# active-hub.fun — MALICIOUS > PhishDestroy identifies active-hub.fun as a crypto drainer phishing site with 6/95 VirusTotal detections. Block traffic immediately. ## Summary PhishDestroy identifies active-hub.fun as a crypto drainer phishing domain posing as a legitimate 'Hub' platform to steal cryptocurrency assets. This domain was specifically designed to mimic a trusted online service, tricking users into connecting wallets or entering seed phrases under the guise of legitimate transactions. Security research confirms this is a high-evolving threat targeting crypto investors through deceptive UI replication and fake transaction confirmations that drain connected wallet balances directly to attacker-controlled addresses. This domain was flagged by 6 out of 95 VirusTotal security vendors, indicating elevated risk with limited but concerning detection coverage. It was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 12, 2026, and currently resolves to IP address 104.21.18.217 using a Let's Encrypt SSL certificate. The low detection count combined with recent registration suggests this is a newly deployed threat actor infrastructure actively evading traditional defenses. If you visited active-hub.fun, immediately disconnect your wallet, revoke any granted permissions through your wallet interface, and transfer remaining assets to a new wallet with a different seed phrase. Do not interact with any transaction prompts or pop-ups from this domain. Report the domain to your antivirus provider and consider a full system scan for malware. Block the domain and IP address 104.21.18.217 at your network firewall level. Monitor wallet transactions closely for unauthorized transfers and report any suspicious activity to local cybercrime units. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-12 07:28:56 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.18.217 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/00de1614-e0e6-4446-bbb6-aa3a501e65ea - PhishDestroy: https://phishdestroy.io/domain/active-hub.fun/ - LLM endpoint: https://phishdestroy.io/domain/active-hub.fun/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/active-hub.fun/ Last updated: 2026-03-22