# astr.beefyhubs.click — MALICIOUS

> Beware of astr.beefyhubs.click phishing domain masquerading as Google. Learn key risks and how this threat was neutralized.

## Summary
PhishDestroy identifies astr.beefyhubs.click as a generic phishing domain designed to impersonate Google services. The domain was registered on October 22, 2025, through Dynadot LLC and features a page titled "Google," indicating the intent to deceive users into providing sensitive credentials. This classification arises from its use in credential harvesting campaigns.

Technical analysis shows the domain resolving to IP address 142.250.184.196 and appearing on three separate security blocklists, underscoring its malicious reputation. VirusTotal flagged this domain as suspicious by five out of 95 security vendors, further validating its risk. The infrastructure aligns with a typical phishing setup, where attackers leverage newly created domains with misleading names to trick users.

Currently, astr.beefyhubs.click is offline, reflecting successful takedown or suspension efforts. Although the domain no longer resolves, its detection and reporting remain critical for preventing future phishing attempts using similar tactics. Users and organizations are advised to remain vigilant regarding domains mimicking legitimate services like Google.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Google

## Domain Intelligence
- Registered: 2025-10-22 12:03:59
- Expires: 2026-10-22 12:03:59
- Registrar: Dynadot LLC
- Country: US
- IP: 142.250.184.196
- IP Org: Cloudflare CDN
- Nameservers: brenna.ns.cloudflare.com hassan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a5edd-8d2d-7488-86f2-7e9ccaf7bf71.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f9a883b9-5ebf-4461-ab20-9cb4c4f22351
- PhishDestroy: https://phishdestroy.io/domain/astr.beefyhubs.click/
- LLM endpoint: https://phishdestroy.io/domain/astr.beefyhubs.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/astr.beefyhubs.click/
Last updated: 2026-03-19