# y.carddsapply.com — MALICIOUS > PhishDestroy identifies y.carddsapply.com as an active credit card phishing site. This domain was flagged by 12 of 95 VirusTotal scanners within hours of being. ## Summary PhishDestroy has confirmed that y.carddsapply.com is actively used in a credit card phishing campaign targeting unsuspecting users. The site mimics legitimate card application portals, tricking visitors into entering sensitive payment and personal information that is then harvested by cybercriminals. Security scanners have already detected this fraudulent domain, with 12 out of 95 VirusTotal vendors identifying it as malicious within hours of its creation. This domain was registered on March 29, 2026, through CNOBIN INFORMATION TECHNOLOGY LIMITED, a registrar known to host multiple fraudulent sites. The domain resolves to the IP address 45.87.41.234 and is secured with a Let’s Encrypt SSL certificate, a tactic often used to appear trustworthy. Despite the encryption, this site is not safe and should not be trusted under any circumstances. If you visited y.carddsapply.com, stop using any payment details you may have entered and contact your bank immediately to report potential fraud. Do not click on any links or download files from this domain. Update your passwords if you reused credentials and run a full antivirus scan on your device. Report the domain to your local cybercrime unit or through platforms like Google Safe Browsing and PhishDestroy to help protect others from falling victim to this scam. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-29 12:46:33 - Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED - IP: 45.87.41.234 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/y.carddsapply.com - PhishDestroy: https://phishdestroy.io/domain/y.carddsapply.com/ - LLM endpoint: https://phishdestroy.io/domain/y.carddsapply.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/y.carddsapply.com/ Last updated: 2026-04-02