# dotybuff.com — SUSPICIOUS > Exercise caution with dotybuff.com, a newly created domain linked to possible phishing activity. Avoid interaction until investigation concludes. ## Summary PhishDestroy has identified dotybuff.com as a domain exhibiting characteristics consistent with generic phishing schemes. Although no explicit malicious payloads have been detected, the domain’s recent registration and suspicious context warrant close monitoring. The risk classification remains under investigation as part of ongoing threat intelligence efforts. Technically, dotybuff.com is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to the IP address 104.21.55.167. The domain was created recently on July 16, 2025, which often correlates with phishing campaigns that rely on fresh domains to evade detection. Despite its presence, VirusTotal scans currently show zero detections across 95 security engines, indicating no immediate confirmation of malicious content at this time. However, the domain’s infrastructure and registration details raise alerts requiring further scrutiny. At present, dotybuff.com remains active and under investigation. Users and security teams should exercise heightened caution when encountering this domain to prevent potential exposure to phishing attempts. It is advised to block access pending further analysis and to report any suspicious activity linked to dotybuff.com to relevant cybersecurity authorities. Continued observation and data collection are essential to confirm its threat profile and to implement appropriate defensive measures. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP 200) - Page title: Удобный автоматизированный сервис для анализа персонажей, статистики и обучения в компьютерных играх ## Domain Intelligence - Registered: 2025-07-16 21:34:10 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - Country: HK - IP: 104.21.55.167 - IP Country: US - IP City: San Francisco - IP Org: AS13335 Cloudflare, Inc. - Nameservers: jihoon.ns.cloudflare.com thea.ns.cloudflare.com - SSL Issuer: Google Trust Services / WE1 ## Detection Status - VirusTotal: 2 vendors flagged Vendors: [] - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["PhishDestroy"] ## Live Page Content ### Page Text Attention Required! | Cloudflare Please enable cookies. Sorry, you have been blocked You are unable to access dotybuff.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. What can I do to resolve this? You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page. Cloudflare Ray ID: 9dc8f501d9503ee7 • Your IP: Click to reveal 104.28.164.166 • Performance & security by Cloudflare ### External Links - https://www.cloudflare.com/5xx-error-landing ## Evidence - Screenshot: https://i.ibb.co/TMrrLK4K/3a47a63466bf.png - Cloudflare Radar: https://radar.cloudflare.com/scan/ff3d1acb-fb7c-4d6e-85dc-b959b8ad27ec - PhishDestroy: https://phishdestroy.io/domain/dotybuff.com/ - LLM endpoint: https://phishdestroy.io/domain/dotybuff.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dotybuff.com/ Last updated: 2026-03-15