# belowex.com — SUSPICIOUS

> BELOWEX.com, a low-risk gambling impersonation domain, is offline after minimal security flags and limited threat activity detected.

## Summary
PhishDestroy assesses belowex.com as a low-risk brand impersonation threat targeting the generic gambling sector. Although the domain presented itself as an online casino leveraging blockchain technology, its current offline status significantly reduces immediate danger to users. The risk level remains low due to limited active threat indicators and no ongoing phishing campaigns detected at this time.

The domain was created recently in August 2025 and registered through Key-Systems GmbH. Despite resolving to a non-routable IP address (198.18.0.77) and being taken offline, belowex.com was flagged by 2 out of 95 VirusTotal security vendors and appeared once in AlienVault OTX threat pulses. The presence on a single security blocklist further supports a minimal threat posture. However, the impersonation of a generic gambling brand and domain registration characteristics indicate some potential for misuse if reactivated.

Mitigation efforts should focus on continued monitoring of domain status and related infrastructure for any signs of return or escalation. End users are advised to avoid interaction with the domain given its prior use in brand impersonation, and network defenders should maintain existing blocklists. Given the domain’s offline state and low threat signals, it does not currently pose a significant security risk but warrants attention should conditions change.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: BELOWEX | Play at the best online casino based on Blockchain

## Domain Intelligence
- Registered: 2025-08-04 00:29:32
- Expires: 2026-08-04 00:29:32
- Registrar: Key-Systems GmbH
- Country: DE
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lilith.ns.cloudflare.com quincy.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["alphaMountain.ai", "Fortinet"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a410d-666f-77e0-9a0c-57ccc37059e1.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c5c62ffb-c417-478a-8e9c-10ef9e4cdcb1
- PhishDestroy: https://phishdestroy.io/domain/belowex.com/
- LLM endpoint: https://phishdestroy.io/domain/belowex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/belowex.com/
Last updated: 2026-03-19