# b8729440b926.exchagms.com — MALICIOUS

> b8729440b926.exchagms.com is a high-risk phishing site mimicking Exchange services. Avoid interaction and never enter sensitive info on this domain.

## Summary
PhishDestroy identifies b8729440b926.exchagms.com as a generic phishing domain attempting to impersonate Microsoft Exchange-related services. Classified under high-risk phishing threats, this domain aims to deceive users into divulging credentials or sensitive information by leveraging a familiar brand context.

The domain resolves to IP address 188.114.97.3 and appears on at least one security blocklist. VirusTotal analysis flags it by 11 out of 95 security vendors, reinforcing its malicious nature. The domain was registered through Gname.com Pte. Ltd., with a creation date listed in the future (February 21, 2026), indicating either a data anomaly or potential domain fronting tactics. Its SSL certificate is invalid, as indicated by the page title '526: Invalid SSL certificate,' which is a common red flag for phishing and fraudulent sites.

Currently, b8729440b926.exchagms.com is offline, suggesting that mitigation efforts or takedown actions have been successful. Users are advised to remain cautious of similar domains and always verify the legitimacy of URLs before submitting any personal or login information. PhishDestroy recommends avoiding this domain entirely and relying on official Microsoft Exchange portals for secure access.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 526)
- Page title: exchagms.com | 526: Invalid SSL certificate

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["evan.ns.cloudflare.com", "nola.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "SOCRadar", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bdbe3-dffa-7084-9fd2-b2211567c701.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/68b5b147-1f57-4baa-a97d-56da574e9e23
- PhishDestroy: https://phishdestroy.io/domain/b8729440b926.exchagms.com/
- LLM endpoint: https://phishdestroy.io/domain/b8729440b926.exchagms.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/b8729440b926.exchagms.com/
Last updated: 2026-03-19