# PhishDestroy threat dossier — emailprodubanco.iceiy.com
================================================================

Fetched:   2026-04-23 15:56:42 UTC
Canonical: https://phishdestroy.io/domain/emailprodubanco.iceiy.com/

## VERDICT
----------------------------------------------------------------
HIGH THREAT — malicious activity confirmed
Composite threat score: 63/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      17/95 security vendors flagged this domain
  Flagging vendors: BitDefender, Certego, CRDF, CyRadar, ESET, Forcepoint ThreatSeeker, G-Data, Gridinsoft, Kaspersky, Lionic, MalwareURL, Phishing Database, Seclookup, Sophos, Trustwave, URLQuery, Webroot
Public blocklists: listed on 1 independent blocklist
Victim re-reports (public form): 1

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      185.27.134.115 (GB, Salford)
ASN:             ASAS34119 WILDCARD-AS Wildcard UK Limited, GB
Hosting org:     AS34119 Wildcard UK Limited
Registrar:       Porkbun LLC
Nameservers:     ns1.byet.org, ns2.byet.org, ns3.byet.org, ns4.byet.org, ns5.byet.org
Registered:      2020-12-06
Page title:      502 Bad Gateway
HTTP response:   403

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     ZeroSSL / ZeroSSL ECC Domain Secure Site CA
Expires:    2025-10-28
Status:     INVALID chain
Fingerprint: 0dca121be0603947eca1d7917700fe58437f1fe9da124ff3116d3373a2067710
Subject Alternative Names (related infrastructure — often same operator):
  - iceiy.com

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2020-12-06 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-02-25 02:39:27 UTC (by PhishDestroy tracker)
First reported:    2025-12-05 15:09:13 UTC (abuse notice filed)
Last verified:     2026-04-23 13:32:55 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019aef0f-2c12-718e-a8d9-9b535791e761/
Wayback Machine:  https://web.archive.org/web/*/emailprodubanco.iceiy.com
crt.sh CT logs:   https://crt.sh/?q=%25.emailprodubanco.iceiy.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=emailprodubanco.iceiy.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/emailprodubanco.iceiy.com
URLhaus:          https://urlhaus.abuse.ch/host/emailprodubanco.iceiy.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-03-03 03:12:03 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies emailprodubanco.iceiy.com as a high-risk phishing domain designed to deceive users. Although currently offline, it was flagged due to its potential to trick individuals into revealing sensitive information. Users should remain cautious as phishing sites like this can lead to identity theft or financial loss.

This phishing attempt typically works by mimicking legitimate banking or email services, prompting victims to enter credentials or personal data. The domain resolved to an IP address linked with suspicious activity and was listed on multiple security blocklists. The 502 Bad Gateway error suggests the site is offline, but the threat remains relevant as attackers may reuse similar tactics.

To stay safe, users should avoid clicking on suspicious links or emails referencing this domain. Always verify the legitimacy of websites by checking URLs carefully and using security tools. Reporting such domains to cybersecurity platforms and keeping software updated can help prevent falling victim to phishing scams.

## EVIDENCE HASHES
----------------------------------------------------------------
Favicon SHA-256:       56bdfa4dcec9c4bce6bf00e2566c8c2013d9d5ef34e855d3469f1f675577e454
TLS cert SHA-256:      0dca121be0603947eca1d7917700fe58437f1fe9da124ff3116d3373a2067710

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/emailprodubanco.iceiy.com/
JSON API:          https://api.destroy.tools/v1/check?domain=emailprodubanco.iceiy.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io