# asterdex-migration.xyz — SUSPICIOUS > asterdex-migration.xyz is a crypto drainer phishing domain with 0/95 VirusTotal detections. Review ownership and SSL trust. Deactivate ASAP ## Summary asterdex-migration.xyz has been flagged with an active crypto drainer phishing campaign under investigation by PhishDestroy. This domain mimics legitimate cryptocurrency migration services, coercing victims into connecting wallets and draining funds through deceptive transaction prompts. The site’s domain creation date of March 28, 2026, coupled with its Let’s Encrypt SSL certificate, suggests a recent and hastily deployed threat designed to exploit trust in crypto infrastructure migrations. This domain resolves to IP address 104.21.46.216 and is registered through OwnRegistrar, Inc. Notably, VirusTotal currently reports zero detections out of 95 engines as of this analysis, indicating a potentially emerging threat that has yet to be widely recognized by security scanners. The domain’s recent registration, combined with the use of a legitimate TLS certificate provider, demonstrates evasive tactics aimed at bypassing initial detection mechanisms. While no active inclusion in public blocklists has been observed yet, the absence of detections implies a window of opportunity for threat actors to propagate this campaign unchecked. Mitigation for crypto drainer phishing requires immediate containment and proactive threat hunting. Users should avoid interacting with asterdex-migration.xyz and block both the domain and its IP address (104.21.46.216) at the network perimeter. Security teams should inspect DNS logs for queries to this domain and audit endpoints for unauthorized wallet or crypto-utility installations. Additionally, reviewing outbound connections to known crypto drainer IPs, including this one, can prevent exfiltration attempts. Due to the low detection rate, consider submitting this domain to threat intelligence feeds to bolster collective defense and expedite inclusion in future blocklists. Prompt action is critical given the domain’s active status and the irreversible nature of crypto asset theft. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 10:36:39 - Registrar: OwnRegistrar, Inc. - IP: 104.21.46.216 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6e9e8e52-c220-4875-80d8-ec71d2a69cb5 - PhishDestroy: https://phishdestroy.io/domain/asterdex-migration.xyz/ - LLM endpoint: https://phishdestroy.io/domain/asterdex-migration.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/asterdex-migration.xyz/ Last updated: 2026-03-28