# basterds.xyz — SUSPICIOUS

> basterds.xyz — A crypto drainer phishing site detected. Flagged by 0/95 VirusTotal vendors, verify safety on PhishDestroy immediately.

## Summary
basterds.xyz has been identified operating as an active crypto drainer phishing domain, currently under investigation by PhishDestroy's SOC team. This domain is actively engaged in malicious activity, specifically designed to deceive users into connecting cryptocurrency wallets and draining funds under the guise of legitimate services. The threat actor behind this campaign leverages social engineering tactics to trick victims into approving malicious wallet connections. As of the latest analysis, the domain remains active and poses a significant risk to users engaging with untrusted links or websites.

Technical indicators tied to basterds.xyz reveal a concerning lack of detection despite its malicious intent. The domain resolves to IP address 104.21.48.75 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 10, 2026. Notably, the domain utilizes a Let's Encrypt SSL certificate, which may lend it an air of legitimacy to unsuspecting users. PhishDestroy's analysis shows that this domain has evaded detection by all 0/95 VirusTotal vendors, indicating the sophistication of the threat actor in avoiding traditional security measures. Additionally, the domain exhibits no presence on major threat intelligence blocklists as of this report, further complicating early detection efforts. Trust scores for this domain are critically low, reinforcing the need for immediate action.

Given the active status of basterds.xyz and its role as a crypto drainer phishing domain, users are strongly advised to exercise extreme caution. PhishDestroy recommends avoiding any interaction with this domain, including visiting the site or engaging with its content. Organizations should consider blocking the domain at the network level using the IP address 104.21.48.75 and the domain itself. Users who may have already interacted with this domain are urged to revoke any wallet connections made to the site and transfer remaining assets to a secure, isolated wallet. Continuous monitoring of this domain is advised as the SOC team gathers further intelligence. Immediate reporting of any suspicious activity linked to this domain is encouraged to aid in mitigating the threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-10 12:56:21
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.48.75

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1eb4cd8d-4207-4c43-9a8d-58c55b155cbf
- PhishDestroy: https://phishdestroy.io/domain/basterds.xyz/
- LLM endpoint: https://phishdestroy.io/domain/basterds.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/basterds.xyz/
Last updated: 2026-03-23