# raysort.netlify.app — MALICIOUS

> Warning: raysort.netlify.app is a confirmed phishing domain flagged for social engineering. Avoid interaction; the site is currently offline.

## Summary
PhishDestroy identifies raysort.netlify.app as a high-risk phishing domain primarily engaged in social engineering attacks. Such threats aim to deceive users into divulging sensitive information, posing significant risks including identity theft and financial loss. Despite currently being offline, its previous activity and detection by multiple security vendors highlight its malicious intent.

The domain raysort.netlify.app was registered on March 6, 2026, via Netlify and resolved to IP address 63.176.8.218. It has been flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category and appears on two separate security blocklists. VirusTotal analysis shows that 11 out of 95 security vendors have identified it as malicious. The page title currently reads "Site not found," indicating the domain is no longer hosting active content.

Users are advised to avoid visiting raysort.netlify.app and to remain vigilant against phishing attempts that may arise from similar domains. If you have interacted with this site, monitor your accounts for suspicious activity and consider changing passwords. Employ security solutions that detect and block social engineering threats to minimize exposure to such risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP ?)
- Page title: Site not found

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: Netlify
- Country: US
- IP: 63.176.8.218
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: DigiCert Inc / DigiCert Global G2 TLS RSA SHA256 2020 CA1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "PREBYTES", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc29c-b763-7400-9dbd-3fd18cb9c743.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/raysort.netlify.app
- Wayback Machine: https://web.archive.org/web/https://raysort.netlify.app
- PhishDestroy: https://phishdestroy.io/domain/raysort.netlify.app/
- LLM endpoint: https://phishdestroy.io/domain/raysort.netlify.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/raysort.netlify.app/
Last updated: 2026-03-19