# PhishDestroy threat dossier — apexprestigestandard.com ================================================================ Fetched: 2026-07-17 11:27:05 UTC Canonical: https://phishdestroy.io/domain/apexprestigestandard.com/ ## VERDICT ---------------------------------------------------------------- ACTIVE + CLOAKED — returns HTTP 666 to scanners, real fraudulent site to victims Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Generic Phishing Cloaking: DETECTED — domain returns custom HTTP 666 to scanners while serving fraudulent content to real users (type: content_divergence) (score: 4/6) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 13/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, BitDefender, CRDF, CyRadar, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, Lionic, SOCRadar, Sophos, Webroot URLQuery: 2 detections AlienVault OTX: 4 pulses (threat-intel feed mentions) Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 37.49.229.75 (NL, Amsterdam) ASN: AS3920 PUSHPKT OU Hosting org: ESTOXY OU Registrar: TuringSign Inc. d/b/a Cosmotown Nameservers: ["ns1.globaldnsnetwork.com", "ns2.globaldnsnetwork.com"] Registered: 2026-06-07 Page title: Apex Prestige Standard | Assets Financing, Easy Account in Minutes HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR2 Expires: 2026-09-02 Status: INVALID chain Fingerprint: adb4e97d7a840aba55f4a71fcfc99399911214ae7dd9d09e77b8d2238c10428f Subject Alternative Names (related infrastructure — often same operator): - autodiscover.apexprestigestandard.com - cpanel.apexprestigestandard.com - cpcalendars.apexprestigestandard.com - cpcontacts.apexprestigestandard.com - mail.apexprestigestandard.com - webdisk.apexprestigestandard.com - webmail.apexprestigestandard.com - www.apexprestigestandard.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-07 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-07 11:21:12 UTC (by PhishDestroy tracker) Earliest abuse rec: 2026-06-07 09:26:25 UTC — PREDATES current WHOIS registration; retained from a previous registration cycle of the same domain name Last verified: 2026-07-17 13:15:57 UTC Neutralised: 2026-06-15 00:50:29 UTC Current status: ACTIVE — cloaked behind HTTP 666 to evade scanners Note: one or more events above predate the WHOIS creation date. This typically means the same domain name was previously registered, detected, dropped, and then re-registered by a new party. PhishDestroy preserves the full historical record for operator-attribution research even when the underlying infrastructure changes hands. ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019ea164-4c7e-75b8-913e-0dd4d764b5c6/ URLQuery: https://urlquery.net/report/d1e2b8eb-d27a-42ac-9fc8-0b8792920852 Wayback Machine: https://web.archive.org/web/*/apexprestigestandard.com crt.sh CT logs: https://crt.sh/?q=%25.apexprestigestandard.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=apexprestigestandard.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/apexprestigestandard.com URLhaus: https://urlhaus.abuse.ch/host/apexprestigestandard.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-18 16:39:54 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This site, apexprestigestandard.com, poses a serious threat by masquerading as a legitimate financial service called 'Apex Prestige Standard' that offers assets financing and easy account setup. In reality, it is a phishing operation designed to steal your personal and financial information, such as login credentials, credit card numbers, or bank details. The site is still active, meaning anyone who visits it could be tricked into handing over sensitive data. The evidence against this domain is strong. VirusTotal shows that 2 out of 95 security vendors have flagged it as malicious, and it appears on at least one security blocklist. AlienVault OTX has detected it in 4 separate threat intelligence pulses, indicating widespread recognition of its danger. The domain was created on June 7, 2026, through registrar TuringSign Inc. d/b/a Cosmotown, and it uses a Let's Encrypt SSL certificate (YR2) to appear trustworthy. It resolves to IP 37.49.229.75, which may host other malicious sites. If you have already visited this site or entered any information, take immediate action. Change the passwords for any accounts you may have used, especially if you reused credentials. Contact your bank or credit card provider to alert them of potential fraud. Run a security scan on your device to check for malware. Finally, report the domain to your email provider or security tools to help protect others. Stay vigilant and avoid interacting with unsolicited financial offers online. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260607-0EC897 Favicon MD5: fabbd495ed73b1ec5d4b38022068e4a2 TLS cert SHA-256: adb4e97d7a840aba55f4a71fcfc99399911214ae7dd9d09e77b8d2238c10428f ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/apexprestigestandard.com/ JSON API: https://api.destroy.tools/v1/check?domain=apexprestigestandard.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 179,712 domains (51,166 alive under monitoring, 128,546 confirmed takedowns/dead). Site: https://phishdestroy.io