# PhishDestroy threat dossier — lemocas.com ================================================================ Fetched: 2026-07-12 18:40:00 UTC Canonical: https://phishdestroy.io/domain/lemocas.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Crypto Casino / Gambling ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 9/95 security vendors flagged this domain Flagging vendors: alphaMountain.ai, BitDefender, CRDF, CyRadar, Forcepoint ThreatSeeker, Fortinet, G-Data, Lionic, Sophos Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.96.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: Global Domain Group LLC Nameservers: mariah.ns.cloudflare.com, ryan.ns.cloudflare.com Registered: 2026-06-04 Expires: 2027-06-04 Page title: Lemocas | Decentralized Web3 Gambling Site with Provable Trust HTTP response: 404 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-04 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-12 18:09:34 UTC (by PhishDestroy tracker) Last verified: 2026-07-12 20:30:12 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5720-b576-7643-8ad8-1c51ea48ccf6/ Wayback Machine: https://web.archive.org/web/*/lemocas.com crt.sh CT logs: https://crt.sh/?q=%25.lemocas.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=lemocas.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/lemocas.com URLhaus: https://urlhaus.abuse.ch/host/lemocas.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-12 18:11:29 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] Analysis of the domain lemocas.com indicates it is currently active and associated with elevated risk for phishing activities. The domain is secured by an SSL certificate issued by Google Trust Services, which is commonly used to legitimize a range of online services. However, the presence of this certificate does not inherently guarantee safety, particularly given the context of the domain's use. The domain has been flagged by 9 out of 95 security vendors on VirusTotal, suggesting a significant level of concern among cybersecurity professionals about its potential maliciousness. This flagging indicates that a number of security solutions recognize lemocas.com as a potential threat, which should not be overlooked by users and network defenders alike. While the exact nature of the phishing tactics employed by lemocas.com is not specified, the current classification as a generic phishing threat highlights the need for caution. Defenders should consider that phishing threats often utilize methods such as creating replica sites or sending deceptive communications to obtain sensitive information from users. The evidence from VirusTotal should prompt users to exercise vigilance and cross-check the legitimacy of any interactions they may have with this domain. It remains uncertain whether the domain is actively engaging in phishing or has been temporarily flagged based on past behavior. Continuous monitoring of this domain's activities, as well as user reports, can provide further insights into any ongoing threats associated with it. In light of the current analysis, users are advised to refrain from engaging with lemocas.com and to report any suspicious communications to appropriate security personnel. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/lemocas.com/ JSON API: https://api.destroy.tools/v1/check?domain=lemocas.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 177,874 domains (49,621 alive under monitoring, 128,253 confirmed takedowns/dead). Site: https://phishdestroy.io