# PhishDestroy threat dossier — d43ik5x4ml.hadi.successhacker.org ================================================================ Fetched: 2026-06-28 08:50:06 UTC Canonical: https://phishdestroy.io/domain/d43ik5x4ml.hadi.successhacker.org/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 65/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 5/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, CRDF, Forcepoint ThreatSeeker, Gridinsoft, SOCRadar Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- Registrar: GoDaddy.com, LLC Nameservers: ["ns1.supercp.com", "ns2.supercp.com"] Registered: 2026-06-08 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-08 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-09 05:31:05 UTC (by PhishDestroy tracker) First reported: 2026-06-15 03:45:18 UTC (abuse notice filed) Last verified: 2026-06-28 08:20:34 UTC Neutralised: 2026-06-10 12:13:32 UTC Current status: taken down (registrar suspended or DNS dead) ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-26 01:48:41 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is assessed as an elevated-risk crypto wallet drainer phishing site targeting cryptocurrency users through deceptive transaction prompts. Analysis indicates the infrastructure was designed to mimic legitimate wallet interfaces, tricking victims into authorizing malicious smart contracts that siphon funds from connected wallets. The threat type aligns with observed patterns of crypto drainer operations, where attackers exploit Web3 authentication flows to execute unauthorized transfers without user awareness. Infrastructure analysis reveals the domain d43ik5x4ml.hadi.successhacker.org was registered on June 08, 2026, through GoDaddy.com, LLC. At the time of assessment, it appeared on three independent security blocklists and was actively blocked by wallet security extensions and phishing detection systems. VirusTotal detection metrics show 5 out of 95 security vendors flagged the domain as malicious, with behavioral signatures consistent with crypto wallet drainer activity. The domain has since been taken offline, though residual DNS records or cached pages may persist in some networks. No associated IP address was provided in available intelligence, limiting further infrastructure correlation. Organizations and end users are advised to implement the following mitigation measures specific to crypto wallet drainer threats. First, enforce strict transaction confirmation policies requiring manual review of all smart contract interactions, particularly those requesting token approvals or signature requests. Second, deploy browser-based wallet security extensions that block known phishing domains and alert users to suspicious transaction patterns. Third, monitor wallet addresses for unexpected token approvals using blockchain explorers and revoke any unauthorized allowances immediately. Network-level protections should include DNS filtering to block subdomains under successhacker.org and similar high-risk parent domains. Cryptocurrency platforms should integrate real-time phishing domain checks into their transaction signing workflows to prevent users from interacting with known malicious infrastructure. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/d43ik5x4ml.hadi.successhacker.org/ JSON API: https://api.destroy.tools/v1/check?domain=d43ik5x4ml.hadi.successhacker.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 170,942 domains (13,576 alive under monitoring, 156,953 confirmed takedowns/dead). Site: https://phishdestroy.io