# google-dou-james5475.com — SUSPICIOUS

> Beware of google-dou-james5475.com, a crypto drainer impersonating Google. Flagged by 1/95 vendors, verify before clicking via PhishDestroy.

## Summary
PhishDestroy identifies google-dou-james5475.com as an active domain engaged in brand impersonation, specifically targeting Google to deceive users into connecting cryptocurrency wallets. This domain, registered on August 06, 2025, resolves to IP address 188.114.97.3 and leverages a fraudulent SSL certificate issued by Google Trust Services to enhance its credibility. The malicious infrastructure is hosted through GMO Internet, Inc., further complicating detection due to the legitimate-looking certificate.  This domain poses a significant risk as a crypto drainer, designed to siphon digital assets from unsuspecting victims. Intelligence indicates it has evaded detection by most security vendors, with only 1 out of 95 flagging it as malicious on VirusTotal. The domain’s recent creation date and the use of a spoofed SSL certificate suggest a deliberate effort to exploit trust in Google’s branding. Additionally, the infrastructure’s association with a reputable registrar like GMO Internet, Inc., underscores the sophistication of this campaign.  Users who have interacted with this domain should immediately disconnect any connected cryptocurrency wallets and revoke permissions through their wallet provider’s security settings. Conduct a full malware scan on all devices that accessed the site, as crypto drainers often deploy additional payloads. Report the domain to PhishDestroy and block the IP address 188.114.97.3 at the network perimeter to prevent further exploitation. Exercise heightened caution with domains mimicking Google, especially those with unusual subdomains or recent registration dates.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Google

## Domain Intelligence
- Registered: 2025-08-06 16:10:26
- Registrar: GMO Internet, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8f243231-03b6-49a3-a9a4-ceaaf2b7ca60
- PhishDestroy: https://phishdestroy.io/domain/google-dou-james5475.com/
- LLM endpoint: https://phishdestroy.io/domain/google-dou-james5475.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/google-dou-james5475.com/
Last updated: 2026-03-28