# phn-tools.com — SUSPICIOUS

> Phn-tools.com is a generic phishing domain flagged for credential theft with 0/95 VirusTotal detections. Avoid sharing sensitive data. Report immediately.

## Summary
PhishDestroy identifies phn-tools.com as an active generic phishing domain currently under investigation and associated with credential theft risks. This domain exhibits characteristics typical of opportunistic phishing campaigns designed to harvest user credentials under false pretenses. The threat level remains classified as 'under_investigation' due to limited telemetry and evolving IOCs, indicating potential escalation as more indicators emerge.  This domain was flagged by PhishDestroy’s automated threat detection pipeline and shows multiple concerning technical indicators. It resolves to IP 172.67.223.161, a known hosting infrastructure with dynamic reputation. VirusTotal currently reports 0 detections out of 95 engines scanned, suggesting low AV coverage despite behavioral red flags. The domain was registered on March 30, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for relatively low domain verification standards. Let's Encrypt issued an SSL certificate, enabling HTTPS traffic and increasing user trust in the spoofed interface. Notably, the domain is only 3 days old as of analysis, which is a common tactic among short-lived phishing domains designed to evade detection before they are neutralized.  Given the credential theft intent of this campaign, users are strongly advised to avoid interacting with phn-tools.com or entering any login credentials on its pages. Organizations should block the domain at DNS and network levels using updated threat intelligence feeds. If exposure is suspected, immediately rotate credentials, enable MFA where available, and inspect endpoints for anomalous authentication activity. End users should report the domain to their email provider or security team and avoid clicking links in unsolicited messages. Proactive monitoring of newly registered domains (NRDs) with similar naming patterns is recommended to preempt future campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 17:20:48
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.223.161

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/00e88e01-2e1f-4451-8c97-476c186e0f03
- PhishDestroy: https://phishdestroy.io/domain/phn-tools.com/
- LLM endpoint: https://phishdestroy.io/domain/phn-tools.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phn-tools.com/
Last updated: 2026-03-30