# PhishDestroy threat dossier — identity-hub.credit-agency-meta.com ================================================================ Fetched: 2026-05-15 12:13:20 UTC Canonical: https://phishdestroy.io/domain/identity-hub.credit-agency-meta.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: phishing_login Targeted brand: meta ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 23/92 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, Chong Lua Dao, Cluster25, CRDF, CyRadar, ESET, Emsisoft, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, LevelBlue, Lionic, MalwareURL, Netcraft, OpenPhish, Seclookup, SOCRadar, Sophos, VIPRE URLQuery: 2 detections Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.66.0.96 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: Cloudflare, Inc. Registrar: Gransy, s.r.o. Nameservers: ns.gransy.com, ns2.gransy.com, ns3.gransy.com, ns4.gransy.com, ns5.gransy.com Registered: 2026-05-11 Page title: Accounts Centre HTTP response: 530 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-08-07 Status: INVALID chain Fingerprint: 671e2b988e02765f6a47fbd7f54a1367e3bbc1900bbe21393aa3ec5fd0a0ec28 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-05-11 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-11 02:32:27 UTC (by PhishDestroy tracker) Earliest abuse rec: 2026-05-10 23:33:21 UTC — PREDATES current WHOIS registration; retained from a previous registration cycle of the same domain name Last verified: 2026-05-15 13:42:34 UTC Neutralised: 2026-05-12 02:58:57 UTC Current status: taken down (registrar suspended or DNS dead) Note: one or more events above predate the WHOIS creation date. This typically means the same domain name was previously registered, detected, dropped, and then re-registered by a new party. PhishDestroy preserves the full historical record for operator-attribution research even when the underlying infrastructure changes hands. ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019e143a-3ff9-7213-b786-e44cdba57da6/ URLQuery: https://urlquery.net/report/31c3efa7-9fd1-49ec-a8e6-d8b060659514 Wayback Machine: https://web.archive.org/web/*/identity-hub.credit-agency-meta.com crt.sh CT logs: https://crt.sh/?q=%25.identity-hub.credit-agency-meta.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=identity-hub.credit-agency-meta.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/identity-hub.credit-agency-meta.com URLhaus: https://urlhaus.abuse.ch/host/identity-hub.credit-agency-meta.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-11 02:33:36 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies identity-hub.credit-agency-meta.com as an active crypto drainer phishing site masquerading as a legitimate credit agency. The domain employs deceptive tactics to trick users into connecting crypto wallets or entering sensitive credentials, which are then exploited to siphon digital assets. This threat operates by luring victims under the false pretense of credit-related services, ultimately leading to financial loss. The domain was registered through Gransy, s.r.o., on November 12, 2025, a relatively recent creation designed to evade long-term detection mechanisms. This domain poses elevated risk, confirmed by multiple security indicators. VirusTotal analysis reveals 23 out of 95 security vendors flag this domain as malicious, highlighting its widespread recognition as a threat. It has been blocked by the Open Intelligence Security Database (OISD), a reputable blocklist used by organizations to filter malicious domains. The site resolves to IP address 172.66.0.96, a hosting infrastructure associated with fraudulent activity. Additionally, the domain leverages a Google Trust Services SSL certificate, which phishers often abuse to appear legitimate and bypass browser warnings. These technical indicators collectively underscore the domain’s malicious intent and the urgency for user caution. If you visited identity-hub.credit-agency-meta.com, immediately disconnect your crypto wallet from the site and revoke any permissions granted. Do not enter personal or financial information. Scan your devices for malware and consider rotating wallet credentials. Report the domain to PhishDestroy for further analysis and blocklisting. Exercise heightened vigilance when engaging with unsolicited links or unfamiliar domains claiming to offer credit services. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260510-54F346 Favicon MD5: 11e815fcc46522874043fec1a1423f31 TLS cert SHA-256: 671e2b988e02765f6a47fbd7f54a1367e3bbc1900bbe21393aa3ec5fd0a0ec28 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/identity-hub.credit-agency-meta.com/ JSON API: https://api.destroy.tools/v1/check?domain=identity-hub.credit-agency-meta.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 149,787 domains (37,044 alive under monitoring, 112,462 confirmed takedowns/dead). Site: https://phishdestroy.io