# PhishDestroy threat dossier — fnradar.com ================================================================ Fetched: 2026-07-15 02:08:05 UTC Canonical: https://phishdestroy.io/domain/fnradar.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 97/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: SOCRadar Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 158.94.211.169 (US, New York) ASN: AS202412 Omegatech LTD Hosting org: Omegatech LTD Registrar: Dominet (HK) Limited Nameservers: a.dnspod.com, b.dnspod.com, c.dnspod.com, ns-cloud-c1.googledomains.com, ns-cloud-c2.googledomains.com Registered: 2026-07-13 Expires: 2027-07-13 Page title: Loading HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YE2 Expires: 2026-10-11 Status: INVALID chain Fingerprint: 7c33492f1b129c8848e40c8960e70947f5c5ed448daed7a1f4b298c1e9d6fccb ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-13 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-14 23:07:51 UTC (by PhishDestroy tracker) First reported: 2026-07-14 21:12:30 UTC (abuse notice filed) Last verified: 2026-07-15 02:00:18 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f6273-eaae-76eb-bba9-bb7852becd9f/ URLQuery: https://urlquery.net/report/0940b7e4-1d6d-4fc5-a13c-b7e3c67e6aab Wayback Machine: https://web.archive.org/web/*/fnradar.com crt.sh CT logs: https://crt.sh/?q=%25.fnradar.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=fnradar.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/fnradar.com URLhaus: https://urlhaus.abuse.ch/host/fnradar.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-14 23:20:26 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] fnradar.com was registered on 2026-07-13 through Dominet (HK) Limited and is currently served by the authoritative name servers a.dnspod.com, b.dnspod.com, c.dnspod.com, ns-cloud-c1.googledomains.com and ns-cloud-c2.googledomains.com. The domain resolves to the IPv4 address 158.94.211.169, which returns HTTP status code 200 and presents the page title “Loading”. These indicators align with the classification of a generic phishing infrastructure. The rapid creation date, the use of multiple DNS providers, and the active HTTP response suggest the site is operational and may be used to host credential‑harvesting pages, although the exact content has not been publicly analyzed. The threat is currently listed as under_investigation and the domain status remains active as of the report date. No additional artifacts such as malware hashes, payload URLs, or victim reports are presently available. Confidence in the phishing intent is based solely on the observed infrastructure and the generic_phishing label. Defenders should consider adding the domain and its resolved IP to blocklists, monitor DNS queries for the listed name servers, and, if possible, sinkhole traffic to the IP to disrupt potential phishing campaigns. Ongoing observation is required to determine whether the site begins serving malicious forms or redirects. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260714-AEE9EC TLS cert SHA-256: 7c33492f1b129c8848e40c8960e70947f5c5ed448daed7a1f4b298c1e9d6fccb ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/fnradar.com/ JSON API: https://api.destroy.tools/v1/check?domain=fnradar.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,935 domains (50,540 alive under monitoring, 128,395 confirmed takedowns/dead). Site: https://phishdestroy.io