# ruwahotekoff.digital — MALICIOUS

> ruwahotekoff.digital is linked to phishing activity and currently offline. Avoid interaction and ensure your data stays secure by steering clear of this site.

## Summary
PhishDestroy identifies ruwahotekoff.digital as a high-risk phishing domain designed to deceive users, potentially leading to credential theft or financial loss. Such threats remain significant as they exploit user trust to compromise sensitive information.

This domain, registered in September 2025 via PDR Ltd. d/b/a PublicDomainRegistry.com, was associated with the page title 'TwisProfit' and flagged by 19 out of 95 security vendors on VirusTotal. It appeared on two security blocklists and was detected in two AlienVault OTX threat pulses. The domain resolved to IP 104.21.95.229 but has since been taken offline, limiting its current threat activity.

Users are advised to avoid visiting ruwahotekoff.digital or interacting with any communications referencing it. Always verify URLs carefully and employ updated security software to protect against phishing attempts. If you encounter suspicious links or messages, report them to your IT department or a trusted cybersecurity resource immediately.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: TwisProfit

## Domain Intelligence
- Registered: 2025-09-18 10:45:17
- Expires: 2026-09-18 00:00:00
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.95.229
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["bowen.ns.cloudflare.com", "fiona.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Cluster25", "CyRadar", "DNS8", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bead0-0d59-772d-8a15-cc96103ad8ef.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c9a5a0c0-92e8-4f77-9bd5-98938fe10b56
- Wayback Machine: https://web.archive.org/web/https://ruwahotekoff.digital
- PhishDestroy: https://phishdestroy.io/domain/ruwahotekoff.digital/
- LLM endpoint: https://phishdestroy.io/domain/ruwahotekoff.digital/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ruwahotekoff.digital/
Last updated: 2026-03-19