MalwareTips
Security Review

Is writehis.living legit or a scam?

Our verdict:Dangerous· 8/100

A malicious 9-day-old domain impersonating Lowe's to distribute phishing emails about fake tool giveaways and expiring points.

Top reasons
Domain is only 9 days old.Confirmed impersonation of the Lowe's brand.Flagged as spam by Fortinet, Sophos, and alphaMountain.ai.
writehis.livingScanned 3h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 15·MT 5
Category tags
phishingspam#phishing#clone site#data harvester95% MT confidence
Positive signals (1)
Not on major blacklists

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
9 days old
Registered Jun 9, 2026
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Brand impersonation — not the real site

Domain was registered only 9 days ago — brand-new sites are higher-risk by default. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Website Preview

Screenshot of writehis.living
LIVE RENDER
writehis.living

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust5/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain was registered just 9 days ago and is already being used as a sender for deceptive emails. Our analysis confirms it is a clone of the Lowe's brand, specifically targeting customers with fake 'MyLowe's Plus' alerts. Multiple security engines, including Fortinet and Sophos, have flagged the domain for spam and malicious activity. The site lacks any business registration or legitimate web presence, which is a hallmark of a temporary phishing infrastructure. It is part of a wider network of similar domains used to harvest personal data through fake rewards.
Full dossier
Analysis complete

Page Content

The domain does not host a functional public website and currently returns server errors, which is typical for domains used exclusively as backends for email phishing campaigns. It is designed to impersonate Lowe's branding in email headers to trick recipients into clicking malicious links.

Infrastructure

The site is hosted on an IP address with a history of abuse reports. It lacks an SSL certificate, meaning any data entered would be unencrypted and easily intercepted. The technical fingerprint matches known kits used to clone major retail brands.

Domain History

Registered through GoDaddy on June 2026, the domain is less than two weeks old. This rapid deployment for high-volume email campaigns is a classic indicator of a 'burnable' phishing domain intended to be used and discarded before blocklists catch up.

Web Reputation

The domain has a negative reputation across our security partners. It has been caught in public spam traps posing as 'MyLowe's Plus' and offering fake Kobalt tool sets to lure victims into providing their credentials or payment information.
Risk Factors
6
  • Domain is only 9 days old.
  • Confirmed impersonation of the Lowe's brand.
  • Flagged as spam by Fortinet, Sophos, and alphaMountain.ai.
  • Used as a sender for phishing emails found in public spam traps.
  • No valid SSL certificate or business registration found.
  • Linked to a known network of retail-themed scam domains.
AI Recommendation
Do not interact with any emails sent from this domain. Mark messages from 'writehis.living' as spam and do not click any links contained within them.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for writehis.living, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
9 days
Registered Jun 2026
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones lowes.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports
Key findings
7 headline facts from open-web research
  • Domain writehis.living registered approximately 9 days ago (around early June 2026).
  • Used as From: address (mylowesplus@writehis.living) in multiple spam/phishing emails impersonating Lowe's, claiming expiring MyLowe's points or offering a Kobalt 100-piece tool set.
  • These emails appear in public temporary/disposable email inboxes on sites like podam.pl, wegwerfemailadresse.com, and adresseemailtemporaire.com, captured in June 2026.
  • No website content accessible (browse returned 503 error); no legitimate business presence, reviews, or mentions outside spam contexts.
  • Similar patterns use other .living subdomains (e.g., acceptedtalented.living, houstonsigned.living) for fake Lowe's, Walmart, FedEx, and other brand alerts.
  • No official Lowe's association; aligns with known phishing campaigns urging urgency to click links (not shown in snippets).
  • No WHOIS details, business records, or positive mentions found.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • Temporary email inboxes (podam.pl, wegwerfemailadresse.com)open

    "MyLowes Plus <mylowesplus@writehis.living> MyLowe's point balance: expiring today, act now."

  • Temporary email inboxes (podam.pl, wegwerfemailadresse.com)open

    "mylowesplus@writehis.living ... A K0BALT 1OO-piece tool set from Lowe's, just 3OO left."

Impersonation / typosquat
Clone of lowes.com

Domain used exclusively as sender for spoofed Lowe's/MyLowe's phishing/spam emails about expiring points and tool offers, a common scam tactic.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
We identified multiple instances of this domain being used in phishing campaigns. Emails from 'mylowesplus@writehis.living' have been captured in temporary inbox services, using high-pressure tactics like 'act now' and 'just 300 left' to deceive users. There is no evidence of a legal business entity associated with this address.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

High correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of lowes.com.
  • Domain is only 9 days old and already carries multiple network-level red flags.
Linked signals (1)
Clone of lowes.com

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

0Malicious3Suspicious55Harmless92Engines
0
of 92
alphaMountain.ai
Suspicious· spam
Fortinet
Suspicious· spam
Sophos
Suspicious· spam

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age9 days old
RegistrarGoDaddy
RegisteredJun 9, 2026
ExpiresJun 9, 2027
Owner privacyVisible
Hosting & Technology
HostingElectronic Transaction Consultants Corporation
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score45%
Reports on file9
ISPElectronic Transaction Consultants Corporation
Usage typeUnknown

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
30/100
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with writehis.living

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
ListedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags writehis.living as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — writehis.living scored 8/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • writehis.living is 9 days old, registered on 6/9/2026 through GoDaddy. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged writehis.living as malicious or suspicious. Even one detection is a meaningful signal.
  • No. writehis.living is not currently listed on the major browser blocklist feeds that modern browsers use.
  • writehis.living resolves to an IP operated by Electronic Transaction Consultants Corporation in US. Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 19, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around writehis.living have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·writehis.living
DANGEROUS

This domain is a malicious impersonation of Lowe's used to send phishing emails. It was registered only 9 days ago and has no legitimate business purpose. Do not click links or provide information to emails from this address.

Do not interact with any emails sent from this domain. Mark messages from 'writehis.living' as spam and do not click any links contained within them.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
excelplumbingandheating.co.uk
48m ago
Read the review
Dangeroustrust1
robloxatcsim.eu
48m ago
Read the review
Dangeroustrust13
node8525qa.uruvita.com
2h ago
Read the review
Dangeroustrust12
thepcgames.net
2h ago
Read the review
Dangeroustrust1
steamsunlocked.com
3h ago
Read the review
Dangeroustrust25
tomomob.com
3h ago
Read the review
Dangeroustrust1
games1122.com
3h ago
Read the review
Dangeroustrust39
hdtodayla.com
3h ago
Read the review
Dangeroustrust41
projectfreetv.sx
3h ago
Read the review
Dangeroustrust1
lskannsserv.beer
4h ago
Read the review
Dangeroustrust8
etherfi-wc26.com
4h ago
Read the review
Dangeroustrust17
myartes.com
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.