Phishings targeting ChatGPT

Suspicious and active websites

Phishings targeting Chatgpt

Suspicious and active websites

Active

New (7d)

Trend (7d)

—

Website: chatgpt.com
About: AIOpenAI's flagship chatbot. Phishing typically harvests credentials to resell ChatGPT Plus / Team subscriptions, hijack API keys tied to billing, or pivot into OAuth-connected SaaS apps via 'Sign in with OpenAI'.
Hosts: Tencent Building, Kejizhongyi Avenue (1) · Cloudflare, Inc. (1)
Countries: United States (1) · Hong Kong (1)
TLS certs: Let's Encrypt (1) · Google Trust Services (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Screenshot	Flags	Details
2026-05-31 19:30	2026-05-31 03:57	https://openai-coin.com		urlscan	Details
2026-05-31 19:30	2026-05-21 13:03	https://chatgptenespanolgratis.com		urlscan	Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
https://openai-coin.com urlscan		Details
https://chatgptenespanolgrati… urlscan		Details

Legitimate ChatGPT URLs always end in chatgpt.com (e.g. www.chatgpt.com, account.chatgpt.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not ChatGPT.
The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
If you got the link from email, SMS, or social media, do not click it. Open chatgpt.com from your browser bookmark or type the domain manually.
Real ChatGPT pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.