# PhishDestroy threat dossier — apexfutureswealth.com
================================================================

Fetched:   2026-05-19 01:42:52 UTC
Canonical: https://phishdestroy.io/domain/apexfutureswealth.com/

## VERDICT
----------------------------------------------------------------
ACTIVE THREAT — multiple warning signs
Composite threat score: 40/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      5/95 security vendors flagged this domain
  Flagging vendors: Fortinet, Gridinsoft, Netcraft, desenmascara.me
URLQuery:        2 detections

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      159.100.6.19
Registrar:       HOSTINGER operations, UAB
Nameservers:     ns1.ultahost.com, ns2.ultahost.com, ns3.ultahost.com, ns4.ultahost.com
Registered:      2026-05-11
Page title:      Welcome Home | Apexfutureswealth
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / R13
Expires:    2026-08-10
Status:     INVALID chain
Fingerprint: 4bf9e7b6c5c20801ea8a74aa09f5f926fddde326704018507d2bb341ec5dcb4f
Subject Alternative Names (related infrastructure — often same operator):
  - cpanel.apexfutureswealth.com
  - cpcalendars.apexfutureswealth.com
  - cpcontacts.apexfutureswealth.com
  - mail.apexfutureswealth.com
  - webdisk.apexfutureswealth.com
  - webmail.apexfutureswealth.com
  - www.apexfutureswealth.com

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-05-11 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-05-19 02:14:55 UTC (by PhishDestroy tracker)
First reported:    2026-05-18 23:16:06 UTC (abuse notice filed)
Last verified:     2026-05-19 04:00:05 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019e3d5e-2940-73f8-8d84-584906b17a76/
URLQuery:         https://urlquery.net/report/01b22c89-cc4a-4605-9cec-21308e794e4f
Wayback Machine:  https://web.archive.org/web/*/apexfutureswealth.com
crt.sh CT logs:   https://crt.sh/?q=%25.apexfutureswealth.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=apexfutureswealth.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/apexfutureswealth.com
URLhaus:          https://urlhaus.abuse.ch/host/apexfutureswealth.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-05-19 02:15:29 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies apexfutureswealth.com as a live crypto drainer posing as a wealth management platform to trick users into connecting malicious wallets. The domain mimics professional investment branding to harvest private keys and drain crypto balances. Anyone who clicks through risks irreversible financial loss in minutes.  This domain was flagged by 4 out of 95 VirusTotal vendors as malicious within hours of going live. The domain itself was created on May 11, 2026 and resolves to IP 159.100.6.19 via Hostinger registrations. The site carries a Let's Encrypt SSL certificate, lending a veneer of legitimacy while concealing its true nature. With only 4% detection at time of discovery, apexfutureswealth.com is actively evading defenses.  If you visited apexfutureswealth.com, disconnect any wallet connections immediately, revoke any token approvals in your wallet settings, and transfer remaining funds to a clean wallet. Screenshot your transaction history for evidence, then report the domain to your browser vendor and crypto exchange. Consider running a recent malware scan on devices used to access the site. Treat any crypto sent to this domain as permanently lost and alert your local cybercrime unit with the transaction IDs.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260518-BD3079
Favicon MD5:       a2efeba601dbffa3b216db790d0054d0
TLS cert SHA-256:      4bf9e7b6c5c20801ea8a74aa09f5f926fddde326704018507d2bb341ec5dcb4f

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/apexfutureswealth.com/
JSON API:          https://api.destroy.tools/v1/check?domain=apexfutureswealth.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 151,317 domains (36,676 alive under monitoring, 114,289 confirmed takedowns/dead). Site: https://phishdestroy.io