# dahono.com — SUSPICIOUS

> PhishDestroy identifies dahono.com as a credential harvesting phishing domain. Resolving to 76.76.21.21, it has 0 detections on VirusTotal despite active.

## Summary
PhishDestroy identifies dahono.com as an active credential harvesting phishing domain.

The domain dahono.com poses as a legitimate service to deceive users into entering sensitive credentials. As of investigation time (seed ca6e08), the domain remains active and unresolved by security vendors, flagged by 0 of 95 VirusTotal vendors. Registered through WEBCC on October 11, 2023, the domain resolves to IP address 76.76.21.21 and utilizes a Let's Encrypt SSL certificate. No blocklist entries or trust score data are currently available, indicating a newly emerged and unscrutinized threat.

Technical analysis reveals dahono.com exhibits low visibility in threat intelligence feeds, with no detections on VirusTotal despite hosting credential harvesting infrastructure. The domain's recent registration and lack of historical data suggest opportunistic deployment. Risk assessment remains under investigation but is currently classified as active, with potential for rapid escalation as the campaign expands.

Users are advised to avoid interacting with dahono.com and report any encountered phishing attempts immediately. Organizations should implement DNS-based blocking for the domain and IP address 76.76.21.21. Verify traffic logs for queries to this domain and quarantine endpoints showing signs of compromise. Report phishing attempts to security teams and relevant abuse channels to aid in rapid takedown.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2023-10-11 04:55:06
- Registrar: WEBCC
- IP: 76.76.21.21

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ceb47c9b-8989-4d05-a44a-a5491edbed11
- PhishDestroy: https://phishdestroy.io/domain/dahono.com/
- LLM endpoint: https://phishdestroy.io/domain/dahono.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dahono.com/
Last updated: 2026-03-27