# PhishDestroy threat dossier — parmtex.com ================================================================ Fetched: 2026-04-23 11:50:03 UTC Canonical: https://phishdestroy.io/domain/parmtex.com/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 55/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/95 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 86.107.77.238 (DE, Eschborn) ASN: AS216395 HostBet Cloud Technologies Private Limited Hosting org: HostBet Cloud Technologies Private Limited Registrar: NameSilo, LLC !!! REGISTRAR INTEGRITY ALERT — NameSilo !!! NameSilo is a registrar documented by PhishDestroy as (1) publicly lying about received abuse reports, (2) shielding a $20M+ Monero-theft operation (xmrwallet.com) for 10 continuous years, and (3) retaliating against PhishDestroy by getting our X/Twitter account @Phish_Destroy banned after we published the evidence. Researchers/victims must ALWAYS CC compliance@icann.org on every abuse ticket — NameSilo has a track record of later claiming reports were never received. Primary sources: https://phishdestroy.io/namesilo-killed-our-twitter https://phishdestroy.io/xmrwallet-namesilo-exposed Nameservers: ns1.netlightsystems.com, ns2.netlightsystems.com Registered: 2025-08-12 Page title: ParmTex HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R13 Expires: 2026-07-02 Status: INVALID chain Fingerprint: 74e18a5b9b2f8b074c8d072bd5c0db745ae37d55004aeaf5aa9c9e1cee3c9496 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2025-08-12 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-22 20:38:57 UTC (by PhishDestroy tracker) First reported: 2026-04-22 17:45:08 UTC (abuse notice filed) Last verified: 2026-04-23 13:02:17 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019db644-9d16-7609-bc88-c240511406e2/ URLQuery: https://urlquery.net/report/aa8d8144-0aca-4af7-b969-0b08ace51639 Wayback Machine: https://web.archive.org/web/*/parmtex.com crt.sh CT logs: https://crt.sh/?q=%25.parmtex.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=parmtex.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/parmtex.com URLhaus: https://urlhaus.abuse.ch/host/parmtex.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-22 20:39:43 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies parmtex.com as a recently activated shipping scam domain designed to trick users into entering sensitive information under false pretenses. This site poses a direct threat to online shoppers by masquerading as a legitimate shipping service, where victims may unknowingly surrender personal or financial details to cybercriminals. The domain’s recent creation—on August 12, 2025—combined with its lack of detection across 95 VirusTotal scans, underscores the urgency for users to treat it as a high-risk hazard until further analysis confirms its intent. This domain was flagged by PhishDestroy’s automated monitoring systems after registration through NameSilo, LLC on the same day. It resolves to IP address 86.107.77.238 and holds a valid SSL certificate issued by Let’s Encrypt, which may lend it an air of legitimacy to unsuspecting visitors. The absence of detection flags (0/95) on VirusTotal suggests this threat is either newly emerging or employs evasive tactics to bypass initial screening. The combination of a fresh domain, low detection rate, and deceptive branding tactics places parmtex.com in the “under investigation” category, warranting immediate caution from all internet users. If you’ve visited parmtex.com, cease all interaction with the site immediately and avoid entering any personal information. Run a full antivirus scan on your device to detect potential malware or credential theft. Report the domain to your security team or platform (e.g., Google Safe Browsing, PhishDestroy) using the URL and timestamp of your visit. Monitor financial accounts closely for unauthorized charges or identity theft attempts. For future protection, enable two-factor authentication on all accounts and verify shipping notifications directly through official carrier websites rather than third-party links. Stay vigilant—this domain may rapidly escalate once its true malicious payload is activated. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260422-ABA10A Favicon MD5: 8a47a934f526ee0143fc97352ff68c28 TLS cert SHA-256: 74e18a5b9b2f8b074c8d072bd5c0db745ae37d55004aeaf5aa9c9e1cee3c9496 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/parmtex.com/ JSON API: https://api.destroy.tools/v1/check?domain=parmtex.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io