# PhishDestroy threat dossier — elitecapitalsgroup.com.cluncoinearn.net ================================================================ Fetched: 2026-04-21 21:17:43 UTC Canonical: https://phishdestroy.io/domain/elitecapitalsgroup.com.cluncoinearn.net/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 46/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 10/95 security vendors flagged this domain Flagging vendors: ADMINUSLabs, BitDefender, CyRadar, ESET, Fortinet, G-Data, Kaspersky, Netcraft, Sophos, VIPRE URLQuery: 2 detections ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 37.27.68.99 (FI, Helsinki) ASN: AS24940 Hetzner Online GmbH Hosting org: Hetzner Online GmbH Registrar: OwnRegistrar, Inc. Nameservers: ns1.ultraprohost.com, ns2.ultraprohost.com, null Registered: 2024-06-30 Page title: ELITE CAPITALS GROUP – Safe investment HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R12 Expires: 2026-06-27 Status: INVALID chain Fingerprint: 28fbe0816f20d82ec54318dcb3c52b1a74a5bfaaf743e3e0128c0d4820a9b9d0 Subject Alternative Names (related infrastructure — often same operator): - www.elitecapitalsgroup.com.cluncoinearn.net ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2024-06-30 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-21 21:03:06 UTC (by PhishDestroy tracker) First reported: 2026-04-21 18:06:47 UTC (abuse notice filed) Last verified: 2026-04-21 23:30:14 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019db134-671d-7518-ba21-b883749b3102/ URLQuery: https://urlquery.net/report/4c0b7d56-b331-420f-b01e-78bab655ab51 Wayback Machine: https://web.archive.org/web/*/elitecapitalsgroup.com.cluncoinearn.net crt.sh CT logs: https://crt.sh/?q=%25.elitecapitalsgroup.com.cluncoinearn.net Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=elitecapitalsgroup.com.cluncoinearn.net AlienVault OTX: https://otx.alienvault.com/indicator/domain/elitecapitalsgroup.com.cluncoinearn.net URLhaus: https://urlhaus.abuse.ch/host/elitecapitalsgroup.com.cluncoinearn.net/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-21 21:04:17 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies elitecapitalsgroup.com.cluncoinearn.net as an active crypto drainer phishing domain posing elevated risk to cryptocurrency users and investors. This domain is engineered to deceive victims into connecting crypto wallets under the false pretense of high-yield investment opportunities or exclusive trading platforms, with the ultimate goal of draining digital assets via smart contract interactions or malicious wallet connection prompts. The threat actor leverages a multi-level subdomain structure (com.cluncoinearn.net) to mimic legitimate financial brands, specifically targeting users familiar with or seeking exposure to capital group services or crypto-earn platforms. Historical and behavioral analysis confirms ongoing campaign activity, with sustained infrastructure engagement and propagation via social media, messaging platforms, and fraudulent advertisements. This domain was flagged by 10 out of 95 security vendors on VirusTotal, indicating partial detection coverage. It was registered on June 30, 2024, through OwnRegistrar, Inc., and resolves to IP address 37.27.68.99. The domain holds a valid SSL certificate issued by Let's Encrypt, which is commonly abused to establish trust with potential victims. The IP address has been associated with multiple low-reputation domains and exhibits characteristics consistent with bulletproof hosting environments. No known legitimate services are hosted at this address, and the domain has not yet been indexed on major blocklists such as Google Safe Browsing, PhishTank, or OpenPhish. Trust scores from threat intelligence platforms such as Cisco Talos and Spamhaus are classified as low or unrated, reinforcing its malicious classification. Users are strongly advised to immediately block the domain elitecapitalsgroup.com.cluncoinearn.net at the network and DNS levels. Avoid accessing the site or clicking any links involving this domain, especially those promoting crypto investments, wallet connections, or financial giveaways. If the domain has been accessed, do not connect any cryptocurrency wallet or enter private keys or seed phrases. Disconnect from the internet, scan for malware using updated tools, and revoke any unintended wallet connections via blockchain explorers or wallet interfaces. Report the domain to your organization’s security team or to platforms like Google Safe Browsing, PhishTank, and local cybercrime units. Organizations should implement DNS filtering rules and endpoint protection to detect and block access to this domain and its associated IP address (37.27.68.99). ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260421-3609AA TLS cert SHA-256: 28fbe0816f20d82ec54318dcb3c52b1a74a5bfaaf743e3e0128c0d4820a9b9d0 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/elitecapitalsgroup.com.cluncoinearn.net/ JSON API: https://api.destroy.tools/v1/check?domain=elitecapitalsgroup.com.cluncoinearn.net Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io