# hub-virtuals.xyz — SUSPICIOUS > hub-virtuals.xyz is a crypto drainer impersonating a virtual platform. Resolves to 104.21.1.18 with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies hub-virtuals.xyz as an active crypto drainer domain designed to mimic a virtual platform, posing a direct threat to cryptocurrency users. This domain was flagged with a risk level of under_investigation but exhibits clear indicators of malicious intent, including the absence of VirusTotal detections despite active hosting and infrastructure deployment. The observable threat type is generic phishing, specifically targeting users through fake login portals to siphon cryptocurrency assets. This domain resolves to IP address 104.21.1.18 and leverages a Let's Encrypt SSL certificate to appear legitimate, yet VirusTotal analysis shows 0/95 detections as of the latest scan, indicating evasion of current threat intelligence systems. The domain was registered on March 13, 2026, via NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar that has previously facilitated malicious domain registrations. Additionally, the domain's recent creation date, combined with its active status and lack of detection, suggests a newly deployed campaign with minimal exposure to blocklists or trust score evaluations. Mitigation for this threat requires immediate user caution: avoid interacting with hub-virtuals.xyz or any associated links, particularly those claiming to offer virtual platform services or cryptocurrency-related functionalities. Verify the legitimacy of the domain by cross-referencing with PhishDestroy’s threat intelligence database before providing any credentials or cryptocurrency wallet connections. Users who have already engaged with this domain are advised to revoke any connected wallet permissions, transfer assets to a secure wallet, and monitor for unauthorized transactions. Organizations should block this domain at the network level and update firewall rules to prevent internal access, as crypto drainers often target high-value accounts with multi-factor authentication bypass techniques. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-13 22:56:36 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.1.18 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fd6f776e-d5d0-4424-9f89-24f5b4fbacd0 - PhishDestroy: https://phishdestroy.io/domain/hub-virtuals.xyz/ - LLM endpoint: https://phishdestroy.io/domain/hub-virtuals.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hub-virtuals.xyz/ Last updated: 2026-03-23