# PhishDestroy threat dossier — apps36-facebook.blogspot.com ================================================================ Fetched: 2026-07-15 07:31:47 UTC Canonical: https://phishdestroy.io/domain/apps36-facebook.blogspot.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 73/100 (PhishDestroy scoring — see methodology below) Targeted brand: Facebook ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 15/91 security vendors flagged this domain Flagging vendors: Criminal IP, alphaMountain.ai, BitDefender, Emsisoft, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, LevelBlue, Lionic, Netcraft, Sophos, VIPRE, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 142.251.222.1 (DE, Frankfurt am Main) ASN: ASAS15169 GOOGLE - Google LLC, US Hosting org: AS15169 Google LLC Registrar: Google Blogger Nameservers: NS_NOT_FOUND Page title: Apps36 Facebook HTTP response: 404 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- First detected: 2026-07-11 14:08:41 UTC (by PhishDestroy tracker) Last verified: 2026-07-15 08:20:42 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5113-a4bf-7408-8edd-f185fa0ad346/ Wayback Machine: https://web.archive.org/web/*/apps36-facebook.blogspot.com crt.sh CT logs: https://crt.sh/?q=%25.apps36-facebook.blogspot.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=apps36-facebook.blogspot.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/apps36-facebook.blogspot.com URLhaus: https://urlhaus.abuse.ch/host/apps36-facebook.blogspot.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-11 14:45:10 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, apps36-facebook.blogspot.com, is a high-risk brand impersonation threat currently active and targeting Facebook. This domain is specifically configured to mimic Facebook-branded services, posing a direct risk to users who may be tricked into providing credentials or personal information. The threat type is brand impersonation, and the current status remains active, indicating ongoing potential for harm. Technical indicators reveal the domain is flagged by 9 of 95 VirusTotal vendors, confirming malicious associations. It resolves to IP address 142.251.14.132, is registered through Google Blogger, and employs an SSL certificate issued by Google Trust Services. The exact creation date is not provided in available intelligence, but the domain's active presence and registration through a free blogging platform (Blogger) suggest a low barrier for threat actor setup. The detection rate of 9 out of 95 vendors indicates a moderate level of suspicion, though the high-risk classification stems from the brand impersonation of a widely trusted platform like Facebook. No blocklist counts are provided, but the active status and vendor flags warrant immediate attention. Risk assessment classifies this domain as high-risk due to its active impersonation of Facebook, a trusted brand with billions of users. Users interacting with this domain face credential theft, account compromise, and potential financial fraud. Analysis indicates this domain is part of a larger phishing campaign leveraging legitimate infrastructure (Google Blogger) to evade detection. Actionable recommendations include blocking access to apps36-facebook.blogspot.com at network and email gateways, issuing user alerts about Facebook phishing attempts via free blog hosting services, and reporting the domain to Google’s abuse team for takedown. Users should be advised to verify URLs carefully and avoid entering sensitive data on any non-official Facebook domains. [Updates since narrative was generated:] - Public blocklists: now listed on 1 feed ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: d7fc1da3f0d85bd1777c84d42b1db20b ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/apps36-facebook.blogspot.com/ JSON API: https://api.destroy.tools/v1/check?domain=apps36-facebook.blogspot.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 179,093 domains (50,697 alive under monitoring, 128,396 confirmed takedowns/dead). Site: https://phishdestroy.io