# PhishDestroy threat dossier — influx-gain.ltd ================================================================ Fetched: 2026-07-01 04:46:45 UTC Canonical: https://phishdestroy.io/domain/influx-gain.ltd/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Credential Phishing ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 8/91 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, CRDF, Forcepoint ThreatSeeker, Fortinet, Gridinsoft, Netcraft, SOCRadar URLQuery: 2 detections AlienVault OTX: 4 pulses (threat-intel feed mentions) Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 86.107.77.165 (DE, Eschborn) ASN: AS216395 HostBet Cloud Technologies Private Limited Hosting org: HostBet Cloud Technologies Private Limited Registrar: Dynadot LLC Nameservers: ["ns1.hostmane.net", "ns2.hostmane.net"] Registered: 2026-06-09 Page title: influx-gain.ltd - DECENTRALIZED PLATFORM THAT RUNS SMART CONTRACTS! ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R12 Expires: 2026-08-12 Status: INVALID chain Fingerprint: 5bf25f0d4da07b170245f8e013560fcaaf2db13dee5a17525db72c4b528c8da1 Subject Alternative Names (related infrastructure — often same operator): - www.influx-gain.ltd.bnbtradehub.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-09 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-09 05:12:02 UTC (by PhishDestroy tracker) Earliest abuse rec: 2026-06-08 23:56:04 UTC — PREDATES current WHOIS registration; retained from a previous registration cycle of the same domain name Last verified: 2026-07-01 04:20:35 UTC Neutralised: 2026-06-15 00:51:50 UTC Current status: taken down (registrar suspended or DNS dead) Note: one or more events above predate the WHOIS creation date. This typically means the same domain name was previously registered, detected, dropped, and then re-registered by a new party. PhishDestroy preserves the full historical record for operator-attribution research even when the underlying infrastructure changes hands. ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019ea9a6-4524-776b-b5f8-48f35a4680bd/ URLQuery: https://urlquery.net/report/722ce66b-600d-4c7b-9fec-e4edaf5be865 Wayback Machine: https://web.archive.org/web/*/influx-gain.ltd crt.sh CT logs: https://crt.sh/?q=%25.influx-gain.ltd Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=influx-gain.ltd AlienVault OTX: https://otx.alienvault.com/indicator/domain/influx-gain.ltd URLhaus: https://urlhaus.abuse.ch/host/influx-gain.ltd/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-25 17:30:01 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain influx-gain.ltd is currently active and presents a high-risk threat of credential theft. It is designed to mimic a decentralized platform that allegedly runs smart contracts, thereby attracting unsuspecting users. The domain has been implicated in malicious activities, specifically targeting individuals for credential theft, and remains active in the digital landscape. Infrastructure analysis reveals that influx-gain.ltd resolves to the IP address 86.107.77.165 and was registered through Dynadot LLC. Recently, it was flagged by 8 out of 95 security vendors on VirusTotal, indicating a significant risk profile. Moreover, the domain is secured with an SSL certificate from Let's Encrypt, which may lend it an appearance of legitimacy despite its malicious nature. It has been blocked by PhishDestroy and appears on one security blocklist, enhancing its profile as a domain of concern. Given the high-risk status of influx-gain.ltd, it is strongly recommended that users avoid interacting with this domain. Network administrators should implement strict filtering measures to block access to this IP and domain within corporate and personal networks. Continuous monitoring of DNS queries and threat intelligence feeds for related activities is advised to prevent potential credential theft attempts. Users should be educated on recognizing phishing attempts and encouraged to report suspicious activities immediately. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260608-3CD6F7 Favicon MD5: b8a0bf372c762e966cc99ede8682bc71 TLS cert SHA-256: 5bf25f0d4da07b170245f8e013560fcaaf2db13dee5a17525db72c4b528c8da1 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/influx-gain.ltd/ JSON API: https://api.destroy.tools/v1/check?domain=influx-gain.ltd Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 173,362 domains (13,219 alive under monitoring, 159,487 confirmed takedowns/dead). Site: https://phishdestroy.io