# xn--dexscreenr-76a.com — SUSPICIOUS

> xn--dexscreenr-76a.com is linked to generic phishing activities and appears on multiple blocklists. Stay cautious and avoid interaction.

## Summary
PhishDestroy identifies xn--dexscreenr-76a.com as a medium-risk phishing domain impersonating the legitimate DEX Screener platform. The phishing attempt aims to deceive users into divulging sensitive information or credentials through a visually similar interface. Although this domain hosts generic phishing content without sophisticated targeting, its use of a punycode representation and suspicious registration details raise notable concerns regarding malicious intent, consistent with common phishing tactics.

The domain was registered on March 11, 2026, via Hosting Concepts B.V. d/b/a Registrar.eu, and resolves to the IPv6 address 2a06:98c1:3103::6812:268f. It is currently listed on three security blocklists, reflecting community recognition of its malicious activity. While only three security vendors on VirusTotal flagged this domain, this limited detection does not diminish the threat, as phishing infrastructure often evades some automated scanners. The domain’s registration and hosting infrastructure align with frequently abused services for fraudulent schemes.

Currently, xn--dexscreenr-76a.com is offline, mitigating immediate risks to end users. However, PhishDestroy recommends continued monitoring for potential reactivation or related phishing campaigns. Organizations should update their blocklists accordingly and educate users on identifying punycode domains and phishing indicators. Immediate removal from email allowlists and network access controls is advised to prevent accidental user interaction with this deceptive domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 200)
- Page title: DEX Screener

## Domain Intelligence
- Registered: 2026-03-11 15:07:01
- Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
- Country: CZ
- IP: 2a06:98c1:3103::6812:268f
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["amber.ns.cloudflare.com", "gabe.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Gridinsoft", "Mimecast", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce64a-1dee-748a-b0bd-c1aca5ccd204.png
- PhishDestroy: https://phishdestroy.io/domain/xn--dexscreenr-76a.com/
- LLM endpoint: https://phishdestroy.io/domain/xn--dexscreenr-76a.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xn--dexscreenr-76a.com/
Last updated: 2026-03-19