# www.spnhtz.com — SUSPICIOUS

> PhishDestroy identifies spnhtz.com as a live Amazon drainer kit hosted on AWS IP 52.222.236.34 since August 10, 2025. Avoid any login prompts here.

## Summary
PhishDestroy identifies www.spnhtz.com as an active generic phishing domain impersonating Amazon to harvest credentials and crypto assets via a drainer kit. Registered on August 10, 2025 through NameSilo, LLC, the domain resolves to AWS IP 52.222.236.34 and holds a valid Amazon-issued SSL certificate, lending false legitimacy to lure victims. The site is currently weaponized to trick users into surrendering Amazon login details and connected payment methods, with funds immediately diverted to attacker-controlled wallets.  

Exact technical indicators show 0 detections on VirusTotal (0/95 engines), no current blocklist presence, and the domain remains unflagged by Google Safe Browsing. NameSilo WHOIS reveals a recently created registration (August 10, 2025), while IP 52.222.236.34 is an Amazon AWS range commonly abused for short-lived phishing campaigns. The combination of fresh domain age, zero detections, and SSL certificate issuance creates a high-confidence phishing environment primed for credential harvesting and fund exfiltration.  

Current status is active and under investigation, with PhishDestroy actively tracking the drainer kit payload and wallet addresses. Users should immediately block the domain at DNS and network levels, avoid any interaction with login prompts, and report any transactions linked to this campaign. Remaining risk is high due to zero detections and active hosting; continued monitoring and proactive blocking are required until the infrastructure is fully dismantled.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-10 08:48:17
- Registrar: NameSilo, LLC
- IP: 52.222.236.34

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4102a189-2e54-4ea8-91ea-1e1ab93d71a8
- PhishDestroy: https://phishdestroy.io/domain/www.spnhtz.com/
- LLM endpoint: https://phishdestroy.io/domain/www.spnhtz.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.spnhtz.com/
Last updated: 2026-03-27