# punchmonkey.lol — SUSPICIOUS > punchmonkey.lol is a cryptocurrency draining scam flagged by MetaMask. It has zero VirusTotal detections despite active blocklists. ## Summary This domain is a generic cryptocurrency drainer setup designed to deceive users into connecting malicious wallets, siphoning crypto assets under the guise of legitimate transactions. It does not impersonate a specific brand but operates as a standalone malicious domain. The domain leverages a drainer kit likely sourced from underground forums, targeting unsuspecting users through social engineering tactics such as fake giveaways, fraudulent NFT mints, or deceptive wallet connection prompts. Analysis of the domain’s infrastructure reveals a hastily deployed campaign with minimal obfuscation, suggesting opportunistic rather than highly targeted operations. PhishDestroy identifies punchmonkey.lol as a generic phishing threat with the following technical indicators: the domain resolves to IP 104.21.89.168 and was registered on March 22, 2026, through Global Domain Group LLC. The domain is currently flagged by Google Safe Browsing (GSB) and appears on two additional security blocklists. Despite this, it remains undetected by 95 VirusTotal engines (0/95 detections), indicating a detection gap likely due to low usage volume or evasion tactics. The domain utilizes a Let’s Encrypt SSL certificate, which is standard for phishing domains to appear legitimate. The registrar’s reputation and the domain’s recent creation suggest a disposable infrastructure likely aimed at short-lived campaigns. The domain is currently active and remains under investigation with a risk level classified as 'under_investigation.' It has been blocked by SEAL and MetaMask, indicating partial protection within cybersecurity ecosystems. However, the absence of detections on VirusTotal and the lack of specific brand impersonation imply a lower immediate threat compared to highly targeted campaigns. Users are strongly advised to avoid this domain entirely and verify its safety status on PhishDestroy before any interaction. The remaining risk is moderate due to the domain’s active status and partial blocklist coverage, underscoring the need for continued monitoring and user vigilance. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 04:07:08 - Registrar: Global Domain Group LLC - IP: 104.21.89.168 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/punchmonkey.lol - PhishDestroy: https://phishdestroy.io/domain/punchmonkey.lol/ - LLM endpoint: https://phishdestroy.io/domain/punchmonkey.lol/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/punchmonkey.lol/ Last updated: 2026-04-05