# emperor-yeah-moves-comfort.trycloudflare.com — MALICIOUS > The domain emperor-yeah-moves-comfort.trycloudflare.com is a confirmed crypto drainer site with a 9/95 VirusTotal detection rate. ## Summary PhishDestroy identifies emperor-yeah-moves-comfort.trycloudflare.com as a live phishing domain operating under the generic_phishing threat classification. This site presents a fraudulent interface designed to mimic a legitimate cryptocurrency or token platform, leveraging social engineering tactics to trick users into connecting their digital wallets and authorizing fraudulent transactions. No specific branded impersonation (e.g., MetaMask, Uniswap, Ledger) is immediately apparent from the domain name, but the use of 'yeah moves comfort' suggests an attempt to invoke emotional triggers (e.g., financial comfort or success) commonly exploited in crypto drainer campaigns. The site is associated with a drainer kit, likely deployed via a cloud-based proxy to evade detection and takedown efforts. Exact technical indicators confirm elevated risk: VirusTotal flags the domain at 9/95 security vendors (10.5% detection), indicating significant but not universal consensus on its malicious nature. The domain resolves to IP 104.16.230.132 via Cloudflare, and its SSL certificate is issued by Google Trust Services under a Cloudflare origin. The domain was registered through Cloudflare Registrar and is hosted on the Cloudflare network. Google Safe Browsing has flagged it under the SOCIAL_ENGINEERING category, confirming the use of deceptive techniques. Creation date is not listed in available intelligence, but the active status and rapid deployment via Cloudflare Workers suggest recent origin (within weeks). As of current analysis, the domain remains active and poses an elevated threat to users who may encounter it through phishing emails, social media links, or malvertising. While multiple blocklists and security vendors have begun flagging the domain, the low but growing detection rate indicates persistence in evading automated detection. Users are strongly advised to avoid accessing the site entirely. If inadvertently accessed, users should immediately disconnect from the site, revoke any wallet connection permissions if made, and monitor for unauthorized transactions. Website administrators and security teams should block both the domain and associated IP at the network perimeter. The risk level remains elevated due to ongoing accessibility and the potential for rapid propagation through unsecured user traffic. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.16.230.132 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/emperor-yeah-moves-comfort.trycloudflare.com - PhishDestroy: https://phishdestroy.io/domain/emperor-yeah-moves-comfort.trycloudflare.com/ - LLM endpoint: https://phishdestroy.io/domain/emperor-yeah-moves-comfort.trycloudflare.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/emperor-yeah-moves-comfort.trycloudflare.com/ Last updated: 2026-04-07