# PhishDestroy threat dossier — iotapolicyreview.org ================================================================ Fetched: 2026-07-11 09:45:26 UTC Canonical: https://phishdestroy.io/domain/iotapolicyreview.org/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 59/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 4/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Fortinet, G-Data, Sophos Public blocklists: listed on 2 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 158.94.210.99 ASN: ASAS202412 OMEGATECH-AS Omegatech LTD, SC Registrar: Squarespace Domains LLC Nameservers: chuck.ns.cloudflare.com, jessica.ns.cloudflare.com Registered: 2026-07-09 Expires: 2027-07-09 Page title: Docusign - Download to Review & Sign Document HTTP response: 200 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-09 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-11 02:32:41 UTC (by PhishDestroy tracker) Last verified: 2026-07-11 10:32:08 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f4e95-dc34-71ef-ab32-f1b287f939e6/ Wayback Machine: https://web.archive.org/web/*/iotapolicyreview.org crt.sh CT logs: https://crt.sh/?q=%25.iotapolicyreview.org Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=iotapolicyreview.org AlienVault OTX: https://otx.alienvault.com/indicator/domain/iotapolicyreview.org URLhaus: https://urlhaus.abuse.ch/host/iotapolicyreview.org/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-11 03:03:15 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, iotapolicyreview.org, is flagged as a high-risk generic phishing threat designed to harvest user credentials through a fraudulent policy review portal. Analysis indicates no direct association with known brand impersonation or crypto drainer kits, but the infrastructure mimics legitimate policy compliance platforms to deceive targets. The phishing scheme likely targets corporate or government employees by presenting fake login interfaces under the guise of mandatory policy updates or compliance checks, a tactic commonly observed in credential theft campaigns. Infrastructure analysis reveals the following technical indicators: the domain was registered on July 09, 2026, through Squarespace Domains LLC, a registrar frequently exploited for phishing operations. It currently resolves to IP address 158.94.210.99 and employs a Let's Encrypt SSL certificate, a common tactic to appear legitimate. VirusTotal reports 4 out of 95 security vendors flagging the domain as malicious, while Google Safe Browsing (GSB) status remains unconfirmed. No additional blocklist entries were identified beyond the VirusTotal detections. Detected technologies include Contentful for content management, Nginx as the web server, LiveChat for potential social engineering, and HTTP/3 for enhanced performance, all of which are consistent with modern phishing infrastructure. As of the latest assessment, the domain remains active and unmitigated, posing a continued risk to users. Response actions should include immediate blocklisting at the network and endpoint levels, particularly for organizations in sectors likely targeted by policy-related phishing. Users are advised to verify the legitimacy of any policy-related communications through official channels and avoid entering credentials on untrusted portals. The remaining risk is classified as high due to the domain's active status, plausible impersonation tactics, and low detection rate among security vendors, which may allow it to evade initial defenses. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/iotapolicyreview.org/ JSON API: https://api.destroy.tools/v1/check?domain=iotapolicyreview.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 177,282 domains (50,543 alive under monitoring, 126,601 confirmed takedowns/dead). Site: https://phishdestroy.io