# PhishDestroy threat dossier — blast-dapp.xyz ================================================================ Fetched: 2026-07-14 10:53:38 UTC Canonical: https://phishdestroy.io/domain/blast-dapp.xyz/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Credential Phishing Targeted brand: Blast ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 13/91 security vendors flagged this domain Flagging vendors: Forcepoint ThreatSeeker URLQuery: -1 detections AlienVault OTX: 1 pulses (threat-intel feed mentions) Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 13.248.169.48 (CA, Montreal) ASN: AS16509 Amazon.com, Inc. Hosting org: AWS Global Accelerator (GLOBAL) Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Nameservers: ["ns5.afternic.com", "ns6.afternic.com", "verification-gakbzzzqmt6gkcplw4efpp.ns101.verify.hn"] Registered: 2026-05-21 HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: GoDaddy.com / GoDaddy TLS Intermediate CA DV - R1v1 Expires: 2026-12-04 Status: INVALID chain Fingerprint: bb0f6693dc4daad2ca10364d25f493044ccac7b6150fada5c79dfbd54663a9b4 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-05-21 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-21 14:00:08 UTC (by PhishDestroy tracker) First reported: 2026-06-15 00:27:29 UTC (abuse notice filed) Last verified: 2026-07-14 12:20:41 UTC Neutralised: 2026-05-27 12:09:24 UTC Current status: taken down (registrar suspended or DNS dead) ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-13 00:23:53 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] blast-dapp.xyz is an active .xyz domain created on 21 May 2026 and currently resolves to the IPv4 address 13.248.169.48, which is hosted in the Canada region of Amazon Web Services Global Accelerator. The domain is registered through GMO Internet Group, Inc. (trading as Onamae.com) and uses a GoDaddy DV TLS Intermediate CA certificate. Authoritative name servers are ns5.afternic.com, ns6.afternic.com, and verification‑gakbzzzqmt6gkcplw4efpp.ns. HTTP requests return a 200 status code, indicating a live web service, though the page content has not been disclosed. The site is classified as a credential‑phishing operation targeting the brand Blast, as indicated by the intelligence feed. One of ninety‑one VirusTotal scanners flagged the domain, and it appears in an AlienVault OTX pulse and three public blocklists. Additional block‑list entries include PhishDestroy, MetaMask, and SEAL, and Gridinsoft assigned a trust score of 0 / 100. Infrastructure analysis suggests the operator leverages legitimate cloud acceleration services to obscure the true origin of the malicious host. No additional indicators such as payload hashes, phishing page screenshots, or malware drops have been released. Defenders should block DNS resolution to 13.248.169.48 and add blast-dapp.xyz to URL filtering policies. Monitoring of TLS certificate changes and name‑server updates is advised, as well as periodic re‑scanning to detect potential changes in payload delivery. Incident response teams should treat any credential submissions to this domain as compromised and enforce credential reset procedures for affected Blast users. ## EVIDENCE HASHES ---------------------------------------------------------------- TLS cert SHA-256: bb0f6693dc4daad2ca10364d25f493044ccac7b6150fada5c79dfbd54663a9b4 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/blast-dapp.xyz/ JSON API: https://api.destroy.tools/v1/check?domain=blast-dapp.xyz Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,477 domains (50,150 alive under monitoring, 128,327 confirmed takedowns/dead). Site: https://phishdestroy.io