# PhishDestroy threat dossier — firstturstbank.info ================================================================ Fetched: 2026-06-06 15:29:43 UTC Canonical: https://phishdestroy.io/domain/firstturstbank.info/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 50/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/95 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 198.251.84.200 Registrar: Unstoppable Domains Inc Nameservers: ns5.my-control-panel.com, ns6.my-control-panel.com Registered: 2026-06-03 Expires: 2027-06-03 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-03 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-04 01:36:03 UTC (by PhishDestroy tracker) First reported: 2026-06-03 22:37:05 UTC (abuse notice filed) Last verified: 2026-06-04 02:46:13 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019e8f9f-34a9-740a-8c5f-28ce276649da/ URLQuery: https://urlquery.net/report/502a8060-406c-4b12-9fb2-395f419667d9 Wayback Machine: https://web.archive.org/web/*/firstturstbank.info crt.sh CT logs: https://crt.sh/?q=%25.firstturstbank.info Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=firstturstbank.info AlienVault OTX: https://otx.alienvault.com/indicator/domain/firstturstbank.info URLhaus: https://urlhaus.abuse.ch/host/firstturstbank.info/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-04 01:36:24 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies firstturstbank.info as an active banking phishing site impersonating a legitimate financial institution. The domain specifically targets users with a fraudulent login portal designed to harvest banking credentials. Given the active status and lack of detection, this poses a critical risk to unsuspecting visitors. This domain was flagged with a risk level marked as under_investigation, with zero detections out of 95 on VirusTotal. The domain firstturstbank.info was created on June 03, 2026, and is registered through Unstoppable Domains Inc. It resolves to the IP address 198.251.84.200 and uses a Let's Encrypt SSL certificate. At the time of assessment, the domain is not listed on any public blocklists, and its trust scores remain unverified due to its recent creation. To mitigate risks associated with this fake banking login scam, users are advised to verify the authenticity of any banking-related website by cross-referencing the URL with the official website of the financial institution. Never enter sensitive credentials such as usernames, passwords, or financial details on suspicious sites. If you encounter this domain, report it immediately to PhishDestroy for further investigation and potential blacklisting. Use trusted security tools to scan and block malicious domains. Always access banking services through verified, bookmarked links or official mobile applications to ensure your data remains secure. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260603-5D7181 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/firstturstbank.info/ JSON API: https://api.destroy.tools/v1/check?domain=firstturstbank.info Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 157,473 domains (42,745 alive under monitoring, 113,912 confirmed takedowns/dead). Site: https://phishdestroy.io