# h58sugnrnd.wggts9hcj6eatbyfy.net — SUSPICIOUS > h58sugnrnd.wggts9hcj6eatbyfy.net is a crypto drainer scam flagged by 0 of 95 VirusTotal vendors. Verify safety on PhishDestroy now. ## Summary The domain h58sugnrnd.wggts9hcj6eatbyfy.net is currently under investigation as a generic phishing site, with a high-risk classification for crypto drainer activity. The threat remains active, and users are advised to exercise caution when encountering this domain. PhishDestroy identifies this domain as a newly emerged crypto drainer scam, with zero detections out of 95 VirusTotal vendors as of January 07, 2026. The domain resolves to the IP address 104.21.60.25 and was registered through TUCOWS.COM, CO. The SSL certificate is issued by Google Trust Services, which may contribute to a false sense of security. Despite its low detection rate, this domain exhibits several red flags, including its creation date, which aligns with recent malicious campaigns targeting cryptocurrency users. The domain remains unlisted on major blocklists, though its infrastructure and naming conventions align with known phishing infrastructures. Given its active status and the absence of widespread vendor detections, this domain poses a significant risk to unsuspecting users, particularly those engaged in cryptocurrency transactions. The use of a Google Trust Services SSL certificate further underscores the sophistication of this threat, as threat actors increasingly leverage trusted issuers to evade detection. Users are strongly advised to avoid interacting with this domain and to verify its legitimacy through PhishDestroy before proceeding with any transactions. Additionally, organizations should consider blocking this domain and IP address at the network level to mitigate potential exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-01-07 20:51:49 - Registrar: TUCOWS.COM, CO. - IP: 104.21.60.25 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4abf8533-45d1-48ae-97ed-0dddd17454e9 - PhishDestroy: https://phishdestroy.io/domain/h58sugnrnd.wggts9hcj6eatbyfy.net/ - LLM endpoint: https://phishdestroy.io/domain/h58sugnrnd.wggts9hcj6eatbyfy.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/h58sugnrnd.wggts9hcj6eatbyfy.net/ Last updated: 2026-03-23