# PhishDestroy threat dossier — pusulabet2o26.com ================================================================ Fetched: 2026-06-07 02:33:41 UTC Canonical: https://phishdestroy.io/domain/pusulabet2o26.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 67/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: Gridinsoft Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 45.10.243.69 (RU, Rostov-on-Don) ASN: AS57724 DDOS-GUARD LTD Hosting org: Ddos-guard LTD Registrar: Fewmoretaps OU d/b/a Trustname.com !!! REGISTRAR INTEGRITY ALERT — Trustname / Fewmoretaps OU !!! Trustname (IANA #4318) is a shell company declaring EUR 120 annual revenue, 1 employee, negative equity, Belarusian ownership. Explicitly advertises itself as 'bulletproof' in its DNS TXT records. Primary source: https://phishdestroy.io/trustname-bulletproof-exposed Nameservers: ["ares.trustname.com", "zeus.trustname.com"] Registered: 2026-04-28 Page title: Постоянная прописка в Москве и области — от собственника | Агентство собственников жилья ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R12 Expires: 2026-06-23 Status: INVALID chain Fingerprint: 73b3a3758c84e705abd318032af0369d35ef10ab828b45007887672a76e12c72 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-28 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-28 19:26:07 UTC (by PhishDestroy tracker) First reported: 2026-04-28 16:50:06 UTC (abuse notice filed) Last verified: 2026-06-02 17:20:40 UTC Neutralised: 2026-06-06 17:33:50 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dd4e6-1b0a-7391-8fda-c473eefe88ff/ URLQuery: https://urlquery.net/report/384f1519-ad70-4e2c-8fee-16791549dbb9 Wayback Machine: https://web.archive.org/web/*/pusulabet2o26.com crt.sh CT logs: https://crt.sh/?q=%25.pusulabet2o26.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=pusulabet2o26.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/pusulabet2o26.com URLhaus: https://urlhaus.abuse.ch/host/pusulabet2o26.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-28 19:28:30 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies pusulabet2o26.com as a recently activated domain suspected of hosting a generic phishing campaign aimed at deceiving visitors into revealing sensitive information such as login credentials or financial details. The site mimics legitimate online services to trick users into entering personal data, which attackers then harvest for fraudulent activities. Given its recent registration and low detection rate, this domain poses an immediate risk to unwary internet users who may encounter it through phishing emails, social media links, or spoofed advertisements. Early indicators suggest the operators are still testing the infrastructure before scaling their operations, making timely identification crucial for preventing widespread victimization. This domain was flagged during routine threat analysis after resolving to IP address 45.10.243.69 and obtaining a Let’s Encrypt SSL certificate, both common tactics to appear legitimate. Domain registration records reveal it was created on March 22, 2026, through Fewmoretaps OU d/b/a Trustname.com, a registrar known for providing privacy-protected registrations that can obscure true ownership. Notably, VirusTotal currently shows 0 detections out of 95 antivirus engines, indicating the domain has not yet been widely recognized by security vendors despite suspicious patterns in its infrastructure and behavioral signals consistent with phishing activity. These characteristics—low detection, recent creation, and use of a reputable SSL issuer—are frequently exploited by threat actors to gain user trust before launching credential-harvesting attacks. If you have visited pusulabet2o26.com or interacted with content from this domain, immediately cease any data entry and review your device for signs of compromise. Change passwords for any accounts that may have been accessed while on the site, and enable multi-factor authentication where available. Scan your device using updated antivirus software to detect potential malware or unauthorized access. Report the domain to your organization’s security team or to platforms like Google Safe Browsing, PhishTank, or your country’s cybercrime reporting center. Avoid clicking any links or downloading files from this domain in the future, and share this advisory with colleagues or family members who may have encountered similar suspicious links. Early intervention significantly reduces the risk of financial loss or identity theft associated with phishing campaigns. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260428-966709 Favicon MD5: c105da23200667081f91b7c476f1bde9 TLS cert SHA-256: 73b3a3758c84e705abd318032af0369d35ef10ab828b45007887672a76e12c72 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/pusulabet2o26.com/ JSON API: https://api.destroy.tools/v1/check?domain=pusulabet2o26.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 157,760 domains (42,531 alive under monitoring, 114,260 confirmed takedowns/dead). Site: https://phishdestroy.io