# tgstore003.shop — MALICIOUS

> tgstore003.shop is flagged as a high-risk phishing domain. Avoid interacting with it as it is currently offline but was linked to malicious activity.

## Summary
PhishDestroy identifies tgstore003.shop as a generic phishing domain classified with a high risk level. The domain was registered recently on February 21, 2026, indicating a relatively new threat actor presence. Despite its generic phishing classification, the domain’s association with phishing attempts is corroborated by multiple threat intelligence sources.

From a technical standpoint, tgstore003.shop resolves to the IP address 134.122.162.12 and has been detected in four AlienVault OTX threat pulses, suggesting active monitoring by the security community. VirusTotal analysis shows that 14 out of 95 security vendors flagged this domain, reinforcing its malicious reputation. Additionally, it appears on at least one security blocklist, further confirming its involvement in suspicious activity. The domain’s web page currently displays a “404 Not Found” error, which might indicate takedown or abandonment.

Currently, tgstore003.shop is offline, which reduces immediate risk, but the domain’s infrastructure and historic activity highlight a significant phishing threat. Security teams and users should remain cautious and avoid interacting with this domain. PhishDestroy recommends monitoring for any potential reactivation or similar domains attempting to exploit this infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: 404 Not Found

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 134.122.162.12
- SSL Issuer: R12

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a99a3-191c-70e6-88ab-13dce3eb6ca5.png
- PhishDestroy: https://phishdestroy.io/domain/tgstore003.shop/
- LLM endpoint: https://phishdestroy.io/domain/tgstore003.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tgstore003.shop/
Last updated: 2026-03-19