# cdn2.028426.com — MALICIOUS

> cdn2.028426.com is a crypto drainer scam flagged by 15/95 VirusTotal engines and blocked by OpenPhish. Verify safety on PhishDestroy.

## Summary
PhishDestroy identifies cdn2.028426.com as an elevated risk domain engaged in a crypto drainer scam. This specific threat aims to trick users into revealing cryptocurrency wallet credentials or private keys, potentially resulting in irreversible financial losses.

This domain was first registered on January 12, 2017, and is registered through MarkMonitor, Inc., a well-known domain registrar. It resolves to the IP address 34.194.247.17 and uses an SSL certificate issued by Let's Encrypt. VirusTotal analysis flags it with 15 out of 95 security vendors categorizing it as malicious. Additionally, cdn2.028426.com appears on two security blocklists and is actively blocked by both OpenPhish and PhishingArmy, indicating strong consensus about its malicious intent.

To mitigate risks associated with this crypto drainer scam, users should never enter wallet credentials or private keys on this domain or any untrusted sites. Employing hardware wallets or multi-factor authentication for cryptocurrency accounts can provide additional security. Users are advised to verify suspicious domains on trusted platforms like PhishDestroy before interacting with them and to keep security software up to date. Avoid clicking on unsolicited links claiming to be related to cryptocurrency transactions or wallets that lead to cdn2.028426.com or similar flagged domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2017-01-12 18:03:41
- Registrar: MarkMonitor, Inc.
- IP: 34.194.247.17

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/09182d72-c955-42b8-8146-3bcbbb0cac79
- PhishDestroy: https://phishdestroy.io/domain/cdn2.028426.com/
- LLM endpoint: https://phishdestroy.io/domain/cdn2.028426.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cdn2.028426.com/
Last updated: 2026-03-29