# PhishDestroy threat dossier — webtrader.quantumcapltd.online ================================================================ Fetched: 2026-07-14 00:54:11 UTC Canonical: https://phishdestroy.io/domain/webtrader.quantumcapltd.online/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 89/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: Kaspersky URLQuery: -1 detections Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 185.112.147.57 (IS, Reykjavik) ASN: AS44925 1984 ehf Hosting org: The 1984 cloud net 2 Registrar: NameSilo, LLC !!! REGISTRAR INTEGRITY ALERT — NameSilo !!! NameSilo is a registrar documented by PhishDestroy as (1) publicly lying about received abuse reports, (2) shielding a $20M+ Monero-theft operation (xmrwallet.com) for 10 continuous years, and (3) retaliating against PhishDestroy by getting our X/Twitter account @Phish_Destroy banned after we published the evidence. Researchers/victims must ALWAYS CC compliance@icann.org on every abuse ticket — NameSilo has a track record of later claiming reports were never received. Primary sources: https://phishdestroy.io/namesilo-killed-our-twitter https://phishdestroy.io/xmrwallet-namesilo-exposed Nameservers: alexandra.ns.cloudflare.com, clark.ns.cloudflare.com Registered: 2026-04-21 Expires: 2027-04-21 Page title: Webtrader HTTP response: 502 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Sectigo Limited / Sectigo Public Server Authentication CA DV R36 Expires: 2026-11-05 Status: INVALID chain Fingerprint: c256cfe1dbca9f7e33ce83b594e6d71fad72b032b7515913b3575614dda08da1 Subject Alternative Names (related infrastructure — often same operator): - www.webtrader.quantumcapltd.online ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-21 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-06 18:20:32 UTC (by PhishDestroy tracker) Last verified: 2026-07-14 00:20:46 UTC Neutralised: 2026-07-07 00:01:01 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f3839-e6bd-703b-a187-40b3bba5b3a8/ Wayback Machine: https://web.archive.org/web/*/webtrader.quantumcapltd.online crt.sh CT logs: https://crt.sh/?q=%25.webtrader.quantumcapltd.online Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=webtrader.quantumcapltd.online AlienVault OTX: https://otx.alienvault.com/indicator/domain/webtrader.quantumcapltd.online URLhaus: https://urlhaus.abuse.ch/host/webtrader.quantumcapltd.online/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-06 18:26:39 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain webtrader.quantumcapltd.online is under investigation for being a generic phishing site. The risk level is currently classified as under investigation, indicating that the domain is actively being analyzed to determine its full threat potential. Analysis indicates that the domain webtrader.quantumcapltd.online was registered through NameSilo, LLC on April 21, 2026. It resolves to the IP address 185.112.147.57 and is still active. The SSL certificate is issued by Sectigo Limited, which may be used to gain user trust. The domain has not been flagged by VirusTotal, with 0/95 detections, suggesting that it may be a new or less-known threat. However, the absence of detections does not guarantee safety, as phishing sites can evolve rapidly and evade initial detection. To mitigate the risks associated with this generic phishing site, users should avoid clicking on any links or entering personal information on webtrader.quantumcapltd.online. Organizations should update their blocklists to include this domain and its associated IP address. Additionally, implementing DNS filtering and web protection tools can help prevent access to the site. Regular security awareness training for employees should emphasize the importance of verifying the legitimacy of financial platforms and reporting any suspicious activities immediately. [Updates since narrative was generated:] - VirusTotal detections: now 1/91 (narrative was written when count was lower) ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: d54e6878f8ad9953fb3b26470c539fc6 TLS cert SHA-256: c256cfe1dbca9f7e33ce83b594e6d71fad72b032b7515913b3575614dda08da1 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/webtrader.quantumcapltd.online/ JSON API: https://api.destroy.tools/v1/check?domain=webtrader.quantumcapltd.online Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,334 domains (50,013 alive under monitoring, 128,321 confirmed takedowns/dead). Site: https://phishdestroy.io