# PhishDestroy threat dossier — meritking10004.com ================================================================ Fetched: 2026-07-05 05:13:47 UTC Canonical: https://phishdestroy.io/domain/meritking10004.com/ ## VERDICT ---------------------------------------------------------------- HIGH THREAT — malicious activity confirmed Composite threat score: 62/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, CRDF AlienVault OTX: 4 pulses (threat-intel feed mentions) Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: ["candy.ns.cloudflare.com", "edward.ns.cloudflare.com"] Registered: 2026-06-11 Expires: 2027-06-11 HTTP response: 403 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-11 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-11 18:30:32 UTC (by PhishDestroy tracker) First reported: 2026-06-15 00:27:29 UTC (abuse notice filed) Last verified: 2026-07-05 04:20:35 UTC Current status: ACTIVE / observable ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-25 23:38:44 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, meritking10004.com, is actively involved in credential harvesting and generic phishing operations. Visitors who interact with the site risk exposing login credentials, financial details, or other sensitive personal information to unauthorized third parties. The site may mimic legitimate services, such as banking portals, e-commerce platforms, or corporate login pages, to deceive users into submitting their data. Phishing sites of this nature often employ social engineering tactics, including urgent language or fake alerts, to pressure victims into immediate action without scrutiny. Analysis indicates meritking10004.com was registered on June 11, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. As of the latest assessment, 2 out of 95 security vendors on VirusTotal have flagged the domain as malicious. The domain appears in 4 threat intelligence pulses on AlienVault OTX and is listed on at least one security blocklist. Infrastructure analysis reveals the use of Cloudflare and HTTP/3, which are commonly employed to obfuscate the true origin of the server and evade detection. The combination of recent registration, low but consistent detection rates, and presence in threat intelligence feeds suggests an active and evolving phishing campaign. If you have visited meritking10004.com or entered any information on the site, immediate action is required. First, cease all interaction with the domain and do not respond to any communications claiming to be from the site. If credentials were submitted, change passwords for all accounts where the same or similar login details were used, prioritizing financial, email, and work-related accounts. Enable multi-factor authentication where available to add an additional layer of security. Monitor accounts for unauthorized activity, such as unfamiliar transactions or password reset attempts. Report the incident to your organization’s IT security team if the exposure occurred on a work device or involved corporate credentials. Additionally, consider filing a report with relevant cybersecurity authorities or consumer protection agencies to aid in tracking and mitigating the threat. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/meritking10004.com/ JSON API: https://api.destroy.tools/v1/check?domain=meritking10004.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 174,839 domains (12,676 alive under monitoring, 161,290 confirmed takedowns/dead). Site: https://phishdestroy.io