# hagiwex.com — MALICIOUS

> hagiwex.com was identified as a phishing site targeting users. Learn how this threat worked and what to do if you encountered it.

## Summary
PhishDestroy identifies hagiwex.com as a medium-risk phishing domain designed to deceive users into divulging sensitive information. Phishing sites like this pose significant dangers by impersonating legitimate services, ultimately aiming to harvest passwords, financial details, or personal data that can lead to identity theft or financial loss.

This phishing operation involved a fraudulent website hosted on IP 172.67.195.233, registered through Hello Internet Corp on February 22, 2026. The domain was flagged by multiple security vendors, indicating it was actively used in malicious campaigns. Typically, such domains mimic trusted brands or send deceptive emails to lure victims into clicking links that direct them to these counterfeit pages, where they are prompted to enter confidential information.

Since hagiwex.com is currently offline, direct exposure risk is mitigated. However, anyone who visited the site should immediately check for suspicious account activity, change passwords on any accounts potentially affected, and run a thorough malware scan on their devices. Remaining vigilant against unsolicited messages and verifying URLs before inputting personal data are critical steps to stay protected against evolving phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Hagiwex: Elon Musk’s Official Crypto Casino Powered by Blockchain

## Domain Intelligence
- Registered: 2026-03-02 17:00:01
- Registrar: Hello Internet Corp
- Country: US
- IP: 172.67.195.233
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ignacio.ns.cloudflare.com sima.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/Kjjyh75G/3bf82f504cfa.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f3f53336-6dc2-437a-8098-8ef4d3d0735b
- PhishDestroy: https://phishdestroy.io/domain/hagiwex.com/
- LLM endpoint: https://phishdestroy.io/domain/hagiwex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hagiwex.com/
Last updated: 2026-03-19