# jimgamb.cc — SUSPICIOUS

> PhishDestroy flags jimgamb.cc as an active PayPal credential phishing site resolving to 104.21.89.14. 4 of 95 VirusTotal scanners already detect it.

## Summary
PhishDestroy identifies the recently activated domain jimgamb.cc as a live PayPal credential-phishing page designed to trick visitors into entering their login details. The site mimics PayPal’s login flow and harvests any information entered, putting accounts at risk of takeover and financial loss.

This domain was flagged by PhishDestroy after VirusTotal confirmed only 4 of 95 participating security vendors currently detect it; it went live on March 14, 2026, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The site also holds a valid Let’s Encrypt SSL certificate to appear more trustworthy.

If you visited jimgamb.cc, do not enter any PayPal credentials or personal data. Log out of PayPal in all browsers, clear cached credentials, and run a malware scan on your device. Report the domain to PayPal’s fraud team and consider enabling multi-factor authentication on your account as an extra safeguard.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 10:41:56
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.89.14

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ee52371e-718a-4cb6-b652-8ed7fc5fa5fb
- PhishDestroy: https://phishdestroy.io/domain/jimgamb.cc/
- LLM endpoint: https://phishdestroy.io/domain/jimgamb.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jimgamb.cc/
Last updated: 2026-03-21