# PhishDestroy threat dossier — eacquisitions.net.draken-dominic.com
================================================================

Fetched:   2026-06-25 16:42:22 UTC
Canonical: https://phishdestroy.io/domain/eacquisitions.net.draken-dominic.com/

## VERDICT
----------------------------------------------------------------
TAKEN DOWN (neutralised)
Composite threat score: 83/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      2/91 security vendors flagged this domain
  Flagging vendors: SOCRadar, Webroot
Public blocklists: listed on 1 independent blocklist

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      194.36.191.196 (NL, Naaldwijk)
ASN:             ASAS60117 HS Host Sailor Ltd, AE
Hosting org:     AS60117 Host Sailor Ltd
Registrar:       ENOM, INC.
Nameservers:     ns5.nl.hostsailor.com, ns6.nl.hostsailor.com
Registered:      2022-11-16
Expires:         2026-11-16
Page title:      Enterprise Acquisitions
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / YR1
Expires:    2026-09-06
Status:     INVALID chain
Fingerprint: 175b6e3745ffb471f34c132e3e0241046f9ec4dc6e2b8fe8dd77832049a30ec2
Subject Alternative Names (related infrastructure — often same operator):
  - eacquisitions.net
  - www.eacquisitions.net.draken-dominic.com

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: CLOSED — no report required.
This domain was neutralised before the abuse-report cycle could be dispatched — either
the hosting provider / registrar suspended it on their own, the DNS went dead, or the
operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file
for audit but no formal notice was sent.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2022-11-16 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-06-19 02:38:33 UTC (by PhishDestroy tracker)
First reported:    2026-06-19 00:51:01 UTC (abuse notice filed)
Last verified:     2026-06-25 18:18:28 UTC
Neutralised:       2026-06-19 03:04:36 UTC
Current status:    taken down (registrar suspended or DNS dead)

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019edd4f-2992-7203-b312-6f34c6984b9c/
URLQuery:         https://urlquery.net/report/4783bfbf-7a36-435c-b24d-790ab0b100ae
Wayback Machine:  https://web.archive.org/web/*/eacquisitions.net.draken-dominic.com
crt.sh CT logs:   https://crt.sh/?q=%25.eacquisitions.net.draken-dominic.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=eacquisitions.net.draken-dominic.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/eacquisitions.net.draken-dominic.com
URLhaus:          https://urlhaus.abuse.ch/host/eacquisitions.net.draken-dominic.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-06-25 18:00:08 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

This domain is flagged as a high-risk generic phishing infrastructure designed to impersonate Enterprise Acquisitions, a likely target for credential harvesting or fraudulent financial transactions. The site uses a deceptive page title, 'Enterprise Acquisitions,' to mimic legitimate corporate portals, increasing the likelihood of successful social engineering attacks against employees, partners, or clients of the targeted entity. Analysis indicates the domain is actively used in phishing campaigns, with infrastructure optimized for evasion and rapid deployment of malicious content.  Infrastructure analysis reveals the domain was registered on November 16, 2022, through ENOM, INC., and is hosted on a server located in the Netherlands (AS60117 Host Sailor Ltd) resolving to IP address 194.36.191.196. The SSL certificate is issued by Let's Encrypt (YR1), a common tactic to lend superficial legitimacy to phishing sites. Detection metrics show the domain is flagged by 2 out of 95 security vendors on VirusTotal and appears on at least one security blocklist, specifically PhishDestroy. Despite these detections, the domain remains active, indicating ongoing malicious operations.  Users who have visited eacquisitions.net.draken-dominic.com should immediately cease all interaction and assume any credentials or sensitive information entered has been compromised. Affected individuals should rotate passwords for all accounts accessed from the same device or network, enable multi-factor authentication where available, and monitor financial transactions for unauthorized activity. Organizations should block the domain and associated IP address (194.36.191.196) at the network perimeter, update endpoint protection rules, and conduct internal awareness training to mitigate further exposure. Incident response teams should preserve logs for forensic analysis to determine the scope of any potential breach.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260619-2834E9
Favicon MD5:       15a4a9a2c897b5988e0a4425a2294ae6
TLS cert SHA-256:      175b6e3745ffb471f34c132e3e0241046f9ec4dc6e2b8fe8dd77832049a30ec2

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/eacquisitions.net.draken-dominic.com/
JSON API:          https://api.destroy.tools/v1/check?domain=eacquisitions.net.draken-dominic.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 169,971 domains (14,671 alive under monitoring, 154,619 confirmed takedowns/dead). Site: https://phishdestroy.io