# cabalcalvinmigrate.xyz — SUSPICIOUS > PhishDestroy identifies cabalcalvinmigrate.xyz as a crypto drainer mimicking Cabal with 0/95 VirusTotal detections. Avoid connecting wallets. Block immediately. ## Summary PhishDestroy identifies cabalcalvinmigrate.xyz as a recently activated crypto drainer website impersonating the legitimate blockchain game Cabal. The domain was registered on March 15, 2026, through OwnRegistrar, Inc., and resolves to IP address 172.67.210.77. This threat uses a Let's Encrypt SSL certificate to appear legitimate while its frontend mimics Cabal’s interface to trick users into connecting cryptocurrency wallets for unauthorized fund transfers. The drainer kit is not publicly documented, but behavioral patterns suggest it captures wallet signatures or private key fragments upon connection, enabling silent asset transfers from connected wallets. Technical indicators confirm this domain is under active investigation. VirusTotal shows zero detections out of 95 scanners, indicating it is currently unflagged by most security tools. The domain was created on March 15, 2026, making it less than one month old and highly evasive. It is registered via OwnRegistrar, Inc., commonly used for privacy-protected registrations. The IP address 172.67.210.77 belongs to Cloudflare, frequently leveraged by malicious actors to obfuscate origin and complicate takedown efforts. As of this assessment, Google Safe Browsing (GSB) has not flagged it, and no public blocklists currently list this domain, placing users at elevated risk. This domain is currently active and poses a high risk to users who interact with it. PhishDestroy strongly advises blocking cabalcalvinmigrate.xyz at the network and DNS level. Users should avoid visiting this site and remove any saved connections to it. The lack of detections and recent creation date suggest this threat is in its early propagation phase. Remaining risk is elevated due to the absence of blacklisting and use of Cloudflare infrastructure. Immediate containment and proactive blocking are recommended to prevent wallet compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-15 19:52:24 - Registrar: OwnRegistrar, Inc. - IP: 172.67.210.77 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3c6c0956-010e-4251-ac8d-ae2134280d56 - PhishDestroy: https://phishdestroy.io/domain/cabalcalvinmigrate.xyz/ - LLM endpoint: https://phishdestroy.io/domain/cabalcalvinmigrate.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cabalcalvinmigrate.xyz/ Last updated: 2026-03-23