# PhishDestroy threat dossier — trade.study ================================================================ Fetched: 2026-07-14 07:20:24 UTC Canonical: https://phishdestroy.io/domain/trade.study/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 93/100 (PhishDestroy scoring — see methodology below) Scam classification: Credential Phishing ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: Gridinsoft, SOCRadar Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 185.104.210.34 (CZ, Prague) ASN: AS209671 Qrator Labs CZ s.r.o. Hosting org: Qrator Labs CZ Registrar: 101domain GRS Limited Nameservers: ns1.101domain.com, ns2.101domain.com, ns5.101domain.com Registered: 2024-10-04 Expires: 2026-10-04 Page title: The platform to learn online trading in financial markets | Trade Study HTTP response: 302 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Sectigo Limited / Sectigo Public Server Authentication CA DV R36 Expires: 2026-10-07 Status: INVALID chain Fingerprint: a0ec4053b82dce46e2c16cf15e611cecd29a9cc48d51b1bd6ec3266dd2a6648d ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2024-10-04 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-10 22:30:11 UTC (by PhishDestroy tracker) First reported: 2026-07-12 21:46:56 UTC (abuse notice filed) Last verified: 2026-07-14 08:20:41 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f4db8-422b-704f-acc3-4c4ff1859769/ URLQuery: https://urlquery.net/report/b249d46d-6392-44c9-9b24-ccd4a65f3331 Wayback Machine: https://web.archive.org/web/*/trade.study crt.sh CT logs: https://crt.sh/?q=%25.trade.study Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=trade.study AlienVault OTX: https://otx.alienvault.com/indicator/domain/trade.study URLhaus: https://urlhaus.abuse.ch/host/trade.study/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-10 23:01:02 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain trade.study is currently flagged as an active credential harvesting phishing site. Analysis indicates this infrastructure is designed to impersonate legitimate financial or educational platforms, likely targeting users through deceptive login portals or fraudulent enrollment forms. No specific brand impersonation has been confirmed, but the domain name suggests potential targeting of trading platforms or academic institutions. The site remains operational as of the latest verification, posing a high risk to unsuspecting users. Infrastructure analysis reveals the domain was registered on October 04, 2024, through 101domain GRS Limited. It resolves to the IP address 185.104.210.34, which has been associated with other suspicious domains in recent months. VirusTotal detection metrics show that only 1 of 95 security vendors currently flags trade.study as malicious, indicating either a new campaign or effective evasion techniques. The SSL certificate is issued by Sectigo Limited, a legitimate provider, which may contribute to the site's appearance of legitimacy. No additional blocklist entries or negative trust scores were identified at the time of assessment. Current status confirms trade.study remains active, with no takedown or mitigation measures observed. Organizations and users are advised to implement immediate blocking of the domain and its associated IP address at the network perimeter. Security teams should monitor for credential submission attempts or unusual traffic patterns originating from this infrastructure. End-users should be alerted to verify domain authenticity before entering sensitive information, particularly on sites requesting financial or academic credentials. Given the low detection rate, proactive hunting for related indicators of compromise is recommended across security platforms. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260712-11B23E Favicon MD5: e0587c0a4ce5c9f9d9d1a181eaa5effa TLS cert SHA-256: a0ec4053b82dce46e2c16cf15e611cecd29a9cc48d51b1bd6ec3266dd2a6648d ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/trade.study/ JSON API: https://api.destroy.tools/v1/check?domain=trade.study Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,353 domains (50,030 alive under monitoring, 128,323 confirmed takedowns/dead). Site: https://phishdestroy.io