# PhishDestroy threat dossier — steadfastdigitalpdo.org ================================================================ Fetched: 2026-07-09 04:08:54 UTC Canonical: https://phishdestroy.io/domain/steadfastdigitalpdo.org/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 50/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 5/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Fortinet, Kaspersky, LevelBlue, PhishFort Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 43.135.172.216 (US, Santa Clara) ASN: AS132203 Tencent Building, Kejizhongyi Avenue Hosting org: Tencent Cloud Computing Registrar: Dynadot Inc Nameservers: ns1.dyna-ns.net, ns2.dyna-ns.net Registered: 2026-05-25 Expires: 2027-05-25 HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E7 Expires: 2026-08-24 Status: INVALID chain Fingerprint: 2062573cf4f6878f93dba9e9c485b6ed231f283f5b3b2a78d96fb7c44e20c381 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-05-25 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-09 02:47:38 UTC (by PhishDestroy tracker) Last verified: 2026-07-09 04:25:17 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f4457-76e7-7311-bd4c-2d8ae846e206/ Wayback Machine: https://web.archive.org/web/*/steadfastdigitalpdo.org crt.sh CT logs: https://crt.sh/?q=%25.steadfastdigitalpdo.org Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=steadfastdigitalpdo.org AlienVault OTX: https://otx.alienvault.com/indicator/domain/steadfastdigitalpdo.org URLhaus: https://urlhaus.abuse.ch/host/steadfastdigitalpdo.org/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-09 02:55:27 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain steadfastdigitalpdo.org poses a significant phishing threat, as it is actively used to deceive users into providing sensitive information. This domain, registered under the guise of legitimacy, employs a fraudulent SSL certificate from Let's Encrypt to appear trustworthy to unsuspecting users. The high-risk nature of this domain is emphasized by its active status, which continues to pose a serious risk of data theft and financial loss to individuals and organizations. Analysis of steadfastdigitalpdo.org provides clear evidence of its malicious intent. The domain was created on May 25, 2026, and is registered through Dynadot Inc. VirusTotal has flagged this domain with a detection count of 5 out of 95 security vendors, indicating a recognition of its phishing activities by multiple reputable security entities. The domain resolves to the IP address 43.135.172.216, further anchoring its digital fingerprint within cybersecurity monitoring frameworks. The current active status of this domain underscores the need for heightened awareness and preventive measures. Users who have visited steadfastdigitalpdo.org are advised to immediately review their digital and financial accounts for any unusual activities or unauthorized transactions. It is crucial to update passwords and enable multi-factor authentication where possible. Additionally, users should ensure their security software is up-to-date and capable of identifying and blocking phishing attempts. Reporting the domain to security teams and relevant authorities can aid in the broader effort to mitigate the risks associated with this phishing threat. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: d6eb62adedc8594317ef4e79f110b480 TLS cert SHA-256: 2062573cf4f6878f93dba9e9c485b6ed231f283f5b3b2a78d96fb7c44e20c381 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/steadfastdigitalpdo.org/ JSON API: https://api.destroy.tools/v1/check?domain=steadfastdigitalpdo.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 176,446 domains (40,862 alive under monitoring, 135,561 confirmed takedowns/dead). Site: https://phishdestroy.io