# PhishDestroy threat dossier — myshop-711-com-tw.099xs.link ================================================================ Fetched: 2026-06-28 10:45:53 UTC Canonical: https://phishdestroy.io/domain/myshop-711-com-tw.099xs.link/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 95/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 6/91 security vendors flagged this domain Flagging vendors: CRDF, Forcepoint ThreatSeeker, Kaspersky, LevelBlue, SOCRadar, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 205.186.112.105 (US, Los Angeles) ASN: AS140869 Turing Group Limited Hosting org: Turing Group Limited Registrar: Unstoppable Domains Inc. Nameservers: ns7.alidns.com, ns8.alidns.com Registered: 2025-09-05 Expires: 2026-09-05 Page title: 恭喜,站点创建成功! HTTP response: 530 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR1 Expires: 2026-09-20 Status: INVALID chain Fingerprint: 31dacbfe0c50b769caeb59f5b59f0c4c8df5dfa675f3dbe0dbc914a8faef84d4 Subject Alternative Names (related infrastructure — often same operator): - myshop-711-com-tw.29182918.link ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2025-09-05 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-27 02:19:19 UTC (by PhishDestroy tracker) First reported: 2026-06-27 00:22:52 UTC (abuse notice filed) Last verified: 2026-06-28 12:20:35 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f0671-2c52-76f9-8ffc-e54de7fd603f/ URLQuery: https://urlquery.net/report/01c6770b-ed24-4f59-9c35-ab9a48431724 Wayback Machine: https://web.archive.org/web/*/myshop-711-com-tw.099xs.link crt.sh CT logs: https://crt.sh/?q=%25.myshop-711-com-tw.099xs.link Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=myshop-711-com-tw.099xs.link AlienVault OTX: https://otx.alienvault.com/indicator/domain/myshop-711-com-tw.099xs.link URLhaus: https://urlhaus.abuse.ch/host/myshop-711-com-tw.099xs.link/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-27 03:00:15 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, myshop-711-com-tw.099xs.link, is identified as a brand impersonation phishing site targeting users of 7-Eleven Taiwan. The site presents a fraudulent login portal designed to harvest credentials, payment details, or other sensitive information from victims who believe they are interacting with a legitimate retail service. The page title, rendered in garbled text as "恭喜,站点创建成功!," suggests a generic success message, likely intended to deceive users into proceeding with account verification or checkout processes. Analysis indicates the site may also attempt to distribute malware or redirect users to additional fraudulent pages under the guise of completing transactions. Infrastructure analysis reveals the domain was registered on September 5, 2025, through Unstoppable Domains Inc., a registrar frequently associated with high-risk or newly observed phishing campaigns. The domain resolves to the IP address 205.186.112.105, which has been linked to multiple other phishing sites in recent months. As of the latest scan, 6 out of 95 security vendors on VirusTotal have flagged this domain as malicious, with detections including phishing, credential theft, and brand abuse. The combination of a newly registered domain, a registrar with a history of hosting fraudulent sites, and a low but notable detection rate underscores the active and evolving nature of this threat. Users who have visited myshop-711-com-tw.099xs.link should take immediate action to mitigate potential risks. First, do not enter any credentials, payment information, or personal details on the site. If any information was already submitted, assume it has been compromised and proceed with the following steps: reset passwords for any accounts accessed on or after the visit, enable multi-factor authentication where available, and monitor financial statements for unauthorized transactions. Scan the device used to access the site with updated security software to detect and remove any malware. Additionally, report the domain to local cybersecurity authorities or the legitimate brand being impersonated to aid in takedown efforts. Organizations should block this domain and its associated IP address (205.186.112.105) at the network level to prevent further exposure. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260627-670D1A Favicon MD5: b8a0bf372c762e966cc99ede8682bc71 TLS cert SHA-256: 31dacbfe0c50b769caeb59f5b59f0c4c8df5dfa675f3dbe0dbc914a8faef84d4 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/myshop-711-com-tw.099xs.link/ JSON API: https://api.destroy.tools/v1/check?domain=myshop-711-com-tw.099xs.link Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 171,078 domains (13,133 alive under monitoring, 157,517 confirmed takedowns/dead). Site: https://phishdestroy.io