# web3cta.com — SUSPICIOUS > PhishDestroy identifies web3cta.com as an active crypto wallet drainer scam. VT score 0/95, registered May 2025. Check the full report. ## Summary PhishDestroy identifies web3cta.com as an active cryptocurrency wallet drainer scam posing as a Web3 project giveaway site. The domain leverages urgency-driven messaging to trick users into connecting compromised wallets under the guise of claiming fake token rewards. No legitimate brand is being impersonated; instead, the site promotes itself as an exclusive launchpad for nonexistent tokens. This is a classic wallet-draining operation designed to extract private keys, seed phrases, or authorize malicious smart contract interactions. The landing page mimics professional crypto interfaces with animated countdown timers and fake social proof to increase credibility and pressure users into acting quickly. Domain analysis reveals critical technical indicators: the site was registered on May 05, 2025 through Gname.com Pte. Ltd., and resolves to IP 104.21.56.192. VirusTotal currently shows zero detections (0/95 engines), indicating it remains undetected by most scanning platforms despite active malicious behavior. The domain holds a valid SSL certificate issued by Google Trust Services, which may contribute to user trust. As of seed 44f7bf, the site has not yet been flagged by Google Safe Browsing (GSB) and has zero entries across major threat intelligence blocklists. This suggests a newly deployed or rapidly evolving campaign with low detection latency. The combination of recent registration, clean VT score, and absence from blocklists is consistent with emerging drainer campaigns that exploit short-lived domains to evade detection. This domain is considered ACTIVE and remains a HIGH RISK to cryptocurrency users. No takedown or blocklisting actions have been confirmed at this time. PhishDestroy recommends immediate blocking at the network level via DNS sinkholing or firewall rules targeting IP 104.21.56.192 and domain web3cta.com. Users should avoid visiting the site and treat any promotional links or social media ads referencing it as malicious. Wallet drainers often deliver fake NFTs or token approval requests that silently authorize transfers. If exposure occurred, users should revoke unauthorized smart contract approvals using tools like revoke.cash, transfer remaining assets to a new wallet, and rotate all credentials. Proactive monitoring of on-chain transaction approvals is strongly advised until the domain is globally blocked. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-05-05 21:01:02 - Registrar: Gname.com Pte. Ltd. - IP: 104.21.56.192 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/web3cta.com - PhishDestroy: https://phishdestroy.io/domain/web3cta.com/ - LLM endpoint: https://phishdestroy.io/domain/web3cta.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/web3cta.com/ Last updated: 2026-04-06