# coolshopp367.store — SUSPICIOUS

> coolshopp367.store is a generic phishing site with 0/95 VirusTotal detections, masquerading as a shopping portal to steal credentials.

## Summary
PhishDestroy identifies coolshopp367.store as an active generic phishing domain currently under investigation for hosting fraudulent e-commerce lures. The domain employs no known brand impersonation or drainer kit at this stage, suggesting a freshly deployed campaign aimed at harvesting account credentials or payment data under the guise of a shopping portal. The threat actor likely leverages social engineering tactics, such as fake discounts or limited-time offers, to coerce victims into submitting sensitive information through a spoofed checkout interface. No affiliation with legitimate retailers has been confirmed, and the domain remains unaligned with specific malware families or phishing toolkits in open-source intelligence (OSINT) repositories.  This domain resolves to IP 172.67.219.78 and operates under a Google Trust Services SSL certificate, which may lend it superficial legitimacy to unsuspecting users. VirusTotal currently reports 0/95 detection engines flagging the domain, indicating it has evaded automated scanning tools thus far. The domain was registered recently, though the exact creation date is not publicly disclosed in WHOIS records. The registrar remains unverified in this report, but the infrastructure aligns with fast-flux hosting patterns common in low-effort phishing operations. As of this report, the domain has not been blacklisted by major threat intelligence platforms (e.g., Google Safe Browsing, PhishTank), and no third-party blocklists have flagged it. The absence of detections and blocklist entries highlights the urgency of proactive blocking and manual investigation by security teams.  The investigation into coolshopp367.store remains ongoing as of the latest assessment. Security researchers are advised to monitor the domain for changes in infrastructure, SSL certificate rotation, or shifts in payload delivery mechanisms. Immediate containment measures include adding the domain and IP (172.67.219.78) to organizational blocklists and DNS sinkholes. End users should refrain from visiting the site and report any accidental interactions to their IT security teams. Given the domain’s active status and unflagged status in VirusTotal, the risk level is elevated despite the lack of observed malicious payloads. Proactive threat hunting is recommended to detect potential inbound traffic from compromised user agents or misdirected internal queries. The residual risk remains high until the campaign’s objectives, infrastructure stability, and associated threat actor TTPs (tactics, techniques, and procedures) are fully elucidated.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.67.219.78

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d96ae154-9581-4088-89f8-838d20586124
- PhishDestroy: https://phishdestroy.io/domain/coolshopp367.store/
- LLM endpoint: https://phishdestroy.io/domain/coolshopp367.store/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coolshopp367.store/
Last updated: 2026-03-22