# m58.meiqiea.com — SUSPICIOUS > m58.meiqiea.com mimics imToken’s official site to deploy a crypto drainer kit. VirusTotal flags 0/95 engines; verify on PhishDestroy for safety. ## Summary PhishDestroy identifies m58.meiqiea.com as an active crypto drainer posing as the legitimate imToken wallet website, targeting Ethereum and Bitcoin users. The domain leverages a spoofed page title identical to imToken’s official site (imToken 官网|以太坊和比特币区块链钱包) to deceive visitors into connecting fraudulent cryptocurrency wallets or divulging private keys. This campaign appears designed to siphon digital assets under the guise of a trusted blockchain service provider, with no legitimate association to imToken or its infrastructure. The domain’s infrastructure is newly provisioned, suggesting a rapid deployment strategy to evade early detection by threat intelligence platforms. This domain was registered through West263 International Limited on June 28, 2024, and resolves to IP address 43.169.25.95. The SSL certificate, issued by Let’s Encrypt, lends superficial legitimacy, but VirusTotal currently reports 0/95 detections for this domain, indicating it has not yet been widely flagged by antivirus engines. As of the latest assessment, PhishDestroy has not identified this domain on the Google Safe Browsing (GSB) blocklist, and no public blocklist entries are associated with it. The combination of a newly registered domain, low detection coverage, and impersonation of a reputable cryptocurrency wallet service indicates an elevated risk of exploitation for financial fraud. The campaign remains active and under investigation, with PhishDestroy actively monitoring infrastructure changes and user reports. As of now, the domain has not been neutralized by upstream providers or registrars, leaving a residual risk for unsuspecting users who may encounter the site via phishing links or malicious advertisements. Users are strongly advised to cross-verify URLs against official imToken channels and utilize PhishDestroy’s real-time validation tools before engaging with cryptocurrency-related websites. Immediate reporting of any suspicious interactions is encouraged to aid in takedown efforts and protect the broader community from financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: imToken 官网|以太坊和比特币区块链钱包 ## Domain Intelligence - Registered: 2024-06-28 02:59:03 - Registrar: West263 International Limited - IP: 43.169.25.95 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/m58.meiqiea.com - PhishDestroy: https://phishdestroy.io/domain/m58.meiqiea.com/ - LLM endpoint: https://phishdestroy.io/domain/m58.meiqiea.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/m58.meiqiea.com/ Last updated: 2026-04-04