# PhishDestroy threat dossier — comex-mx.com
================================================================

Fetched:   2026-04-23 19:36:29 UTC
Canonical: https://phishdestroy.io/domain/comex-mx.com/

## VERDICT
----------------------------------------------------------------
CRITICAL THREAT — DO NOT VISIT
Composite threat score: 95/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      19/95 security vendors flagged this domain
  Flagging vendors: ADMINUSLabs, alphaMountain.ai, Bfore.Ai PreCrime, BitDefender, Cluster25, CRDF, CyRadar, ESET, Emsisoft, Forcepoint ThreatSeeker, Fortinet, G-Data, LevelBlue, Lionic, Netcraft, Seclookup, Sophos, VIPRE, Webroot
URLQuery:        2 detections

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      188.114.97.3 (CA, Toronto)
ASN:             AS13335 Cloudflare, Inc.
Hosting org:     CloudFlare, Inc.
Registrar:       Dynadot Inc
Nameservers:     amy.ns.cloudflare.com, bob.ns.cloudflare.com
Registered:      2026-01-22
Page title:      Crypto Mining
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / E7
Expires:    2026-07-16
Status:     INVALID chain
Fingerprint: 9efb6b0c80187aff962c2bb0dfe4abc9435be0b7f3c6d4dbb34041eaa324e5b7

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-01-22 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-04-23 18:58:24 UTC (by PhishDestroy tracker)
First reported:    2026-04-23 16:00:00 UTC (abuse notice filed)
Last verified:     2026-04-23 22:00:05 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019dbb0f-2501-70d3-a294-173975c51bba/
URLQuery:         https://urlquery.net/report/a4793fa9-2bda-4202-b478-f2a5f7d6bce7
Wayback Machine:  https://web.archive.org/web/*/comex-mx.com
crt.sh CT logs:   https://crt.sh/?q=%25.comex-mx.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=comex-mx.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/comex-mx.com
URLhaus:          https://urlhaus.abuse.ch/host/comex-mx.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-04-23 18:59:52 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

The domain comex-mx.com is currently classified as an active threat involved in credential harvesting phishing. This specific type of attack aims to steal users' login information by impersonating legitimate websites, potentially compromising sensitive data. No particular brand impersonation has been conclusively identified for this domain as of the latest analysis.

Detailed threat intelligence reveals that comex-mx.com is flagged by 19 out of 95 security vendors on VirusTotal, indicating a significant detection rate. The domain was registered on January 22, 2026, through the registrar Dynadot Inc and utilizes a Let's Encrypt SSL certificate to appear more trustworthy. It resolves to the IP address 188.114.97.3. Although comprehensive blocklist counts are not provided, the elevated risk level assigned to this domain underscores its malicious intent while trust scores remain decidedly low.

The domain remains active and should be treated with caution. It is strongly recommended that users avoid interacting with comex-mx.com or submitting any personal information. Organizations and users should implement domain-blocking measures and monitor for any suspicious activity associated with this IP address. Checking this domain against trusted threat intelligence sources before engagement is advised to mitigate potential credential compromise.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260423-9EB594
Favicon MD5:       26e7e4377dc6c86127855f95cea9a0ff
TLS cert SHA-256:      9efb6b0c80187aff962c2bb0dfe4abc9435be0b7f3c6d4dbb34041eaa324e5b7

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/comex-mx.com/
JSON API:          https://api.destroy.tools/v1/check?domain=comex-mx.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io