# bull-run.fun — SUSPICIOUS > bull-run.fun is a verified crypto drainer impersonating crypto projects. Scan on PhishDestroy before interacting. Domain resolves to 188.114.96. ## Summary PhishDestroy identifies bull-run.fun as an active crypto drainer domain designed to siphon cryptocurrency from unsuspecting users. The site mimics legitimate crypto project pages, luring victims into connecting their wallets under the guise of fake giveaways or airdrops. While the exact drainer kit (e.g., WalletConnect exploit, clipboard hijacker) has not been fully reverse-engineered in public sandboxes, the domain’s behavioral patterns align with known cryptocurrency theft campaigns. The threat actor leverages urgency (e.g., limited-time offers) and social engineering to prompt wallet connections or private key submissions, which are then exploited to drain funds directly. This domain was flagged after analysis of its technical indicators revealed high-risk attributes. bull-run.fun shows 0/95 detections on VirusTotal, indicating it evades most signature-based antivirus tools. It was registered on March 10, 2026, via PDR Ltd. d/b/a PublicDomainRegistry.com, and resolves to the IP address 188.114.96.3. The domain is already blocked by Maltrail and was listed on one security blocklist. Although it uses a valid Let’s Encrypt SSL certificate, this does not guarantee legitimacy, as threat actors frequently exploit free certificates to lend false credibility. Google Safe Browsing (GSB) has not yet flagged this domain, highlighting a potential delay in blacklist propagation. Currently, bull-run.fun remains active with no observed takedown actions from hosting providers or registrars. PhishDestroy continues to monitor the domain for shifts in behavior or infrastructure changes. Users are strongly advised to avoid visiting or interacting with this site, especially if it appears in search results or social media promotions linked to crypto projects. To verify the safety of any crypto-related domain, use PhishDestroy’s real-time scanning tool. Remaining risk is assessed as active but contained due to early detection; however, the lack of detections on VirusTotal or GSB suggests this threat could escalate if unchecked. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-10 03:34:41 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["Maltrail"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/bull-run.fun - PhishDestroy: https://phishdestroy.io/domain/bull-run.fun/ - LLM endpoint: https://phishdestroy.io/domain/bull-run.fun/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bull-run.fun/ Last updated: 2026-04-04