# m.gtcfxlgroup.com — SUSPICIOUS

> Explore the safety status of m.gtcfxlgroup.com (GTCFX). Currently flagged for social engineering risks and under investigation for phishing activity.

## Summary
PhishDestroy identifies m.gtcfxlgroup.com as an active domain with a generic phishing threat type currently under investigation. The associated risk level remains undetermined as analysis continues to assess the full scope of malicious activity. Users should exercise caution when interacting with this domain.

Supporting evidence includes a recent domain registration date of January 6, 2026, through Gname.com Pte. Ltd., which is typical for newly created phishing infrastructure. Although VirusTotal scanning yields zero detections from 95 security vendors, Google Safe Browsing marks this domain for social engineering, indicating potential deceptive tactics. The domain resolves to IP 104.21.44.157, which is part of a known content delivery network often abused by threat actors for phishing campaigns. The page title "GTCFX" aligns with the domain name, suggesting an attempt at brand impersonation or spoofing.

Given the lack of detection by antivirus engines but the flagged social engineering status, PhishDestroy recommends close monitoring and avoidance of any interaction with m.gtcfxlgroup.com. Users are advised to verify email sources and URLs rigorously before engaging. The domain’s active status and ongoing investigation suggest potential risk remains, and defensive measures such as updated email filters and endpoint protections are prudent.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: GTCFX

## Domain Intelligence
- Registered: 2026-03-10 21:07:01
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 104.21.44.157
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: eve.ns.cloudflare.com hasslo.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["SOCRadar"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/n8Kt5Sjc/6bd4d1055744.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2254e1ac-9f02-4506-99ff-b801d662293a
- PhishDestroy: https://phishdestroy.io/domain/m.gtcfxlgroup.com/
- LLM endpoint: https://phishdestroy.io/domain/m.gtcfxlgroup.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/m.gtcfxlgroup.com/
Last updated: 2026-03-19