# bluefin.hub-airdropalert.click — SUSPICIOUS

> Protect your crypto assets from bluefin.hub-airdropalert.click, a phishing domain linked to crypto draining. Stay vigilant and avoid interaction.

## Summary
PhishDestroy identifies bluefin.hub-airdropalert.click as a low-risk crypto drainer phishing domain designed to steal cryptocurrency credentials and drain victims' wallets. The site impersonated a Google-branded page to lure users into providing sensitive information.

The domain was registered through Dynadot, LLC on November 9, 2025, and resolved to IP address 142.250.181.228. It was flagged by 2 out of 95 security vendors and appeared on 2 security blocklists before being taken offline. The infrastructure indicates an attempt to exploit trust by mimicking legitimate services, though its impact remains limited due to its low risk classification and current offline status.

Users are advised to avoid visiting bluefin.hub-airdropalert.click or clicking any links associated with it. Always verify URLs carefully, especially with crypto-related websites, and use reputable security tools to scan for phishing attempts. If you suspect exposure, immediately change your wallet credentials and monitor accounts for unusual activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Google

## Domain Intelligence
- Registered: 2025-11-09 09:37:08
- Expires: 2026-11-09 09:37:08
- Registrar: Dynadot LLC
- Country: US
- IP: 142.250.181.228
- IP Org: Cloudflare CDN
- Nameservers: brenna.ns.cloudflare.com hassan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7924-471f-70d9-9252-656f1004f4e2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2366aae0-4c89-478b-9df1-21f752383ae0
- PhishDestroy: https://phishdestroy.io/domain/bluefin.hub-airdropalert.click/
- LLM endpoint: https://phishdestroy.io/domain/bluefin.hub-airdropalert.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bluefin.hub-airdropalert.click/
Last updated: 2026-03-19