# adobe.appwrite.network — MALICIOUS

> Avoid adobe.appwrite.network due to high-risk brand impersonation. Domain offline; do not download files or enter data. Stay safe from phishing threats.

## Summary
PhishDestroy identifies adobe.appwrite.network as a high-risk brand impersonation domain targeting users seeking Excel and PDF download services. This domain was designed to deceive users by mimicking legitimate document download functionality, presenting a page titled "PDF ONLINE DOCUMENT" to lure victims into compromising their information.

Supporting evidence of its malicious intent includes a registration date of June 28, 2022, and registration through GoDaddy.com, LLC. The domain resolves to the IPv6 address 2a04:4e42:200::820 and has been flagged on two prominent security blocklists. Scamadviser assigns it a very low trust score of 1 out of 100, indicating untrustworthiness. Furthermore, VirusTotal analysis shows that 17 out of 95 security vendors detect threats associated with this domain, reinforcing its risky nature.

Currently, adobe.appwrite.network is taken offline, mitigating immediate risk to users. PhishDestroy recommends users avoid interacting with this domain or any related URLs and refrain from downloading files or submitting personal information. Organizations should update blocklists and educate users about the dangers of brand impersonation scams like this one. Continuous monitoring is advised in case the domain reappears or similar variants emerge.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Excel / PDF download
- Page title: PDF ONLINE DOCUMENT

## Domain Intelligence
- Registered: 2022-06-28 00:00:00
- Expires: 2027-06-28 00:00:00
- Registrar: GoDaddy.com, LLC
- Country: US
- IP: 2a04:4e42:200::820
- IP Org: Cloudflare CDN
- Nameservers: rosalyn.ns.cloudflare.com renan.ns.cloudflare.com
- SSL Issuer: Certainly / Certainly Intermediate R1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "CRDF", "CyRadar", "Ermes", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "Lionic", "Phishing Database", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ad9dc-9caf-7698-938a-15b6286ca633.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0d50ed18-a3e1-4d89-bbe0-eb5ab3e4217f
- Wayback Machine: https://web.archive.org/web/https://adobe.appwrite.network
- PhishDestroy: https://phishdestroy.io/domain/adobe.appwrite.network/
- LLM endpoint: https://phishdestroy.io/domain/adobe.appwrite.network/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/adobe.appwrite.network/
Last updated: 2026-03-19