# PhishDestroy threat dossier — coinplanets.net ================================================================ Fetched: 2026-07-01 19:45:54 UTC Canonical: https://phishdestroy.io/domain/coinplanets.net/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 92/100 (PhishDestroy scoring — see methodology below) Scam classification: Generic Phishing ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: Bfore.Ai PreCrime Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.67.213.161 (US, San Francisco) ASN: ASAS13335 CLOUDFLARENET - Cloudflare, Inc., US Hosting org: AS13335 Cloudflare, Inc. Registrar: Cloudflare, Inc. Nameservers: isaac.ns.cloudflare.com, sima.ns.cloudflare.com Registered: 2026-04-22 Expires: 2027-04-22 Page title: Coin Planet — SUPER Mining on BNB Smart Chain HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-08-07 Status: INVALID chain Fingerprint: bfe56dfff2988a824e15f59e5332348fcb4a8ce213e14357917842d15f8e4553 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-22 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-30 04:19:04 UTC (by PhishDestroy tracker) First reported: 2026-05-30 04:17:46 UTC (abuse notice filed) Last verified: 2026-07-01 20:20:36 UTC Neutralised: 2026-05-30 06:30:42 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019e7674-840c-7496-a9aa-031e6ff091aa/ Wayback Machine: https://web.archive.org/web/*/coinplanets.net crt.sh CT logs: https://crt.sh/?q=%25.coinplanets.net Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=coinplanets.net AlienVault OTX: https://otx.alienvault.com/indicator/domain/coinplanets.net URLhaus: https://urlhaus.abuse.ch/host/coinplanets.net/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-25 18:36:33 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged as a high-risk generic phishing threat. Analysis indicates that coinplanets.net presents itself as a cryptocurrency-related platform using the page title "Coin Planet — SUPER Mining on BNB Smart Chain." Such themes are commonly associated with credential harvesting, fraudulent account registration workflows, wallet-targeting campaigns, and social-engineering techniques designed to obtain sensitive user information or digital assets. The active status of the site increases exposure risk because visitors may still encounter phishing content, deceptive investment messaging, or requests for authentication data. Infrastructure analysis reveals that the domain resolves to IP address 172.67.213.161 and is hosted within AS13335 infrastructure located in the United States. Registration records indicate the domain was registered through Cloudflare, Inc. and was created on April 22, 2026. Security telemetry shows VirusTotal detection of 1/95 security vendors, demonstrating limited but existing security concern. The domain appears on 1 security blocklist and has been blocked by PhishDestroy. TLS deployment is present through a certificate issued by Google Trust Services / WE1. While encrypted connections may create an appearance of legitimacy, certificate presence should not be interpreted as evidence of trustworthiness. The combination of recent domain creation, active status, phishing classification, and blocklist inclusion contributes to the overall high-risk assessment. Users who visited this domain should consider any credentials, wallet information, authentication tokens, recovery phrases, or personal information entered on the site potentially exposed. Immediate actions should include changing affected passwords, enabling multi-factor authentication where available, reviewing account access logs, monitoring financial and cryptocurrency accounts for unauthorized activity, and revoking active sessions if supported. Systems used to access the domain should be scanned for malicious content or unauthorized browser extensions. Organizations should review network logs for connections to coinplanets.net and implement blocking controls to reduce the likelihood of additional exposure. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: ac0af011eb33e12935a610cf59d670cf TLS cert SHA-256: bfe56dfff2988a824e15f59e5332348fcb4a8ce213e14357917842d15f8e4553 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/coinplanets.net/ JSON API: https://api.destroy.tools/v1/check?domain=coinplanets.net Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 173,583 domains (13,386 alive under monitoring, 159,491 confirmed takedowns/dead). Site: https://phishdestroy.io