# doebex.com — SUSPICIOUS

> Beware doebex.com – a crypto-draining credential theft site linked to a March 2026 domain, currently undetected by VirusTotal (0/95). Block now.

## Summary
PhishDestroy identifies doebex.com as an active site suspected of hosting a generic credential theft operation, currently under investigation for potential cryptocurrency drainer activity. This domain resolves to IP 172.67.192.188 and was registered on March 19, 2026 through GMO Internet, Inc., using a Let's Encrypt SSL certificate to appear legitimate. Despite zero detections on VirusTotal as of the latest scan, the domain’s recent creation and infrastructure choices suggest it is being actively weaponized, though its full operational scope remains unconfirmed.  This domain poses a clear risk of credential theft, where attackers trick visitors into entering sensitive login details that are immediately harvested for fraudulent access or cryptocurrency transfers. The use of a newly registered domain and shared hosting infrastructure is a common tactic to evade detection systems, especially when combined with free SSL certificates to mimic trustworthy services. While the current VirusTotal score shows no antivirus flags, this often changes rapidly as threat intelligence improves, and the lack of detections should not be interpreted as safety.  If you have visited doebex.com, immediately change any passwords entered on the site and review financial accounts for unauthorized transactions. Scan your device with updated antivirus software and consider revoking any session tokens or API keys exposed during the visit. Report the domain to your security team or phishing response platforms and monitor for unusual login attempts. Avoid interacting with this domain entirely until further analysis confirms its safety.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 15:11:26
- Registrar: GMO Internet, Inc.
- IP: 172.67.192.188

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/doebex.com
- PhishDestroy: https://phishdestroy.io/domain/doebex.com/
- LLM endpoint: https://phishdestroy.io/domain/doebex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doebex.com/
Last updated: 2026-04-04