# PhishDestroy threat dossier — transactsureauthoritys.world
================================================================

Fetched:   2026-05-25 23:08:46 UTC
Canonical: https://phishdestroy.io/domain/transactsureauthoritys.world/

## VERDICT
----------------------------------------------------------------
ACTIVE + CLOAKED — returns HTTP 666 to scanners, real fraudulent site to victims
Composite threat score: 82/100 (PhishDestroy scoring — see methodology below)
Cloaking: DETECTED — domain returns custom HTTP 666 to scanners while serving fraudulent content to real users (type: content_divergence) (score: 1/6)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      11/95 security vendors flagged this domain
  Flagging vendors: alphaMountain.ai, BitDefender, CyRadar, ESET, Fortinet, G-Data, Google Safebrowsing, Lionic, Netcraft, Seclookup, Sophos
Public blocklists: listed on 1 independent blocklist
Victim re-reports (public form): 1

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      192.3.190.186 (US, Buffalo)
ASN:             ASAS36352 AS-COLOCROSSING, US
Hosting org:     AS36352 HostPapa
Registrar:       OwnRegistrar, Inc.
Nameservers:     ["dns1.webproserver.com", "dns2.webproserver.com"]
Page title:      Transact Sure Authority

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / R12
Expires:    2026-07-02
Status:     INVALID chain
Fingerprint: e2c12c632b7542fbf2c822faa425521efb4709f7c6fae78a776b919a51fe9d23
Subject Alternative Names (related infrastructure — often same operator):
  - fastdeliveryservice.world
  - fastdeliveryservices.world
  - fastdispatchservice.world
  - fastsecurityparcel.world
  - novadispatchsender.com
  - www.fastdeliveryservice.world.edentrustfinance.com
  - www.fastdeliveryservices.world.edentrustfinance.com
  - www.fastdispatchservice.world.edentrustfinance.com
  - www.fastsecurityparcel.world.edentrustfinance.com
  - www.novadispatchsender.com.edentrustfinance.com
  - www.transactsureauthoritys.world.edentrustfinance.com

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
First detected:    2026-02-25 02:39:27 UTC (by PhishDestroy tracker)
First reported:    2025-08-16 17:24:25 UTC (abuse notice filed)
Last verified:     2026-05-24 03:31:18 UTC
Neutralised:       2026-02-24 03:00:38 UTC
Current status:    ACTIVE — cloaked behind HTTP 666 to evade scanners

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/0198b3e8-9545-7088-a339-96988a7d4ed2/
Wayback Machine:  https://web.archive.org/web/*/transactsureauthoritys.world
crt.sh CT logs:   https://crt.sh/?q=%25.transactsureauthoritys.world
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=transactsureauthoritys.world
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/transactsureauthoritys.world
URLhaus:          https://urlhaus.abuse.ch/host/transactsureauthoritys.world/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-03-19 02:00:41 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies transactsureauthoritys.world as a high-risk generic phishing domain. The domain’s page title, "Transact Sure Authority," suggests an attempt to impersonate a financial or transactional service to deceive users. It is classified under generic phishing due to its intent to steal sensitive information such as login credentials or payment details.

Technical indicators reveal that transactsureauthoritys.world resolved to the IP address 192.3.190.186. The domain was flagged on at least one security blocklist, and VirusTotal analysis shows 11 out of 95 security vendors have detected malicious activity associated with this domain. These detections confirm its use in phishing campaigns, leveraging infrastructure that has been recognized by multiple threat intelligence sources.

Currently, transactsureauthoritys.world is offline, indicating a possible takedown or suspension following detection. Users are advised to avoid visiting this domain and to verify any recent communications purporting to be from "Transact Sure Authority" or similar names. Monitoring for related phishing attempts and updating security measures is recommended to mitigate risk from this threat.

## EVIDENCE HASHES
----------------------------------------------------------------
Favicon SHA-256:       909efd0a62bbc415e927346844061afdedd751683b6eba7142b1db3bb72ea18c
TLS cert SHA-256:      e2c12c632b7542fbf2c822faa425521efb4709f7c6fae78a776b919a51fe9d23

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/transactsureauthoritys.world/
JSON API:          https://api.destroy.tools/v1/check?domain=transactsureauthoritys.world
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 152,979 domains (37,084 alive under monitoring, 114,185 confirmed takedowns/dead). Site: https://phishdestroy.io