# casiwin-gunceladres.vip — SUSPICIOUS

> PhishDestroy flags casiwin-gunceladres.vip as a live credential-harvesting domain. This Let's Encrypt site (IP 188.114.96.

## Summary
PhishDestroy identifies casiwin-gunceladres.vip as an active credential-harvesting domain designed to mimic a legitimate login portal and steal user credentials.

Technical indicators confirm this domain resolves to IP 188.114.96.3, was registered through Dynadot Inc on 2026-03-05, and currently carries a VirusTotal score of 0/95 detections. The site operates under a Let’s Encrypt SSL certificate, which may help it evade initial suspicion.

This domain is currently active and under investigation. Users are advised to avoid interaction and verify any suspicious links using PhishDestroy. While current detection rates are low, the risk of evolving malicious activity remains and further monitoring is ongoing.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-05 14:21:33
- Registrar: Dynadot Inc
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2b37172b-64ce-4ff0-b6c0-906d61ff26ac
- PhishDestroy: https://phishdestroy.io/domain/casiwin-gunceladres.vip/
- LLM endpoint: https://phishdestroy.io/domain/casiwin-gunceladres.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/casiwin-gunceladres.vip/
Last updated: 2026-03-20