# events-waronusd1.com — SUSPICIOUS

> events-waronusd1.com impersonates WarOnUSD1 in a brand impersonation scam. Resolves to IP 104.21.23.155 with 0/95 VirusTotal detections.

## Summary
events-waronusd1.com has been flagged by PhishDestroy for active brand impersonation targeting WarOnUSD1, as indicated by seed b98409. The domain is currently under investigation but remains active, raising immediate concerns for potential phishing campaigns exploiting WarOnUSD1’s reputation. This impersonation tactic is a common vector for credential theft, financial fraud, or malware distribution, leveraging the trust associated with the legitimate WarOnUSD1 brand to deceive users. While no drainer kit has been explicitly identified in this report, the domain’s infrastructure and naming convention suggest it is part of a coordinated effort to mislead visitors.  

This domain exhibits several suspicious technical indicators: it resolves to IP 104.21.23.155, was registered through Metaregistrar BV, and was created on March 26, 2026. VirusTotal currently flags the domain with 0/95 detections, indicating it has not yet been widely recognized as malicious by security vendors. Additionally, it utilizes a Let's Encrypt SSL certificate, which may be used to lend false legitimacy to the site. The domain has not been observed on Google Safe Browsing (GSB) lists or widely distributed blocklists, further highlighting the need for proactive monitoring and user caution. These characteristics suggest a recently deployed or low-sophistication threat actor, though the lack of detections does not guarantee safety.  

As of this report, events-waronusd1.com remains active and under investigation, with no confirmed takedown or remediation actions taken. Users are advised to avoid interacting with the domain entirely and to report any encounters to their security teams or through PhishDestroy’s reporting channels. The current risk level is marked as 'under_investigation,' meaning the threat potential is not yet fully assessed. However, given the domain’s clear impersonation of WarOnUSD1 and recent creation date, the risk of exposure to phishing or fraudulent activity is significant. Security researchers are encouraged to monitor this domain for changes in infrastructure or behavior, while everyday users should treat it as inherently untrustworthy until further notice.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: WarOnUSD1

## Domain Intelligence
- Registered: 2026-03-26 16:18:36
- Registrar: Metaregistrar BV
- IP: 104.21.23.155

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c5ba71c1-1038-49b7-9401-e22110379afb
- PhishDestroy: https://phishdestroy.io/domain/events-waronusd1.com/
- LLM endpoint: https://phishdestroy.io/domain/events-waronusd1.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/events-waronusd1.com/
Last updated: 2026-03-26