# z8q1.nasdaqt.vip — SUSPICIOUS > PhishDestroy flags z8q1.nasdaqt.vip as active crypto drainer domain with 1/95 VT detections. Block traffic to 151.243.130.175 immediately to prevent asset loss. ## Summary PhishDestroy identifies z8q1.nasdaqt.vip as an active crypto drainer domain flagged for credential and wallet theft campaigns. This domain mimics legitimate Nasdaq trading interfaces to trick users into connecting crypto wallets under the guise of investment opportunities. The threat actor leverages deceptive domain structure (z8q1.nasdaqt.vip) and Let's Encrypt SSL certificates to establish false legitimacy, employing drainer kits to automatically transfer funds upon wallet connection. Affected users typically experience irreversible asset loss within minutes of interaction. This domain resolves to IP address 151.243.130.175 and was registered through Gname.com Pte. Ltd. on March 22, 2026. VirusTotal analysis shows only 1 out of 95 security vendors flagged this domain, indicating low detection coverage. The domain utilizes a Let's Encrypt SSL certificate to mimic legitimate financial portals. Current threat intelligence shows no inclusion in Google Safe Browsing (GSB) blocklists, leaving users vulnerable to redirection through social engineering or malvertising. Current status remains ACTIVE with active distribution through social media and forum posts promoting fake Nasdaq trading tools. PhishDestroy recommends immediate network blocking of 151.243.130.175 and domain z8q1.nasdaqt.vip at firewall and DNS levels. Users should verify all crypto-related domains through official Nasdaq channels before wallet connection. Remaining risk is ELEVATED due to low detection coverage and active campaign distribution, with potential for rapid expansion to additional IPs or domains. Exercise extreme caution when encountering Nasdaq-related domains outside the official nasdaq.com namespace. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 16:54:57 - Registrar: Gname.com Pte. Ltd. - IP: 151.243.130.175 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/32d70215-abe6-4b27-b360-4f8df6e47f73 - PhishDestroy: https://phishdestroy.io/domain/z8q1.nasdaqt.vip/ - LLM endpoint: https://phishdestroy.io/domain/z8q1.nasdaqt.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/z8q1.nasdaqt.vip/ Last updated: 2026-03-24