# PhishDestroy threat dossier — superapp-zebecnetwork.com ================================================================ Fetched: 2026-07-15 08:41:04 UTC Canonical: https://phishdestroy.io/domain/superapp-zebecnetwork.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: cryptocurrency ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Ermes Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 196.251.107.102 (DE, Frankfurt am Main) ASN: AS214351 FEMO IT SOLUTIONS LIMITED Hosting org: Femo IT Solutions Limited Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: coco.bunny.net, kiki.bunny.net Registered: 2026-07-13 Expires: 2027-07-13 Page title: Zebec Network | Real‑Time Crypto Payroll & Payments HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR1 Expires: 2026-10-11 Status: INVALID chain Fingerprint: 46a883134c0591058f025daf1e0bfd1f0015a7fe0c4278def848f6f8e75a52ab Subject Alternative Names (related infrastructure — often same operator): - www.superapp-zebecnetwork.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-13 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-14 12:07:09 UTC (by PhishDestroy tracker) Last verified: 2026-07-15 08:20:42 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f6017-10f7-74d8-b51b-e43efec5f5e9/ Wayback Machine: https://web.archive.org/web/*/superapp-zebecnetwork.com crt.sh CT logs: https://crt.sh/?q=%25.superapp-zebecnetwork.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=superapp-zebecnetwork.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/superapp-zebecnetwork.com URLhaus: https://urlhaus.abuse.ch/host/superapp-zebecnetwork.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-14 12:20:45 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] Analysis indicates that superapp-zebecnetwork.com presents a high-risk phishing threat based on domain infrastructure and detection data. The domain was registered on July 13, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently associated with recently created phishing domains. As of July 14, 2026, the domain remains active and resolves to the IP address 196.251.107.102. Nameserver records point to coco.bunny.net and kiki.bunny.net, a configuration commonly observed in short-lived phishing campaigns due to its low-cost and rapid deployment capabilities. Security vendor detections on VirusTotal report that 2 out of 91 engines flag the domain as malicious, specifically classifying it under generic phishing. While the exact content of the site has not been analyzed, the combination of a one-day-old domain, high-risk registrar, and confirmed phishing classification suggests it is likely targeting users of cryptocurrency or financial platforms, given the 'zebecnetwork' reference in the domain name. Defenders should treat this domain as active and malicious, blocking resolution at the DNS level and monitoring for connections to 196.251.107.102. Further investigation into associated infrastructure, such as hosting provider and autonomous system details, is recommended to identify related threats. The domain's short registration history and lack of legitimate use cases reinforce the assessment of high risk. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: 39a7dd9ba91f89a74e0a4bfb0d4266dd TLS cert SHA-256: 46a883134c0591058f025daf1e0bfd1f0015a7fe0c4278def848f6f8e75a52ab ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/superapp-zebecnetwork.com/ JSON API: https://api.destroy.tools/v1/check?domain=superapp-zebecnetwork.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 179,140 domains (50,744 alive under monitoring, 128,396 confirmed takedowns/dead). Site: https://phishdestroy.io