# PhishDestroy threat dossier — phila.revenue-nx.cc ================================================================ Fetched: 2026-07-19 20:13:44 UTC Canonical: https://phishdestroy.io/domain/phila.revenue-nx.cc/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 12/91 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, CyRadar, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Lionic, SOCRadar, Sophos, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- Registered: 2026-06-12 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-12 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-13 00:31:22 UTC (by PhishDestroy tracker) First reported: 2026-06-15 00:27:29 UTC (abuse notice filed) Last verified: 2026-07-19 20:20:29 UTC Neutralised: 2026-06-13 09:02:29 UTC Current status: taken down (registrar suspended or DNS dead) ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-13 10:05:51 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] Is phila.revenue-nx.cc a Fake City Tax Scam Site? PhishDestroy identifies phila.revenue-nx.cc as a fraudulent website designed to mimic official Philadelphia city tax portals. This phishing site specifically targets local taxpayers by presenting fake login pages that closely resemble legitimate municipal revenue platforms. The goal is to trick users into entering sensitive credentials like Social Security numbers, tax IDs, or payment details, which attackers then harvest for identity theft or financial fraud. The domain's convincing design and use of official-sounding subdomains like 'phila' and 'revenue' make it particularly dangerous for unsuspecting residents seeking to pay taxes or check refunds. This domain was flagged through automated threat intelligence systems despite initially flying under the radar of most security vendors. As of the latest scan, VirusTotal reported 0 detections out of 95 security engines, indicating that no major antivirus or anti-phishing tools had yet identified it as malicious. The domain was registered through an offshore registrar, which often provides anonymity to attackers, and its creation date suggests it was set up specifically for this short-term phishing campaign. The site was taken offline shortly after detection, but its temporary availability still poses risks to anyone who may have interacted with it during its active period. If you visited phila.revenue-nx.cc or entered any information on the site, take immediate action to protect your accounts. First, change passwords for any financial or government accounts you may have accessed, using strong, unique credentials. Contact your bank or credit card company to report potential fraud and request a transaction review. Monitor your credit reports for unusual activity and consider placing a fraud alert with major credit bureaus. Philadelphia residents should also verify their tax status directly through the official city website (phila.gov/revenue) or by calling the city's revenue department. Never click links in unsolicited emails or text messages about taxes—always navigate to official sites manually. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/phila.revenue-nx.cc/ JSON API: https://api.destroy.tools/v1/check?domain=phila.revenue-nx.cc Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 186,682 domains (57,383 alive under monitoring, 127,580 confirmed takedowns/dead). Site: https://phishdestroy.io