PhishDestroy PoC
Select or create a test session above
Captured Credentials
No credentials captured yet
Phase 1: Balance
Phase 2: Transactions
Phase 3: Session
Theft Strategy — Automated Extraction
Silently skim a % from every incoming deposit. User sees reduced amount.
User deposits 10 XMR -> sees 8.5 XMR -> operator gets 1.5 XMR
Send Message to Victim
Google Analytics Settings
TARGETING
Device
Countries
Block ISP
Only steal from matching victims. Others see a clean wallet that works normally. No theft, no suspicion, no reports.
WORKING HOURS
Active
to
Days
TZ
Outside working hours: wallet works normally, no theft. Reduces risk of detection — operators sleep too.
BOT / SCANNER FILTER
User-Agent substrings. If any match — show clean page, no session_key, no theft. Protects from URLScan, Shodan, researchers.
IP BLACKLIST
IPs that will never see the theft version. Security researchers, law enforcement, your own IPs.
SESSION TAGS
Tag current session. Strategy can be applied per-tag.
Auto-tag rules: balance > 10 XMR = whale | Tor detected = tor-user | Kraken/Binance deposit = exchange-user
Post-Theft Intelligence Report
After stealing funds, the operator has a complete dossier on the victim. This data can be sold, used for blackmail, or forwarded to interested parties. The DDoS-Guard connection means Russian infrastructure already has a copy.
Victim Profile
No session
Connection History
No connections
GA Exfiltration
No GA events
Request Timeline
No requests