# api.aedigitaltether.com — SUSPICIOUS > Investigating api.aedigitaltether.com as a crypto wallet phishing domain. Apple-themed lure detected. Full technical indicators available. Check the full report. ## Summary PhishDestroy identifies api.aedigitaltether.com as an active crypto wallet phishing domain leveraging Apple-branded lures to harvest private keys. The domain masquerades as a legitimate Apple Enterprise Services endpoint, likely targeting users with fake iCloud or device management prompts. No known drainer kit signatures were extracted from external sandboxes at this stage, but the infrastructure closely resembles recent wallet drainer campaigns. This domain exhibits concerning technical indicators: VirusTotal currently flags 0/95 detections despite suspicious connection patterns, while it resolves to 104.21.46.252. The domain, registered through Hello Internet Corp, went live on February 25, 2026, and operates with a valid Let's Encrypt SSL certificate. Google Safe Browsing has not yet flagged the domain, and publicly available blocklists show no current detections. The IP address 104.21.46.252 ties to multiple low-reputation domains, though none share an exact fingerprint at this time. As of this advisory, api.aedigitaltether.com remains active with no confirmed takedown efforts. Analysts continue to monitor for changes in infrastructure or payload delivery mechanisms. Security teams are advised to block the domain at DNS and firewall levels and investigate any internal connections to 104.21.46.252. The current risk is under investigation, but early indicators suggest potential for significant compromise if left unaddressed. Regular updates will be issued as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-25 01:18:48 - Registrar: Hello Internet Corp - IP: 104.21.46.252 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/22b1e30e-081c-4414-9a3b-58b7667d54c6 - PhishDestroy: https://phishdestroy.io/domain/api.aedigitaltether.com/ - LLM endpoint: https://phishdestroy.io/domain/api.aedigitaltether.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/api.aedigitaltether.com/ Last updated: 2026-03-22