# PhishDestroy threat dossier — i-love-my-freedom.beer ================================================================ Fetched: 2026-05-04 13:25:05 UTC Canonical: https://phishdestroy.io/domain/i-love-my-freedom.beer/ ## VERDICT ---------------------------------------------------------------- HIGH THREAT — malicious activity confirmed Composite threat score: 60/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/95 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.96.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: DYNADOT LLC Nameservers: iris.ns.cloudflare.com, karl.ns.cloudflare.com Registered: 2026-04-19 Page title: Jitsi Meet HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E7 Expires: 2026-07-18 Status: INVALID chain Fingerprint: ad0b44772398bc26e64ec5ed322f5c97ab334ea1fbd976250c9b447c1225a31b ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-19 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-04 12:12:58 UTC (by PhishDestroy tracker) First reported: 2026-05-04 09:14:13 UTC (abuse notice filed) Last verified: 2026-05-04 13:50:03 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019df241-4a84-71e1-a6ce-970c23440c52/ URLQuery: https://urlquery.net/report/ff06b3ad-32f1-4e2f-8ab2-254d7283b024 Wayback Machine: https://web.archive.org/web/*/i-love-my-freedom.beer crt.sh CT logs: https://crt.sh/?q=%25.i-love-my-freedom.beer Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=i-love-my-freedom.beer AlienVault OTX: https://otx.alienvault.com/indicator/domain/i-love-my-freedom.beer URLhaus: https://urlhaus.abuse.ch/host/i-love-my-freedom.beer/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-04 12:15:05 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies i-love-my-freedom.beer as a deceptive site claiming to be Jitsi Meet, a legitimate video-conferencing tool. This fake page aims to trick users into entering meeting credentials or downloading malware disguised as a client installer. The page displays a plausible Jitsi Meet interface but funnels stolen data to attacker-controlled servers. This domain was flagged by PhishDestroy on seed 7199fd. Investigation shows it was registered through DYNADOT LLC on April 19, 2026, and currently resolves to IP 188.114.96.3 using a Let's Encrypt SSL certificate. VirusTotal scanning confirms 0 out of 95 detection engines flagged it as malicious at the time of analysis. If you visited this site, do not enter any login credentials or download files. Immediately close the browser tab, run a full antivirus scan, and change any passwords you may have entered. Report the domain to your IT team and consider enabling multi-factor authentication on all critical accounts. Monitor your device for unusual activity and be cautious of any unexpected meeting invites or file downloads. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260504-4E588E TLS cert SHA-256: ad0b44772398bc26e64ec5ed322f5c97ab334ea1fbd976250c9b447c1225a31b ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/i-love-my-freedom.beer/ JSON API: https://api.destroy.tools/v1/check?domain=i-love-my-freedom.beer Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 145,566 domains (56,063 alive under monitoring, 89,135 confirmed takedowns/dead). Site: https://phishdestroy.io