# PhishDestroy threat dossier — doewex.com ================================================================ Fetched: 2026-07-12 18:40:00 UTC Canonical: https://phishdestroy.io/domain/doewex.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Crypto Casino / Gambling ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 11/95 security vendors flagged this domain Flagging vendors: alphaMountain.ai, BitDefender, CRDF, Emsisoft, Fortinet, G-Data, Kaspersky, Lionic, Netcraft, Sophos, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.67.216.157 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: Cloudflare, Inc. Registrar: Fewmoretaps OU d/b/a Trustname.com !!! REGISTRAR INTEGRITY ALERT — Trustname / Fewmoretaps OU !!! Trustname (IANA #4318) is a shell company declaring EUR 120 annual revenue, 1 employee, negative equity, Belarusian ownership. Explicitly advertises itself as 'bulletproof' in its DNS TXT records. Primary source: https://phishdestroy.io/trustname-bulletproof-exposed Nameservers: kelly.ns.cloudflare.com, ray.ns.cloudflare.com Registered: 2026-07-04 Expires: 2027-07-04 Page title: Doewex | Decentralized Web3 Gambling Site with Provable Trust HTTP response: 404 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-04 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-12 18:09:34 UTC (by PhishDestroy tracker) Last verified: 2026-07-12 20:30:12 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5720-b542-728e-90a2-38d97fda8a6a/ URLQuery: https://urlquery.net/report/f0584a78-bd7c-41a2-858e-2d3a8e4eff8e Wayback Machine: https://web.archive.org/web/*/doewex.com crt.sh CT logs: https://crt.sh/?q=%25.doewex.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=doewex.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/doewex.com URLhaus: https://urlhaus.abuse.ch/host/doewex.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-12 18:11:28 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain doewex.com is currently flagged as an elevated risk for phishing activities, with its status marked as active. Analysis indicates that the SSL certificate is provided by Google Trust Services, a recognized authority, which may lend a degree of legitimacy to the domain; however, the presence of this certificate does not guarantee safety. Threat intelligence gathered from VirusTotal reveals that 11 out of 95 security vendors have flagged this domain, which is a significant indicator of potential malicious intent. This level of consensus among security vendors raises concerns regarding the integrity and purpose of doewex.com. Despite the current threat classification, there remain uncertainties regarding the specifics of the phishing schemes associated with this domain. The data does not provide detailed intelligence about the nature of the content hosted on doewex.com or the specific tactics used in phishing attempts related to this domain. It is crucial for organizations to be vigilant and not solely rely on SSL certifications as a measure of trustworthiness. The elevated risk status necessitates further investigation into the domain's activities and any reported incidents involving phishing. Defenders are advised to implement monitoring measures for any communications or transactions involving doewex.com. Ensuring that employees are educated about phishing tactics and the potential for such threats is essential. Organizations should also consider blocking this domain at the network level to mitigate the risk of compromise. Continued vigilance and analysis will be necessary to fully understand and respond to the threats posed by this domain. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: 37c40b3a7287eeb1108ead5339b3da73 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/doewex.com/ JSON API: https://api.destroy.tools/v1/check?domain=doewex.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 177,874 domains (49,621 alive under monitoring, 128,253 confirmed takedowns/dead). Site: https://phishdestroy.io