# redmont-group.com.interactive-tradex.com — SUSPICIOUS > redmont-group.com.interactive-tradex.com is a credential theft domain with 0/95 VirusTotal detections. Mimics Redmont Group branding. ## Summary PhishDestroy identifies redmont-group.com.interactive-tradex.com as an active credential theft domain leveraging Redmont Group’s brand identity. The domain employs a lookalike subdomain structure (interactive-tradex.com) to impersonate the legitimate Redmont Group entity, a reputable firm in the financial services sector. The threat type is credential theft, with no evidence of a crypto drainer kit or malware payload at this stage. The domain was registered through TuringSign Inc. d/b/a Cosmotown, a registrar with a mixed reputation, and activated on April 28, 2025. This domain exhibits several high-risk technical indicators currently under investigation. VirusTotal analysis returns 0 out of 95 detections, indicating no antivirus or security vendor flags as of the latest scan. The domain resolves to IP address 198.251.89.220, which is associated with known dynamic hosting services and has exhibited behavior consistent with phishing infrastructure. The domain was created on April 28, 2025, demonstrating a short operational lifespan and high recency, a common tactic to evade long-term detection. No entry was found on Google Safe Browsing (GSB) at the time of analysis. The domain remains unblocked by major threat intelligence feeds, suggesting it is in a pre-widespread-abuse phase. The domain is currently active and poses a significant risk to users who may input credentials under the false impression they are interacting with a trusted entity. Current response actions include continuous monitoring, submission to threat intelligence platforms, and outreach to the hosting provider for takedown consideration. However, due to the low detection rate and recent creation, the remaining risk is classified as high—especially for users expecting to engage with Redmont Group services. PhishDestroy advises users to verify any financial service URLs in isolation and utilize multi-factor authentication wherever possible. Exercise heightened caution with domains using nested subdomain structures as seen here. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-04-28 22:22:19 - Registrar: TuringSign Inc. d/b/a Cosmotown - IP: 198.251.89.220 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/redmont-group.com.interactive-tradex.com - PhishDestroy: https://phishdestroy.io/domain/redmont-group.com.interactive-tradex.com/ - LLM endpoint: https://phishdestroy.io/domain/redmont-group.com.interactive-tradex.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/redmont-group.com.interactive-tradex.com/ Last updated: 2026-04-06