# ex.asrobot.cn — SUSPICIOUS > ex.asrobot.cn is a credential theft phishing domain with 0/95 VirusTotal detections. Registered through Alibaba Cloud in 2018, this domain poses active risk. ## Summary PhishDestroy identifies ex.asrobot.cn as an active credential theft domain designed to harvest user login credentials under the guise of a legitimate service. This domain has been operational since June 07, 2018, and is currently resolving to IP 47.104.180.25. Registered through Alibaba Cloud (万网), the domain utilizes a Let’s Encrypt SSL certificate to appear trustworthy, a common tactic among threat actors to reduce user suspicion. Security researchers and users should treat this domain as high-risk due to its prolonged activity and lack of detection on VirusTotal, where it currently holds 0/95 detections despite its malicious nature. The extended operational period suggests this domain may have evaded detection through subtle obfuscation or delayed reporting cycles, making it a persistent threat in the threat landscape. This domain exhibits multiple indicators of compromise (IOCs) that align with credential theft campaigns. The VirusTotal score of 0/95 indicates that despite its active status, it has not yet been widely flagged by security vendors, which could be attributed to its relatively low-traffic targeting or the use of recently registered infrastructure. The domain’s creation date of June 07, 2018, further highlights its longevity, providing threat actors ample time to refine their tactics and avoid detection mechanisms such as blocklists or reputation-based filters. Security teams should correlate this domain with historical phishing datasets, as its age suggests it may have been repurposed or rebranded to evade past takedowns. Users who have visited ex.asrobot.cn or entered credentials on the site should immediately reset passwords for all associated accounts, particularly if the same credentials were reused across multiple platforms. Enable multi-factor authentication (MFA) wherever possible to mitigate the risk of unauthorized access. Additionally, users should scan their devices for malware, as credential theft domains often deploy keyloggers or browser hijackers to capture additional sensitive data. Security researchers are advised to monitor this domain for changes in infrastructure, such as IP shifts or new SSL certificates, and report any newly identified IOCs to threat intelligence platforms. Prompt action is critical to prevent further exploitation of user credentials and mitigate potential downstream attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2018-06-07 14:24:20 - Registrar: 阿里云计算有限公司(万网) - IP: 47.104.180.25 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1ace8198-6a17-4c79-90b2-2745206fc8be - PhishDestroy: https://phishdestroy.io/domain/ex.asrobot.cn/ - LLM endpoint: https://phishdestroy.io/domain/ex.asrobot.cn/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ex.asrobot.cn/ Last updated: 2026-03-23