# www.amweqe.help — MALICIOUS > Domain amweqe.help is a crypto drainer scam flagged by 13/95 VirusTotal vendors. Avoid this high-risk site to protect your digital assets. ## Summary PhishDestroy identifies www.amweqe.help as a high-risk crypto drainer domain actively targeting cryptocurrency users. This site was flagged for social engineering tactics designed to trick victims into unknowingly authorizing cryptocurrency transfers to attacker-controlled wallets. The threat involves malicious JavaScript payloads that execute unauthorized blockchain transactions when users interact with the page, making it particularly dangerous for those managing digital assets. Given the domain's recent registration and aggressive blocking by multiple security vendors, immediate action is required to prevent financial loss. This domain was flagged by 13 of 95 VirusTotal security vendors, with Google Safe Browsing classifying it as SOCIAL_ENGINEERING. The site resolves to IP address 104.168.22.92 and is registered through Gname.com Pte. Ltd. The domain was created on October 15, 2025, and appears on one security blocklist while being blocked by InversionDNS. Despite using a Let's Encrypt SSL certificate, the domain's trustworthiness is critically low due to its recent creation and malicious intent. These technical indicators collectively confirm the domain's involvement in crypto drainer operations, a sophisticated form of cryptocurrency theft where victims unknowingly sign malicious transactions. To mitigate the risk posed by www.amweqe.help, users should immediately block the domain at their DNS level and avoid any interaction with the site. If you have already visited the domain, check your cryptocurrency wallet transactions for any unauthorized transfers and revoke any suspicious smart contract approvals using tools like revoke.cash. Organizations should update firewall rules to block traffic to 104.168.22.92 and distribute threat intelligence to employees. Always verify URLs before clicking, use hardware wallets for critical transactions, and enable multi-factor authentication on all cryptocurrency accounts to prevent unauthorized access. Report any suspicious activity to your security team or relevant cryptocurrency platform immediately. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-15 06:27:22 - Registrar: Gname.com Pte. Ltd. - IP: 104.168.22.92 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["InversionDNS"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/aaf6250d-2591-4935-a366-fea5e1564110 - PhishDestroy: https://phishdestroy.io/domain/www.amweqe.help/ - LLM endpoint: https://phishdestroy.io/domain/www.amweqe.help/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.amweqe.help/ Last updated: 2026-03-24