# PhishDestroy threat dossier — redenetstore.com ================================================================ Fetched: 2026-07-13 20:31:30 UTC Canonical: https://phishdestroy.io/domain/redenetstore.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: Fortinet, SOCRadar AlienVault OTX: 2 pulses (threat-intel feed mentions) Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 178.16.54.251 (NL, Amsterdam) ASN: AS202412 Omegatech LTD Hosting org: Omegatech LTD Registrar: NAMECHEAP INC Nameservers: ns1.stackdns.com, ns2.stackdns.com, ns3.stackdns.com, ns4.stackdns.com Registered: 2022-03-24 Expires: 2027-03-24 Page title: Practical AI Guides & ChatGPT Tutorials HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR2 Expires: 2026-10-09 Status: INVALID chain Fingerprint: 2c0eb8e624b39914dd5ae5e805934bb41c1328f107aa716daa959c15a4469a45 Subject Alternative Names (related infrastructure — often same operator): - cpanel.redenetstore.com - cpcalendars.redenetstore.com - cpcontacts.redenetstore.com - mail.redenetstore.com - webdisk.redenetstore.com - webmail.redenetstore.com - www.redenetstore.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2022-03-24 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-12 13:32:54 UTC (by PhishDestroy tracker) First reported: 2026-07-12 21:02:18 UTC (abuse notice filed) Last verified: 2026-07-13 20:20:40 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5619-9c78-72ac-b068-fe39bcfe85ff/ URLQuery: https://urlquery.net/report/e8ea2732-031d-4cde-a39a-6f907e9de170 Wayback Machine: https://web.archive.org/web/*/redenetstore.com crt.sh CT logs: https://crt.sh/?q=%25.redenetstore.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=redenetstore.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/redenetstore.com URLhaus: https://urlhaus.abuse.ch/host/redenetstore.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-13 00:15:35 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] Analysis of redenetstore.com indicates a confirmed phishing domain leveraging artificial intelligence themes as a lure. The domain, registered on March 24, 2022, through NAMECHEAP INC, remains active as of July 12, 2026, and resolves to the IP address 178.16.54.251, hosted by Omegatech LTD in the Netherlands. The site presents itself under the page title 'Practical AI Guides & ChatGPT Tutorials,' suggesting an attempt to exploit interest in AI-related content to engage potential victims. Infrastructure analysis reveals the use of WordPress, MySQL, and PHP, alongside an SSL certificate issued by Let's Encrypt (YR2). The domain's nameservers are ns1.stackdns.com, ns2.stackdns.com, ns3.stackdns.com, and ns4.stackdns.com. Detection metrics show limited but notable coverage: two of ninety-one security vendors flagged the domain on VirusTotal, and it appears on three security blocklists, including those maintained by PhishDestroy, MetaMask, and SEAL. AlienVault OTX records the domain in two threat intelligence pulses, further corroborating its malicious classification. While the exact phishing mechanism remains unconfirmed due to the absence of detailed page analysis, the combination of AI-themed branding, active hosting, and cross-referenced blocklist entries confirms its status as a high-risk threat. Defenders are advised to block the domain and its associated IP address (178.16.54.251) at the network level. Monitoring for similar domains registered through the same registrar or utilizing identical nameserver infrastructure may aid in identifying related campaigns. The domain's longevity, having been active for over four years, suggests persistent abuse rather than a short-lived operation. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260712-3E992A Favicon MD5: a87e8a8f1621c240914dfd48fcaecf71 TLS cert SHA-256: 2c0eb8e624b39914dd5ae5e805934bb41c1328f107aa716daa959c15a4469a45 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/redenetstore.com/ JSON API: https://api.destroy.tools/v1/check?domain=redenetstore.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,185 domains (49,871 alive under monitoring, 128,314 confirmed takedowns/dead). Site: https://phishdestroy.io