# PhishDestroy threat dossier — dapp-protocol.org ================================================================ Fetched: 2026-04-22 20:53:36 UTC Canonical: https://phishdestroy.io/domain/dapp-protocol.org/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 57/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 4/94 security vendors flagged this domain Flagging vendors: Gridinsoft, Seclookup URLQuery: 2 detections ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.97.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: GoDaddy.com, LLC Nameservers: carrera.ns.cloudflare.com, merlin.ns.cloudflare.com Registered: 2026-03-28 Page title: RPC Browser HTTP response: 403 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E8 Expires: 2026-06-28 Status: INVALID chain Fingerprint: 524baa3fe33875950617e396dfb5f2d9492b36b10f5fa5285a1fa19e058cac74 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-03-28 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-21 19:49:00 UTC (by PhishDestroy tracker) First reported: 2026-04-21 16:49:45 UTC (abuse notice filed) Last verified: 2026-04-22 23:52:57 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019db0f0-a89c-72a8-abb7-ce795fceac29/ URLQuery: https://urlquery.net/report/073c33e1-7cc3-40d6-99b6-858e42c9c6c8 Wayback Machine: https://web.archive.org/web/*/dapp-protocol.org crt.sh CT logs: https://crt.sh/?q=%25.dapp-protocol.org Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=dapp-protocol.org AlienVault OTX: https://otx.alienvault.com/indicator/domain/dapp-protocol.org URLhaus: https://urlhaus.abuse.ch/host/dapp-protocol.org/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-21 19:50:00 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain dapp-protocol.org has been confirmed as a DeFi wallet phishing site actively luring victims. This malicious domain is currently classified as an elevated threat and remains operational as of the latest analysis. This domain (dapp-protocol.org) is flagged by 2 of 95 security vendors on VirusTotal, indicating minimal but present detection coverage. Registered through GoDaddy.com, LLC, the domain resolves to IP address 188.114.97.3 and holds a Let’s Encrypt SSL certificate. The domain was created on March 28, 2026, suggesting recent deployment intended for short-term campaigns. With low trust scores across available threat intelligence feeds, the site exhibits characteristics typical of opportunistic phishing operations targeting cryptocurrency users. Current status shows sustained malicious activity, with no evidence of takedown. It is strongly recommended to block both the domain dapp-protocol.org and its associated IP (188.114.97.3) at the network perimeter. Users and organizations are advised to avoid interacting with this domain, verify sender authenticity in related communications, and consider flagging it in internal DNS and proxy filters. Ongoing monitoring for similar domains and related campaigns is advised due to the evolving nature of cryptocurrency-focused phishing. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260421-29AD4B TLS cert SHA-256: 524baa3fe33875950617e396dfb5f2d9492b36b10f5fa5285a1fa19e058cac74 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/dapp-protocol.org/ JSON API: https://api.destroy.tools/v1/check?domain=dapp-protocol.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io