# PhishDestroy threat dossier — applicationreview.org ================================================================ Fetched: 2026-07-02 02:13:57 UTC Canonical: https://phishdestroy.io/domain/applicationreview.org/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 67/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: Kaspersky URLQuery: 2 detections AlienVault OTX: 1 pulses (threat-intel feed mentions) Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 207.189.11.170 (DE, Frankfurt am Main) ASN: AS931 Hyonix Hosting org: Krixe Pte. Ltd Registrar: NAMECHEAP INC Nameservers: aaron.ns.cloudflare.com, isabel.ns.cloudflare.com Registered: 2026-06-08 Expires: 2027-06-08 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: none Status: INVALID chain ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-08 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-30 19:49:49 UTC (by PhishDestroy tracker) First reported: 2026-06-30 21:36:43 UTC (abuse notice filed) Last verified: 2026-07-02 00:20:34 UTC Neutralised: 2026-07-01 00:02:08 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f19a5-8c77-7579-a6da-26b600e0616d/ URLQuery: https://urlquery.net/report/80d5150a-e904-4be3-b56d-6047cd705b5a Wayback Machine: https://web.archive.org/web/*/applicationreview.org crt.sh CT logs: https://crt.sh/?q=%25.applicationreview.org Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=applicationreview.org AlienVault OTX: https://otx.alienvault.com/indicator/domain/applicationreview.org URLhaus: https://urlhaus.abuse.ch/host/applicationreview.org/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-30 19:56:19 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged as high-risk due to credential theft activity. Analysis indicates the infrastructure is designed to harvest login credentials, payment details, or other sensitive user data through deceptive login portals or fake authentication forms. The threat actor likely employs social engineering tactics to trick victims into submitting credentials, which are then exfiltrated for unauthorized access or financial fraud. Infrastructure analysis reveals the domain applicationreview.org was registered on June 08, 2026, through NAMECHEAP INC. It currently resolves to the IP address 207.189.11.170. VirusTotal reports 1 out of 95 security vendors flagging the domain as malicious. AlienVault OTX lists the domain in one threat intelligence pulse, confirming its presence in active threat feeds. The domain remains operational, with no widespread blocklisting at this time, though its recent creation date and minimal detection rates suggest evasion techniques may be in use. Mitigation steps for credential theft threats include immediate blocking of the domain and its resolving IP (207.189.11.170) at the network perimeter. Organizations should deploy email and web filtering rules to prevent user access to applicationreview.org and monitor for internal connections to the associated IP. Endpoint protection should be configured to detect and alert on credential harvesting attempts, particularly those mimicking login pages. Security teams are advised to review authentication logs for unusual activity, such as repeated failed login attempts or access from unfamiliar geolocations. User awareness training should emphasize the risks of entering credentials on unverified sites, with specific examples of deceptive domains and phishing tactics. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260630-E6DB56 Favicon MD5: 3331e5575769071177ac18c603ee3c64 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/applicationreview.org/ JSON API: https://api.destroy.tools/v1/check?domain=applicationreview.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 173,583 domains (13,714 alive under monitoring, 159,163 confirmed takedowns/dead). Site: https://phishdestroy.io