# dnswel.cc — SUSPICIOUS

> dnswel.cc is linked to credential harvesting phishing targeting users. Flagged by 3 of 95 VirusTotal vendors. Check the full report.

## Summary
The domain dnswel.cc is currently active and involved in a credential harvesting phishing campaign. It masquerades to capture sensitive login information, posing an elevated risk to users who may interact with it. There is no specific brand impersonation identified at this time, but the threat centers on deceiving users into submitting credentials through fraudulent means.

This domain was created on March 25, 2026, and is registered through Global Domain Group LLC. It resolves to the IP address 188.114.97.3 and uses an SSL certificate issued by Let's Encrypt, which may lend a false sense of security to victims. According to VirusTotal, 3 out of 95 security vendors have flagged dnswel.cc as malicious. The domain's presence on relevant blocklists is currently noted as elevated, further underscoring the domain's threat potential. These technical indicators collectively contribute to its low trust score.

Given the active status and elevated risk level of dnswel.cc, users and organizations should proactively block access to this domain at network perimeters. End users should be advised to avoid clicking links or submitting credentials on unfamiliar sites, especially those not verified as legitimate. Continuous monitoring of related IP activity and updating security filters with this domain information will help mitigate potential compromise from this credential harvesting scheme.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-25 09:20:10
- Registrar: Global Domain Group LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/85c4314b-5f63-4ecc-a8a7-dc262b968d53
- PhishDestroy: https://phishdestroy.io/domain/dnswel.cc/
- LLM endpoint: https://phishdestroy.io/domain/dnswel.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dnswel.cc/
Last updated: 2026-03-29