# PhishDestroy threat dossier — typerdex.ai ================================================================ Fetched: 2026-05-15 20:26:26 UTC Canonical: https://phishdestroy.io/domain/typerdex.ai/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 40/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 5/95 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, CyRadar, Fortinet, Webroot ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 66.29.141.37 (US, Los Angeles) ASN: AS22612 Namecheap, Inc. Hosting org: Namecheap, Inc. Registrar: NAMECHEAP INC Nameservers: dns1.namecheaphosting.com, dns2.namecheaphosting.com Registered: 2024-09-22 HTTP response: 200 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2024-09-22 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-15 20:42:37 UTC (by PhishDestroy tracker) Last verified: 2026-05-15 22:12:08 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019e2cba-30b7-7619-aba8-5548317a2a3d/ Wayback Machine: https://web.archive.org/web/*/typerdex.ai crt.sh CT logs: https://crt.sh/?q=%25.typerdex.ai Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=typerdex.ai AlienVault OTX: https://otx.alienvault.com/indicator/domain/typerdex.ai URLhaus: https://urlhaus.abuse.ch/host/typerdex.ai/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-15 20:43:21 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] typerdex.ai poses an elevated risk as a crypto drainer impersonating typing tools, flagged by PhishDestroy as an active threat vector. This domain leverages deceptive branding to trick users into connecting crypto wallets, enabling unauthorized fund transfers. The site’s malicious intent is corroborated by its detection rate on VirusTotal and association with known phishing infrastructure. Users should treat this domain with extreme caution and verify any typing-related tools through official sources before interaction. PhishDestroy identifies typerdex.ai as a high-risk crypto drainer with the following technical indicators: registered through Namecheap Inc. on September 22, 2024; resolves to IP 66.29.141.37; secured with a Sectigo Limited SSL certificate. VirusTotal flags this domain with 5/95 security vendor detections, indicating partial but incomplete coverage by threat intelligence systems. The domain’s recent creation date and hosting on a shared IP address with minimal trust signals further elevate its risk profile. No known blocklists were detected at the time of analysis, but the low detection rate suggests it may evade some automated defenses. Mitigation for this crypto drainer threat requires immediate action: avoid visiting typerdex.ai or interacting with its content, especially wallet connection prompts. If you’ve already connected a wallet, revoke permissions via your wallet’s settings and transfer funds to a secure address. Report the domain to your antivirus provider and platforms like VirusTotal to aid in broader detection. Use hardware wallets or offline signing for transactions to minimize exposure. Stay vigilant for similar deceptive domains and verify tools through official channels before use. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/typerdex.ai/ JSON API: https://api.destroy.tools/v1/check?domain=typerdex.ai Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 149,977 domains (30,659 alive under monitoring, 118,518 confirmed takedowns/dead). Site: https://phishdestroy.io