# PhishDestroy threat dossier — claim.tradegenius.collabscare.com ================================================================ Fetched: 2026-04-30 15:49:24 UTC Canonical: https://phishdestroy.io/domain/claim.tradegenius.collabscare.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 12/91 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, CRDF, CyRadar, ESET, Fortinet, G-Data, Kaspersky, Sophos, URLQuery, VIPRE URLQuery: 5 detections Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 198.251.81.49 (US, Staten Island) ASN: AS53667 FranTech Solutions Hosting org: FranTech Solutions Registrar: Global Domain Group LLC Nameservers: ["ns103.asurahosting.com", "ns104.asurahosting.com"] Registered: 2026-04-28 Page title: Genius Pro - Advanced On-Chain Trading Terminal | Cross-Chain DEX HTTP response: 403 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E7 Expires: 2026-07-17 Status: INVALID chain Fingerprint: 12a98e0efa909f71918d50f05e3138f4aff48481ca0ccd277d9130da5b8e5f2e Subject Alternative Names (related infrastructure — often same operator): - bridge.tradegenius.collabscare.com - claim.blockchainfx.oi.collabscare.com - claim.blockdag.network.collabscare.com - claim.bone.shibatoken.collabscare.com - claim.deepsnitch.ai.collabscare.com - claim.idos.network.collabscare.com - claim.originworld.collabscare.com - claim.originworlds.collabscare.com - claim.revox.ai.collabscare.com - claim.topgoal.io.collabscare.com - collabscare.com - fix.collabscare.com - ftp.collabscare.com - mail.collabscare.com - mainnet.collabscare.com ... +29 more ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-28 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-28 16:42:41 UTC (by PhishDestroy tracker) Earliest abuse rec: 2026-04-28 13:43:49 UTC — PREDATES current WHOIS registration; retained from a previous registration cycle of the same domain name Last verified: 2026-04-30 18:06:53 UTC Current status: ACTIVE / observable Note: one or more events above predate the WHOIS creation date. This typically means the same domain name was previously registered, detected, dropped, and then re-registered by a new party. PhishDestroy preserves the full historical record for operator-attribution research even when the underlying infrastructure changes hands. ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dd452-4870-75b2-99d9-6bdf935a36ad/ URLQuery: https://urlquery.net/report/a2ab93f6-f47a-4589-acdb-d49c56d71eaa Wayback Machine: https://web.archive.org/web/*/claim.tradegenius.collabscare.com crt.sh CT logs: https://crt.sh/?q=%25.claim.tradegenius.collabscare.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=claim.tradegenius.collabscare.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/claim.tradegenius.collabscare.com URLhaus: https://urlhaus.abuse.ch/host/claim.tradegenius.collabscare.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-28 16:44:38 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies claim.tradegenius.collabscare.com as an active crypto drainer domain registered to impersonate TradeGenius services. The threat is classified as a crypto-draining operation designed to trick users into connecting their cryptocurrency wallets and authorize malicious transactions that silently drain funds. While under investigation by cybersecurity teams, this domain remains classified as high-priority due to its active deployment and intent to defraud. This domain was flagged by ScamSniffer, identified by 0 of 95 VirusTotal security vendors, and resolves to IP 198.251.81.49. The domain was registered through Global Domain Group LLC on February 28, 2026, and appears on 1 security blocklist. It holds a valid SSL certificate issued by Let's Encrypt, which is commonly abused by threat actors to appear legitimate. Trust scores are low due to the domain's recent creation and lack of positive reputation indicators. The current status of claim.tradegenius.collabscare.com remains active and under active investigation. Users are strongly advised to avoid visiting or interacting with this domain. If this domain was encountered in a suspicious message or app, disconnect from the internet and scan connected wallets using a hardware wallet or air-gapped device. Report this domain to ScamSniffer, your local cybercrime unit, and any relevant cryptocurrency exchange platforms. Always verify URLs through official TradeGenius channels and use browser extensions like ScamSniffer to block crypto-draining domains. Never connect wallets to unverified platforms, even if promoted via email or social media. [Updates since narrative was generated:] - VirusTotal detections: now 12/91 (narrative was written when count was lower) ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260428-58EFC4 TLS cert SHA-256: 12a98e0efa909f71918d50f05e3138f4aff48481ca0ccd277d9130da5b8e5f2e ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/claim.tradegenius.collabscare.com/ JSON API: https://api.destroy.tools/v1/check?domain=claim.tradegenius.collabscare.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io