# www.trademonex.net — MALICIOUS

> Check the safety status of TradeMonex.net, a high-risk Ethereum impersonation site now offline. Learn more about its phishing threat details.

## Summary
PhishDestroy identifies www.trademonex.net as a high-risk brand impersonation domain targeting Ethereum users. The site falsely presented itself as a cryptocurrency exchange, using the page title "Buy & Sell Bitcoin, Ethereum | Cryptocurrency Exchange | HIKARICP" to lure victims. This domain was flagged for social engineering tactics, aiming to deceive users into compromising their credentials or funds.

The domain was registered on February 21, 2026, through Web Commerce Communications Limited and resolved to IP address 104.21.21.48. It appeared on one security blocklist and was flagged by Google Safe Browsing for social engineering. VirusTotal analysis revealed that 15 out of 95 security vendors detected malicious activity associated with this domain. These technical indicators confirm its malicious intent and reinforce the threat it posed to the Ethereum brand.

Currently, trademoneex.net is offline, mitigating the immediate risk to users. PhishDestroy recommends continued vigilance and advises users to avoid interacting with similar suspicious cryptocurrency platforms. Enterprises should monitor for potential phishing attempts leveraging the Ethereum brand and implement robust email and web filtering to prevent exposure to such impersonation threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ethereum
- Page title: Buy & Sell Bitcoin, Ethereum | Cryptocurrency Exchange | HIKARICP

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Web Commerce Communications Limited
- Country: MY
- IP: 104.21.21.48
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["carlane.ns.cloudflare.com", "noah.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bc0dd-3fa1-7549-a42c-8b4d4a4b562d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ee2f6f1b-d2de-4127-a20b-7d054e4900af
- PhishDestroy: https://phishdestroy.io/domain/www.trademonex.net/
- LLM endpoint: https://phishdestroy.io/domain/www.trademonex.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.trademonex.net/
Last updated: 2026-03-19