# direct-auth.org — MALICIOUS

> direct-auth.org is a high-risk phishing domain. Stay protected by avoiding this site and checking updates on its threat status at PhishDestroy.

## Summary
PhishDestroy identifies direct-auth.org as an active generic phishing domain aimed at deceiving users to steal credentials. The domain was registered recently on June 24, 2025, signaling a likely fraudulent intent using fresh infrastructure.

Technical indicators include registration through GoDaddy.com, LLC and resolution to IP 185.163.85.65. VirusTotal flags the domain by 12 out of 95 security vendors, confirming suspicious activity associated with phishing campaigns linked to this IP.

Currently, direct-auth.org remains active and poses a high risk to users. PhishDestroy recommends avoiding interaction with the domain and monitoring updates as investigation continues to mitigate impact.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 200)
- Page title: direct-auth.org/

## Domain Intelligence
- Registered: 2026-03-05 13:07:01
- Registrar: GoDaddy.com, LLC
- Country: US
- IP: 185.163.85.65
- IP Country: SE
- IP City: Stockholm
- IP Org: AS42695 Cleura AB
- Nameservers: ["ns19.domaincontrol.com", "ns20.domaincontrol.com"]
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "G-Data", "Kaspersky", "Lionic", "Seclookup", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/zT5vzY1j/1066cabe362c.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/direct-auth.org
- Wayback Machine: https://web.archive.org/web/https://direct-auth.org
- PhishDestroy: https://phishdestroy.io/domain/direct-auth.org/
- LLM endpoint: https://phishdestroy.io/domain/direct-auth.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/direct-auth.org/
Last updated: 2026-03-19