# join.airfluxa.com — SUSPICIOUS

> PhishDestroy identifies join.airfluxa.com as a crypto drainer posing as a fraudulent Airfluxa service. Created April 1, 2026, this domain resolves to 104.21.73.

## Summary
join.airfluxa.com is a recently registered domain flagged for hosting a crypto drainer kit, mimicking legitimate services to steal cryptocurrency. The domain was registered through NAMECHEAP INC on April 1, 2026, and resolves to IP 104.21.73.25. While the SSL certificate is issued by Google Trust Services, this does not validate the domain's legitimacy. The absence of detections (0/95 on VirusTotal) suggests it remains under the radar, but its high-risk nature warrants immediate scrutiny.  The technical indicators for this domain are concerning: a 0/95 threat detection score on VirusTotal, registration via NAMECHEAP INC, and a creation date of April 1, 2026. The domain resolves to IP 104.21.73.25, which hosts the drainer kit. Google Safe Browsing (GSB) has not yet flagged it, and no blocklist entries were found at the time of analysis. These factors indicate a newly deployed threat that has not yet been widely recognized or mitigated by security vendors.  PhishDestroy currently classifies this domain as active and under investigation, with a status of 'generic_phishing.' Immediate actions include blocking the domain and IP at the network level, avoiding any interaction with the site, and reporting it to threat intelligence platforms. The remaining risk is high due to the drainer's crypto-targeting nature and low detection rate. Users are strongly advised to verify any Airfluxa-related links or communications independently.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-01 21:24:21
- Registrar: NAMECHEAP INC
- IP: 104.21.73.25

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/join.airfluxa.com
- PhishDestroy: https://phishdestroy.io/domain/join.airfluxa.com/
- LLM endpoint: https://phishdestroy.io/domain/join.airfluxa.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/join.airfluxa.com/
Last updated: 2026-04-05