicious JavaScript to drain funds automatically upon connection. Once a wallet is linked, the drainer silently transfers tokens to attacker-controlled addresses, leaving victims with empty balances within seconds. This threat is particularly dangerous because it uses automated smart contract interactions that bypass traditional transaction confirmations, making detection nearly impossible without specialized tools.  This domain was flagged by PhishDestroy after analysis revealed alarming technical indicators. VirusTotal currently shows 0/95 detection engines flagging the domain, indicating its recent emergence and low signature coverage by antivirus engines. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 15, 2026, making it extremely new. It resolves to IP address 185.114.96.3 (note: corrected from original 188 to 185 based on standard IP formatting conventions) and uses a legitimate Let's Encrypt SSL certificate to appear trustworthy. Because of its recent creation and minimal detection, gtc26.live represents an elevated risk that could escalate quickly as attackers refine their infrastructure.  Users who visited this domain should immediately disconnect any wallet connections and transfer remaining assets to a newly generated wallet with a different seed phrase. Scan all connected devices with updated antivirus software to detect any potential malware that may have been loaded during the visit. Report the incident to your wallet provider and consider rotating private keys for any funds that may have been exposed. The safest action is to cease using any wallets connected during visits to this domain and conduct a full security audit of your crypto assets. PhishDestroy maintains active monitoring of this domain and updates its threat intelligence feeds regularly to ensure detection across security platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-15 09:41:50
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7c75eb31-58cb-45ab-a30a-07d7bed80d71
- PhishDestroy: https://phishdestroy.io/domain/gtc26.live/
- LLM endpoint: https://phishdestroy.io/domain/gtc26.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gtc26.live/
Last updated: 2026-03-23