# PhishDestroy threat dossier — abegibarta.com ================================================================ Fetched: 2026-07-13 09:35:01 UTC Canonical: https://phishdestroy.io/domain/abegibarta.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Credential Phishing ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 6/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Cluster25, CRDF, Fortinet, Gridinsoft, SOCRadar URLQuery: 3 detections Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 5.196.22.97 (FR, Roubaix) ASN: AS16276 OVH SAS Hosting org: OVH Registrar: NAMECHEAP INC Nameservers: asa.ns.cloudflare.com, cosmin.ns.cloudflare.com Registered: 2021-08-02 Expires: 2026-08-02 Page title: Abegibarta URL shortener HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YE2 Expires: 2026-09-30 Status: INVALID chain Fingerprint: 9914cb48bb4f3b50f36d3d879be93967b9119fea144a0b9c7f7862af5d4154f7 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2021-08-02 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-11 14:15:02 UTC (by PhishDestroy tracker) First reported: 2026-07-12 17:05:48 UTC (abuse notice filed) Last verified: 2026-07-13 08:20:41 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5118-c82f-74ba-90a5-f9f0691f52d1/ URLQuery: https://urlquery.net/report/6c9c1fb7-afc7-42db-a028-5b8b8f7e7063 Wayback Machine: https://web.archive.org/web/*/abegibarta.com crt.sh CT logs: https://crt.sh/?q=%25.abegibarta.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=abegibarta.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/abegibarta.com URLhaus: https://urlhaus.abuse.ch/host/abegibarta.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-11 14:45:53 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, abegibarta.com, is actively engaged in credential harvesting phishing operations. Visitors to this site may encounter fraudulent login pages designed to mimic legitimate services, tricking users into entering sensitive information such as usernames, passwords, or financial details. The stolen credentials are typically used for unauthorized account access, identity theft, or further malicious activities, posing significant risks to individuals and organizations alike. Analysis indicates that abegibarta.com was registered on August 02, 2021, through NAMECHEAP INC. The domain currently resolves to the IP address 5.196.22.97 and uses a Let's Encrypt SSL certificate, which may lend a false sense of legitimacy. As of the latest assessment, 3 out of 95 security vendors on VirusTotal have flagged this domain as malicious, confirming its involvement in phishing infrastructure. The domain remains active, suggesting ongoing or recent malicious activity. If you or someone in your organization has visited abegibarta.com or entered any information on the site, immediate action is required. First, change passwords for any accounts that may have been exposed, prioritizing email, banking, and other high-value services. Enable multi-factor authentication wherever possible to add an extra layer of security. Monitor accounts for unusual activity, such as unauthorized logins or transactions, and report any suspicious behavior to the relevant service providers. Additionally, scan devices used to access the site for malware or unwanted software, as phishing pages may also distribute malicious payloads. Finally, consider reporting the domain to anti-phishing organizations or your internal security team to help prevent further exploitation. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260712-427B6B Favicon MD5: bbb398f1a44d5bddb9bf3ef50133cba4 TLS cert SHA-256: 9914cb48bb4f3b50f36d3d879be93967b9119fea144a0b9c7f7862af5d4154f7 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/abegibarta.com/ JSON API: https://api.destroy.tools/v1/check?domain=abegibarta.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,033 domains (49,760 alive under monitoring, 128,273 confirmed takedowns/dead). Site: https://phishdestroy.io