# gunfiresquad.org — SUSPICIOUS

> gunfiresquad.org is a crypto drainer phishing site with 0/95 VirusTotal detections. Verify URLs on PhishDestroy before interacting.

## Summary
PhishDestroy identifies gunfiresquad.org as a cryptocurrency drainer posing as a fake trading platform to steal digital assets. This domain was flagged during routine monitoring of emerging phishing campaigns targeting crypto users, with specific indicators pointing to malicious intent designed to deceive visitors into connecting wallets or submitting seed phrases.  Evidence supporting this classification includes a VirusTotal scan result of 0/95 detections, indicating that no antivirus engines currently flag the domain, despite its malicious nature. The domain was registered through TUCOWS.COM, CO. on March 21, 2026, and resolves to IP address 18.66.147.73. Notably, the domain uses an Amazon-issued SSL certificate, which may lend false legitimacy to potential victims. At the time of writing, no major blocklists have flagged this domain, highlighting the importance of proactive verification tools like PhishDestroy.  Users who visited gunfiresquad.org should immediately cease any interaction with the site, disconnect connected wallets or devices, and scan their systems for malware. If any cryptocurrency transactions were attempted or completed, report the incident to the relevant blockchain explorers and consider revoking any wallet permissions granted to the domain. For ongoing protection, PhishDestroy recommends verifying all URLs before clicking or entering sensitive information, as this site exemplifies how quickly new phishing domains can evade traditional detection methods.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 12:15:26
- Registrar: TUCOWS.COM, CO.
- IP: 18.66.147.73

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c0e1d2e1-6817-420d-ad41-64e51d51aff9
- PhishDestroy: https://phishdestroy.io/domain/gunfiresquad.org/
- LLM endpoint: https://phishdestroy.io/domain/gunfiresquad.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gunfiresquad.org/
Last updated: 2026-03-22