# PhishDestroy threat dossier — rollspins.com ================================================================ Fetched: 2026-05-05 09:20:35 UTC Canonical: https://phishdestroy.io/domain/rollspins.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 97/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Crypto Casino / Gambling ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 5/95 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, CyRadar, Fortinet, Seclookup URLQuery: 2 detections ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.97.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: casey.ns.cloudflare.com, priscilla.ns.cloudflare.com Registered: 2025-10-11 Page title: Rollspins: Most Popular Online Crypto Casino Based on Blockchain HTTP response: 404 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-06-25 Status: INVALID chain Fingerprint: dd1f828363ee8da0c697ced6864cadad5abc9bc7167a29c1a6b511047d45d52f ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2025-10-11 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-05 06:37:10 UTC (by PhishDestroy tracker) First reported: 2026-05-05 03:46:49 UTC (abuse notice filed) Last verified: 2026-05-05 09:45:20 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019df633-e522-761e-85be-8518ea82070b/ URLQuery: https://urlquery.net/report/38b08d00-588a-46ad-bb1b-47731231f6e9 Wayback Machine: https://web.archive.org/web/*/rollspins.com crt.sh CT logs: https://crt.sh/?q=%25.rollspins.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=rollspins.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/rollspins.com URLhaus: https://urlhaus.abuse.ch/host/rollspins.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-05 06:38:33 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] rollspins.com has been identified as an active fake rewards lottery phishing domain targeting unsuspecting users with deceptive prize claims. The domain employs a rewards-themed lure to trick victims into entering sensitive information under the guise of claiming non-existent prizes. No specific brand or drainer kit has been directly associated with this domain in current threat intelligence feeds, suggesting a generic but highly targeted social engineering campaign designed to harvest credentials or financial data. The timing of the domain registration (October 11, 2025) aligns with recent spikes in fake reward scams, indicating a likely opportunistic or newly launched operation. Further behavioral analysis is recommended to assess the full scope of the campaign. This domain exhibits multiple indicators of malicious intent as confirmed by security vendor analysis. PhishDestroy identifies that rollspins.com resolves to IP address 188.114.97.3 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain is secured with a Google Trust Services SSL certificate, which is commonly abused in phishing campaigns to lend false legitimacy. According to VirusTotal, 5 out of 95 security vendors have flagged this domain as malicious, reflecting moderate but not universal detection. The domain was created on October 11, 2025, indicating a very recent registration likely intended to evade historical blocklists. Despite the SSL certificate, the domain remains untrusted in Google Safe Browsing (GSB) systems and has not yet accumulated a high blocklist count, suggesting it may be in the early stages of deployment across wider attack vectors. As of the latest assessment, rollspins.com is classified as active and poses an elevated risk to users engaging with its content. Immediate actions include blocking the domain at the network and endpoint levels using updated threat intelligence feeds. Users are strongly advised to avoid interacting with this domain or any associated links, as the fake rewards lottery lure is designed to deceive even cautious individuals. While current detection coverage is partial, the combination of a newly registered domain, SSL certificate presence, and partial VirusTotal detections suggests ongoing malicious activity. The remaining risk is elevated due to the domain's active status and potential for rapid expansion in phishing distribution. Regular monitoring and signature updates are essential to prevent successful exploitation by threat actors operating this campaign. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260505-E02B8C Favicon MD5: ab57d0426e52b52d8125358097996888 TLS cert SHA-256: dd1f828363ee8da0c697ced6864cadad5abc9bc7167a29c1a6b511047d45d52f ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/rollspins.com/ JSON API: https://api.destroy.tools/v1/check?domain=rollspins.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 145,910 domains (63,727 alive under monitoring, 81,920 confirmed takedowns/dead). Site: https://phishdestroy.io