# send.hub-airdropalert.click — SUSPICIOUS

> send.hub-airdropalert.click was a low-risk crypto drainer domain now offline. Stay vigilant and avoid suspicious crypto sites to protect your assets.

## Summary
PhishDestroy identifies send.hub-airdropalert.click as a low-risk crypto drainer domain. Although the overall threat level is considered low due to its limited activity and current offline status, users should remain cautious. The domain was primarily linked to phishing schemes targeting cryptocurrency users.

The domain resolved to IP 142.250.185.164 and was registered through Dynadot, LLC on November 9, 2025, but has since been taken offline. It appeared on two separate security blocklists, and VirusTotal reports flagged it by 2 out of 95 security vendors. The page title spoofed 'Google,' likely attempting to lure victims into trusting the site. These indicators highlight its malicious intent despite limited reach.

To mitigate risks associated with domains like send.hub-airdropalert.click, users should avoid clicking unsolicited links, especially those promising crypto airdrops or rewards. Employing updated security software and verifying domain legitimacy before entering credentials can prevent exposure to crypto drainers. PhishDestroy recommends maintaining vigilance as this category of threat persists in evolving.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Google

## Domain Intelligence
- Registered: 2025-11-09 09:37:08
- Expires: 2026-11-09 09:37:08
- Registrar: Dynadot LLC
- Country: US
- IP: 142.250.185.164
- IP Org: Cloudflare CDN
- Nameservers: brenna.ns.cloudflare.com hassan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7924-6495-7519-8416-10b93eefd818.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/166a09a1-15b2-4121-9571-3713e76dc34d
- PhishDestroy: https://phishdestroy.io/domain/send.hub-airdropalert.click/
- LLM endpoint: https://phishdestroy.io/domain/send.hub-airdropalert.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/send.hub-airdropalert.click/
Last updated: 2026-03-19