# dofus-retro-com.fr — SUSPICIOUS

> PhishDestroy identifies dofus-retro-com.fr as a brand impersonation phishing site mimicking Dofus, flagged by 0/95 VirusTotal engines.

## Summary
PhishDestroy identifies dofus-retro-com.fr as a brand impersonation phishing site currently impersonating the MMORPG Dofus's retro version to harvest credentials and potentially drain cryptocurrency wallets. The domain leverages the trusted name of a popular gaming franchise to trick users into disclosing login details or connecting crypto wallets under the guise of in-game benefits or account recovery. This tactic is commonly deployed by threat actors to monetize compromised accounts or siphon funds directly from victim wallets via malicious smart contract interactions.  The domain resolves to IP address 176.123.0.55 and was registered through Hosting Concepts B.V. d/b/a Openprovider on February 21, 2026. VirusTotal currently shows 0 detections out of 95 engines, indicating it remains undetected by mainstream security platforms. The site utilizes a Let's Encrypt SSL certificate to establish a facade of legitimacy. As of this assessment, the domain has not been flagged by Google Safe Browsing (GSB) and remains unblocked by public threat intelligence platforms.  As of the investigation date, dofus-retro-com.fr remains active and unblocked. Users are strongly advised to refrain from interacting with the domain, avoid entering any credentials, and verify any unexpected links through official Dofus communication channels. The risk level remains classified as under investigation due to limited detection coverage, highlighting the need for heightened user caution and immediate reporting to security teams or browser vendors. Remaining risk includes credential compromise and potential cryptocurrency theft, though no drainer kit fingerprints have been confirmed at this stage.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-21 02:57:35
- Registrar: Hosting Concepts B.V. d/b/a Openprovider
- IP: 176.123.0.55

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a8f878f6-5a11-4cfb-8460-7c6fec9d9cc6
- PhishDestroy: https://phishdestroy.io/domain/dofus-retro-com.fr/
- LLM endpoint: https://phishdestroy.io/domain/dofus-retro-com.fr/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dofus-retro-com.fr/
Last updated: 2026-03-21