# PhishDestroy threat dossier — atlaspros-fr.com ================================================================ Fetched: 2026-06-07 01:25:55 UTC Canonical: https://phishdestroy.io/domain/atlaspros-fr.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 95/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Microsoft ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/91 security vendors flagged this domain Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 145.79.20.1 (FR, Paris) ASN: AS47583 Hostinger International Limited Hosting org: Hostinger Registrar: Fewmoretaps OU d/b/a Trustname.com !!! REGISTRAR INTEGRITY ALERT — Trustname / Fewmoretaps OU !!! Trustname (IANA #4318) is a shell company declaring EUR 120 annual revenue, 1 employee, negative equity, Belarusian ownership. Explicitly advertises itself as 'bulletproof' in its DNS TXT records. Primary source: https://phishdestroy.io/trustname-bulletproof-exposed Nameservers: ["artemis.dns-parking.com", "hermes.dns-parking.com"] Registered: 2026-04-28 Page title: Atlas Pro ONTV Officiel – Abonnement IPTV HD & 4K en France HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R13 Expires: 2026-07-03 Status: INVALID chain Fingerprint: 847b308d65e581da3eec51ef6abade5eb269d4205b4e68a25d0a2e5daf1f15af Subject Alternative Names (related infrastructure — often same operator): - www.atlaspros-fr.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-28 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-28 19:00:15 UTC (by PhishDestroy tracker) First reported: 2026-04-28 16:10:12 UTC (abuse notice filed) Last verified: 2026-06-06 22:15:59 UTC Neutralised: 2026-06-06 17:33:52 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dd4ce-f047-7776-81c3-5874cba07585/ URLQuery: https://urlquery.net/report/08c64b3c-ff4b-4a14-8c4c-d2603099ff39 Wayback Machine: https://web.archive.org/web/*/atlaspros-fr.com crt.sh CT logs: https://crt.sh/?q=%25.atlaspros-fr.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=atlaspros-fr.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/atlaspros-fr.com URLhaus: https://urlhaus.abuse.ch/host/atlaspros-fr.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-28 19:02:57 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies atlaspros-fr.com as a newly active Microsoft 365 phishing domain under investigation for credential theft attempts. The site mimics the official Microsoft login portal to deceive users into submitting their corporate or personal Microsoft 365 credentials. Threat actors frequently leverage lookalike domains and legitimate-looking login pages to harvest credentials that can later be abused for email access, data exfiltration, or further phishing campaigns against the victim’s contacts. Given its recent creation and low detection rate, this domain poses an immediate risk to organizations and individuals using Microsoft 365 services. This domain was flagged for phishing using exact technical indicators: VirusTotal currently shows 0 out of 95 security vendors detecting the domain as malicious, indicating it remains under the radar. The domain atlaspros-fr.com was created on March 05, 2026, and is registered through Fewmoretaps OU d/b/a Trustname.com, a registrar known for anonymized registrations. It resolves to IP address 145.79.20.1 and uses a valid SSL certificate from Let’s Encrypt, which adds a false sense of legitimacy to the phishing page. These characteristics suggest a hastily deployed campaign with evasion tactics in play. If you or someone in your organization visited atlaspros-fr.com and entered any credentials, assume compromise immediately. Disconnect affected devices from the network, reset Microsoft 365 passwords using a clean device, and enable multi-factor authentication if not already active. Report the incident to your security team and scan for unauthorized email forwarding rules or suspicious login activity in Microsoft 365 audit logs. Avoid clicking links or downloading attachments from this domain or any related lookalike sites. Consider blocking 145.79.20.1 and atlaspros-fr.com at your network perimeter. Monitor for unusual outbound traffic or lateral movement in your environment. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260428-0BCA1E Favicon MD5: ee936fe290c4c03137fef825384cafb2 TLS cert SHA-256: 847b308d65e581da3eec51ef6abade5eb269d4205b4e68a25d0a2e5daf1f15af ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/atlaspros-fr.com/ JSON API: https://api.destroy.tools/v1/check?domain=atlaspros-fr.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 157,760 domains (42,540 alive under monitoring, 114,252 confirmed takedowns/dead). Site: https://phishdestroy.io