# doiweb3.org — SUSPICIOUS

> PhishDestroy identifies doiweb3.org as a credential theft scam detected by 4/95 VirusTotal scanners within days of creation on Sept 8, 2025.

## Summary
doiweb3.org is a live credential-theft site designed to trick visitors into entering their login details so criminals can hijack accounts. The page mimics a well-known service login form to harvest usernames and passwords without raising suspicion.  PhishDestroy flags this domain as dangerous because VirusTotal’s 4 of 95 security scanners already flagged it only days after it was created on September 8, 2025. The domain is registered through Gname.com Pte. Ltd. and resolved to IP 172.67.144.252 at the time of detection.  If you visited doiweb3.org, assume your credentials may have been recorded. Immediately change the passwords you entered on the site and enable two-factor authentication wherever possible. Scan your device with an up-to-date antivirus tool and review account logins for any unfamiliar activity. Report the domain to your security team or platform and avoid clicking any links or buttons on the page to prevent further compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-08 14:43:54
- Registrar: Gname.com Pte. Ltd.
- IP: 172.67.144.252

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cf0ed550-0da0-4d8c-86d6-29754e38c3e0
- PhishDestroy: https://phishdestroy.io/domain/doiweb3.org/
- LLM endpoint: https://phishdestroy.io/domain/doiweb3.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doiweb3.org/
Last updated: 2026-03-22